Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Citrix and Google partner to bring native enterprise features to Chromebooks

Chromebooks are making inroads into the education sector, and a push is coming for the enterprise with new native Chrome capabilities from Citrix. Google and Citrix have announced Citrix Receiver for Chrome, a native app for the Chromebook which has direct access to the system resources, including printing, audio, and video. To provide the security needed for the enterprise, the new Citrix app assigns a unique Receiver ID to each device for monitoring, seamless Clipboard integration across remote and local applications, end user experience monitoring with HDX Insight, and direct SSL connections. Read more

Is Open Source an Open Invitation to Hack Webmail Encryption?

While the open source approach to software development has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles. Such worries are ill-founded, though. One concern about opening up security code to anyone is that anyone will include the NSA, which has a habit of discovering vulnerabilities and sitting on them so it can exploit them at a later time. Such discoveries shouldn't be a cause of concern, argued Phil Zimmermann, creator of PGP, the encryption scheme Yahoo and Google will be using for their webmail. Read more

Changing times, busy times and why Google will save Usenet.

Linux however has succeeded by way of form factors diversifying. Be it Android phones or tablets there is a big shift with the mainstream consumer in terms of what devices they want and here Linux has excelled. In 2008 my decision remove my Microsoft dependency was for reasons of the control they had on the desktop, the practices alleged against them and the dubious tactics some of their advocates used to promote the products. I also wholeheartedly agree with the ethos of FOSS which was another contributory factor. Today, my feelings about FOSS have not changed, there are caveats to my opinions of FOSS (especially in gaming) but I’ve covered that before in other articles. Today I avoid Microsoft not because I feel the need to make a stand against its behaviour, its because I don’t need them. I support Microsoft being a “choice” in the market as I support user freedom, but as for what Microsoft can offer me (regardless of its past) there is nothing. Read more

Eltechs Debuts x86 Crossover Platform for ARM Tablets, Mini-PCs

The product, called ExaGear Desktop, runs x86 operating systems on top of hardware devices using ARMv7 CPUs. That's significant because x86 software, which is the kind that runs natively on most computing platforms today, does not generally work on ARM hardware unless software developers undertake the considerable effort of porting it. Since few are likely to do that, having a way to run x86 applications on ARM devices is likely to become increasingly important as more ARM-based tablets and portable computers come to market. That said, the ExaGear Desktop, which Eltechs plans to make available next month, currently has some steep limitations. First, it only supports Ubuntu Linux. And while Eltechs said support for additional Linux distributions is forthcoming, there's no indication the product will be able to run x86 builds of Windows on ARM hardware, a feat that is likely to be in much greater demand than Linux compatibility. Read more