Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Entroware Launches Two New Ubuntu Laptops, for Linux Gaming and Office Use

Entroware, the UK-based hardware manufacturer, known for delivering high-quality, Linux-based desktops, laptops, and servers solutions powered by the popular Ubuntu operating system, today announced two new products. Read more

Why The Ubuntu Phone Failed

In April 2017, Canonical's Mark Shuttleworth announced that their support of the Ubuntu phone convergence was no longer something they were going to invest in. Looking back on this decision, I can understand where they were coming from. Let's face it, we live in an Android/iOS landscape and all other entries into this space are just spinning their wheels. Considering other projects that failed to garner needed traction such as WebOS, Firefox OS, among others, it's understandable why Canonical decided to refocus their efforts into other areas. Well, at least with cloud services. I differ with them on IoT and believe they're destined to repeat mistakes found with convergence. Read more

Intel Core i9 7900X Linux Benchmarks

Since the Intel Core-X Series were announced last month at Computex, I've been excited to see how well this high-end processor will perform under Linux... Linux enthusiasts have plenty of highly-threaded workloads such as compiling the Linux kernel, among other packages, and thus have been very excited by the potential of the Core i9 7900X with its ten cores plus Hyper Threading and sporting a 13.75MB cache. With finally having an X299 motherboard ready, here are my initial Ubuntu Linux benchmarks for the i9-7900X. Read more

KDE Plasma 5.10.3 Desktop Environment Improves Plasma Discover's Flatpak Backend

Today the KDE Project announced the release and general availability of the third stable update to the KDE Plasma 5.10 desktop environment, which was unveiled at the end of May 2017. Read more