Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Ubuntu Dock Now Shows Badges and Progress Bars for Pinned Apps on Ubuntu 17.10

With only two days left until the upcoming Ubuntu 17.10 (Artful Aardvark) operating system hits the Final Beta milestone, developers are still working on adding finishing touches to this release, and they've again improved the Ubuntu Dock. Read more

NethServer 7.4 Linux Server OS Enters Beta Hot on the Heels of CentOS 7.4

NethServer's Alessio Fattorini just informed us today about the availability of the first Beta release of the upcoming NethServer 7.4 Linux server-oriented operating system, which is based on CentOS 7.4 and comes with various improvements. Read more

Firefox takes a Quantum leap forward with new developer edition

Earlier this year we wrote about Project Quantum, Mozilla's work to modernize Firefox and rebuild it to handle the needs of the modern Web. Today, that work takes a big step toward the mainstream with the release of the new Firefox 57 developer edition. The old Firefox developer edition was based on the alpha-quality Aurora channel, which was two versions ahead of the stable version. In April, Mozilla scrapped the Aurora channel, and the developer edition moved to being based on the beta channel. The developer edition is used by a few hundred thousand users each month and is for the most part identical to the beta, except it has a different theme by default—a dark theme instead of the normal light one—and changes a few default settings in ways that developers tend to prefer. Read more

Today in Techrights