Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Enlightenment Foundation Libraries 1.15 and Friends are Out

After three months of development work we are proud to announce the release of version 1.15 of the EFL, Elementary, Evas Generic Loaders and Emotion Generic Players. In these 12 weeks we got over 1000 commits from 64 authors in EFL alone. We slowed down a bit from last release (by around 200 commits). Elementary has another 472 commits by 56 authors. Great job everyone! Some highlights are listed below. Read more

Debian Finally Moves to GCC 5

Ubuntu and Debian developers have been working for some time to make GCC 5.x the default compiler for the project, and they have finally made it. Ubuntu was the first one to achieve this, and now it looks like Debian has joined the party as well. Read more

Open source Chromecast competitor, Matchstick, is dead

Nearly a year ago, Matchstick hit Kickstarter with the goal of bringing a more open HDMI dongle to challenge the likes of the Chromecast and Fire TV Stick. Today, however, its creators made a painful revelation. They’re not going to be able to deliver a satisfactory product, and that means around 17,000 backers won’t be getting their hands on the Firefox OS-based Matchsticks they were hoping for when they pledged their support to the project last fall. Read more

Lockheed Open Sources Its Secret Weapon In Cyber Threat Detection

The cybersecurity team at Lockheed Martin will share some defensive firepower with the security community at Black Hat this week with the open source release of an internal advance threat tool it has been using in house for three years now. Dubbed Laika BOSS, this malware detection platform is meant to help security analysts better hunt down malicious files and activity in an enterprise environment. Read more