LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

UEFI and "secure boot"

UEFI and "secure boot"

Posted Jun 16, 2011 5:48 UTC (Thu) by ras (subscriber, #33059)
Parent article: UEFI and "secure boot"

Yeah, well as the article says, the only real problem with the proposal is the one it raises at the start:

> It all depends on who holds the signing keys.

Given the key is programmable this doesn't seem to be an issue. If I am an organisation that cares, I can just program it. If I like to run tweaked versions of Grub I can ignore it.

But then we have this:

> Platform vendors are likely to use a key from UEFI as the PK, and distribute updated signature databases from the organization signed by that key.

This is the nub of the issue. Is it a published policy, or just a guess?

It could lead to a world of pain for platform vendors. It in all probability would end up meaning only the version of Windows shipped by the vendor would boot.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds