LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

How to make a sane BIOS

How to make a sane BIOS

Posted Sep 22, 2011 16:30 UTC (Thu) by jmorris42 (subscriber, #2203)
In reply to: Garrett: UEFI secure booting by jhhaller
Parent article: Garrett: UEFI secure booting

Nope, I'd skip all that foolishness if I were designing a Free Software friendly firmware. It is this this simple:

Boot into the firmware with the install media inserted in the optical drive or USB port. Pick an option that says "I want to install from this media." It gives a warning asking if you trust this media abd then it looks on the media for a well publicised filename containing a public key and imports that to it's trusted key store and then proceeds to boot the signed installer.

That is simple, safe and allows any Linux distro to enjoy the benefits of secure booting without any centralized key authority beyond the distro's key management to add remove keys post install. So you would still need a method to add/revoke keys from within a secure OS.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds