LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

An update on UEFI secure boot

An update on UEFI secure boot

Posted Oct 27, 2011 23:50 UTC (Thu) by giraffedata (subscriber, #1954)
In reply to: An update on UEFI secure boot by simlo
Parent article: An update on UEFI secure boot

The bootloader can tell the OS [that it was correctly signed] etc. But the bootloader can lie to you in "secure boot":

Not quite. The bootloader can't tell the OS that it was correctly signed and the OS can't ask. Implementing that function would be ridiculous, since the bootloader could lie. It would be like a prostitute asking a potential client if he is a cop.

That's the difference between secure boot and trusted computing. With trusted computing, the program can determine it is running on a platform the program trusts; with secure boot, the user can ensure everything running on his computer is something he trusts.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds