LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Implementing UEFI Secure Boot in Fedora

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 17:30 UTC (Thu) by mjg59 (subscriber, #23239)
In reply to: Implementing UEFI Secure Boot in Fedora by raven667
Parent article: Implementing UEFI Secure Boot in Fedora

Binaries can only be signed with a single key. There's no way to produce install media that will work with two different signing keys.

(Log in to post comments)

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 21:20 UTC (Thu) by raven667 (subscriber, #5198) [Link]

I think I understand the issues around that and how it commits you to using the one key you can rely on, at least to install, but does that mean you shouldn't pursue getting your own key in there as well? Once a vendor does the work of pre-loading keys they will likely ship on all subsequent devices, that should lead to increasingly complete hardware coverage over the next 5 years or so. It might also eventually lead to the couple of best funded organizations who can get their keys pre-loaded becoming competitive peer authorities creating a marketplace that is not so critically dependent on the continued benevolence of one vendor.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds