LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Details on Ubuntu's UEFI secure boot plan

Details on Ubuntu's UEFI secure boot plan

Posted Jun 28, 2012 14:50 UTC (Thu) by gerv (subscriber, #3376)
In reply to: Details on Ubuntu's UEFI secure boot plan by mjg59
Parent article: Details on Ubuntu's UEFI secure boot plan

Surely the semantics of multiple signatures is "attempt to validate them all, in order, and proceed if any of them validate"? What are the other options? "Proceed if all of them validate"?

Can we fix the existing implementation? (Who wrote it?) And encourage BIOS authors (is that right? I'm sure there's more than one of them) who are still implementing to get this right?

Gerv

(Log in to post comments)

Details on Ubuntu's UEFI secure boot plan

Posted Jun 28, 2012 14:56 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

And blacklisting? There are Obviously Correct interpretations, but since they're not written down it's well within the realms of possibility that people would screw this up. There's ongoing work to rectify this, but it's not going to happen in time for the first wave of machines.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 28, 2012 15:11 UTC (Thu) by gerv (subscriber, #3376) [Link]

Good point about blacklisting. I'm really glad to hear there's ongoing work to fix this; it gives me hope that in 5 years time, the situation may not be as bad as it looks now.

Gerv

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds