LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

'You have to divulge your private key' meme

'You have to divulge your private key' meme

Posted Jul 4, 2012 0:59 UTC (Wed) by mjg59 (subscriber, #23239)
In reply to: 'You have to divulge your private key' meme by Richard_J_Neill
Parent article: The FSF's advice to distributors on UEFI secure boot

Keys can be revoked by OS updates at runtime. You can obviously prevent those from taking place on your own machine, but presumably you still want to remain installable elsewhere.

What makes you think the planned Fedora approach compromises the designed security?

(Log in to post comments)

'You have to divulge your private key' meme

Posted Jul 4, 2012 2:21 UTC (Wed) by Richard_J_Neill (subscriber, #23093) [Link]

> Keys can be revoked by OS updates at runtime.

Who gets to decide? I.e. if I were to "accidentally" leak my own private key, which authority has the right to revoke my signed binaries across other computers?

Key revocation normally works because the key owner decides to revoke it.
Otherwise, all sorts of problems could arise (for example, some nasty malware could try to revoke the MS key).

> What makes you think the planned Fedora approach compromises the designed
> security?

Well, I see how Fedora can try to make use of signed boot as a rather trivial featurelet - but I thought that in most cases, the Linux community would like secure boot to just go away, and therefore most of the effort is going into following the letter but not the spirit of the process.

'You have to divulge your private key' meme

Posted Jul 4, 2012 3:34 UTC (Wed) by mjg59 (subscriber, #23239) [Link]

> Who gets to decide?

Anyone with a key in KEK, so typically Microsoft and the system vendor.

> most of the effort is going into following the letter but not the spirit of the process.

That's not what we're doing in Fedora. If we're going to implement this then we might as well make it useful.

'You have to divulge your private key' meme

Posted Jul 4, 2012 17:05 UTC (Wed) by Richard_J_Neill (subscriber, #23093) [Link]

>> Who gets to decide?

> Anyone with a key in KEK, so typically Microsoft and the system vendor.

Wouldn't that be monumentally anticompetitive? If (say) Ubuntu were to get a large installed base, and then somehow their private key became compromised, then for MS to revoke the key would prevent the existing (non-updated) Ubuntu installations from booting. If Ubuntu made it clear that they didn't want the revocation to occur (i.e. that they would prefer 10 million systems to keep booting, even without the negligible protection conferred by the key), isn't that grounds for a monumental lawsuit?

'You have to divulge your private key' meme

Posted Jul 4, 2012 17:43 UTC (Wed) by mjg59 (subscriber, #23239) [Link]

If one OS signed with the Microsoft key is compromised then they're all compromised - you'd just use the compromised OS to attack any of the others. So if Ubuntu ship a bootloader that allows arbitrary code to be executed, it's not just 10 million Ubuntu machines that are affected. You'd have to ask a lawyer to get a good idea about whether it's anticompetitive, though.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds