LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LSS: Secure Boot

LSS: Secure Boot

Posted Sep 13, 2012 21:00 UTC (Thu) by iabervon (subscriber, #722)
In reply to: LSS: Secure Boot by mjg59
Parent article: LSS: Secure Boot

You wouldn't accidentally enroll a key, but Microsoft might not like what you signed and were able to boot using a key you'd enrolled. The existence of a shim like this means that it will be possible to use Windows versions on Secure Boot hardware after Microsoft wants to EOL them. From the point of view of the CA evaluating the trustworthiness of the shim, there's not really any difference between a user signing a kexec-enabled kernel and using it to run Windows XP and a user signing Windows XP and booting it from the shim.

(Log in to post comments)

LSS: Secure Boot

Posted Sep 13, 2012 21:06 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

It's a Microsoft requirement that a physically present end-user be able to enrol arbitrary keys, so they're not going to object.

LSS: Secure Boot

Posted Sep 16, 2012 15:45 UTC (Sun) by mathstuf (subscriber, #69389) [Link]

> …so they're not going to object.

<pedantic>…via that argument.</pedantic> ;)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds