| |||||||||||||
LSS: Secure BootLSS: Secure BootPosted Sep 21, 2012 23:12 UTC (Fri) by nix (subscriber, #2304)In reply to: LSS: Secure Boot by mjg59 Parent article: LSS: Secure Boot
Well, that's OK for Microsoft because it'll presumably push out an update to its bootloader to no longer be a blacklisted one at the same time.
Shame if it decides to blacklist the Fedora key. All of a sudden every single secure-booted instance of one of its competitors that is dual-booted with Windows has stopped working! And there is, as far as I can see, no easy way to recover. (Maybe Fedora could make a boot CD image available that would update the bootloader, splash it in big letters all over fedoraproject.org, and hope that everyone affected thinks to look there. *shiver*.)
(I have 'secure boot' on this new system of mine. I have, of course, turned it off. The last thing I need is a way of rendering my system magically unbootable. I have enough of those as it is!)
(Log in to post comments)
LSS: Secure Boot Posted Sep 22, 2012 22:14 UTC (Sat) by raven667 (subscriber, #5198) [Link]
Personally I think that this risk is a reason that the major Linux vendors such as RedHat, Ubuntu, Debian and SuSE should work together and with OEMs to make sure they have their own keys in the root of the firmware. This will cost millions of dollars and be an ongoing cost to keep the secure signing infrastructure but it provides a measure of independence. A related solution is to work with Linux-friendly VARs to make branded devices and try to get similar market share and margins as Apple does with their Mac hardware. This might be harder than Apple though because Linux will never be restricted to run on only branded boutique hardware so its revenue stream is not protected.
LSS: Secure Boot Posted Sep 23, 2012 14:22 UTC (Sun) by mjg59 (subscriber, #23239) [Link]
That doesn't help a great deal - if Microsoft have an entry in KEK then they're in a position to blacklist Linux binaries even if there's a more generic Linux key present as well.
|
|||||||||||||