LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LSS: Secure Boot

LSS: Secure Boot

Posted Sep 22, 2012 22:14 UTC (Sat) by raven667 (subscriber, #5198)
In reply to: LSS: Secure Boot by nix
Parent article: LSS: Secure Boot

Personally I think that this risk is a reason that the major Linux vendors such as RedHat, Ubuntu, Debian and SuSE should work together and with OEMs to make sure they have their own keys in the root of the firmware. This will cost millions of dollars and be an ongoing cost to keep the secure signing infrastructure but it provides a measure of independence. A related solution is to work with Linux-friendly VARs to make branded devices and try to get similar market share and margins as Apple does with their Mac hardware. This might be harder than Apple though because Linux will never be restricted to run on only branded boutique hardware so its revenue stream is not protected.

(Log in to post comments)

LSS: Secure Boot

Posted Sep 23, 2012 14:22 UTC (Sun) by mjg59 (subscriber, #23239) [Link]

That doesn't help a great deal - if Microsoft have an entry in KEK then they're in a position to blacklist Linux binaries even if there's a more generic Linux key present as well.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds