LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

How does blacklist get updated?

How does blacklist get updated?

Posted Oct 18, 2012 15:58 UTC (Thu) by paulj (subscriber, #341)
Parent article: Another approach to UEFI secure boot

Presumably that needn't affect existing machines running Linux? It'd be new machines, shipped with updated blacklists?

(Log in to post comments)

How does blacklist get updated?

Posted Oct 18, 2012 16:48 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

Blacklists can be updated at runtime, but if you never install the blacklist package then your machine won't change.

How does blacklist get updated?

Posted Oct 19, 2012 16:22 UTC (Fri) by paulj (subscriber, #341) [Link]

The blacklist has to be signed by MS presumably before it can be installed? You can still just disable SecureBoot though, right? (Until the day MS specify "SecureBoot must be mandatory")

How does blacklist get updated?

Posted Oct 19, 2012 16:32 UTC (Fri) by mjg59 (subscriber, #23239) [Link]

Blacklist updates have to be signed by a key that's present in KEK - in the common case, that'll be Microsoft. And yes, disabling Secure Boot will mean that the blacklist is ignored.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds