LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

still a few glitches in the system...

still a few glitches in the system...

Posted Nov 20, 2012 16:11 UTC (Tue) by cesarb (subscriber, #6266)
In reply to: still a few glitches in the system... by davidescott
Parent article: Bottomley: Adventures in Microsoft UEFI Signing

> The bigger issue in my mind is: YTF is this process automated?

Probably because they do not want anyone to have direct access to the machine with the private signing key. With an automated process, they can enforce that all signatures pass through a well-defined process, with built-in audit trails in case anything goes wrong, and that nothing is signed with that key outside of that process.

Of course, that is the theory. As shown by the number of glitches this time, it seems that the process is not that well-defined in practice.

(Log in to post comments)

still a few glitches in the system...

Posted Nov 20, 2012 16:26 UTC (Tue) by davidescott (guest, #58580) [Link]

Matt Garrett already gave the answer. But I wasn't suggesting that the process not be automated internally, but rather that the automation shouldn't be connected to an outward facing website.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds