What is not at all clear from this is what happens on a user-installed system post-install. There is AFAICT no Ubuntu key in the firmware at this point, so I'm not sure how the system can boot unless they use a key that is chained off the MS master key.
There is also some mention of the user having to add the Ubuntu key manually in order to perform updates, though it's not clear if this is required for all updates or just for updates to the bootloader.
Their solution WRT key management is substantially similar to Fedoras for user-installed systems (the vast majority).
All UEFI systems are stuck with a less capable bootloader.
UEFI systems gain little to no benefit from supporting UEFI since the main attack surface (the kernel) is still exposed.
Seems to be a worst-of-both-worlds approach.
*AFAICT it's an uber-permissive custom license unique to efilinux.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds