User: Password:
|
|
Subscribe / Log in / New account

Details on Ubuntu's UEFI secure boot plan

Details on Ubuntu's UEFI secure boot plan

Posted Jun 23, 2012 0:43 UTC (Sat) by jspaleta (subscriber, #50639)
In reply to: Details on Ubuntu's UEFI secure boot plan by dlang
Parent article: Details on Ubuntu's UEFI secure boot plan

I do not thing you can lump all distros and distro vendors together as to whether or not they see value in secureboot as a feature. There are recognized limitations of the specification that make it more painful than it should be, but some do see value in the secureboot goal. And I bet vendors who understand how to run a profitable software business will find customers who understand the security value and will produce a solution that exposes the value. Other vendors, who continue to do the least amount of effort possible, will continue to fail to attract paying customers and will continue to bleed money. To those vendors, this is just an engineer resources drain.. not an opportunity to upsell a security feature.

But more specifically....If Canonical is going to be using a MS signed bootloader... it seems to me what MS considers what secureboot enabled implies is going to matter a lot. So Canonical does this... MS revokes their key...and we are back to square one with Ubuntu users having to disable secureboot to work with Ubuntu. Except now its users with already installed dual-boot Ubuntu/Windows who find they can't load their Ubuntu bootloader because of a key revocation from MS.

Here's to hoping MS doesn't see Canonical cavalier attitude towards signed kernels as a security threat to windows installs. I really really hope that MS considers any dual boot situation as a non-starter for enforcement and ignores anything involving an alternative bootloader unless a request comes in from the entity who controls the bootloader's signature to revoke a key. Hope for the best... plan for the worst.

-jef


(Log in to post comments)

Details on Ubuntu's UEFI secure boot plan

Posted Jun 23, 2012 0:54 UTC (Sat) by dlang (subscriber, #313) [Link]

the two vendors who have spoken up so far (canonical and Fedora) both seem primarily worried about the difficulty in installing the distro on new hardware.

so I think it's fair to use those statements to say what the main concern seems to be.

There may be other distros in the future that try to use this for security, but that's not the situation right now.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 23, 2012 4:39 UTC (Sat) by bgilbert (✭ supporter ✭, #4738) [Link]

Dual-boot systems are not the problem. A worm targeting Windows-only systems could install the Ubuntu bootloader and use that to chainload itself at boot.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 23, 2012 4:47 UTC (Sat) by mjg59 (subscriber, #23239) [Link]

Or use the Ubuntu bootloader to target non-Ubuntu Linuxes.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds