User: Password:
|
|
Subscribe / Log in / New account

SUSE and Secure Boot: The Details (SUSE Blog)

SUSE and Secure Boot: The Details (SUSE Blog)

Posted Aug 14, 2012 7:51 UTC (Tue) by marm (guest, #53705)
In reply to: SUSE and Secure Boot: The Details (SUSE Blog) by drag
Parent article: SUSE and Secure Boot: The Details (SUSE Blog)

I think that it is a mistake to assume that UEFI secure boot will solve the problem.

Systems based on certification authorities are seldom secure. Especially when the authority has little motivation to check things carefully. SSL/TLS is a prominent example of that and there is no reason to believe that secure boot will be better.

I agree that having signed bootloaders and kernels is nice, but the control of what is trusted and what not should be solely in the hands of the owner of the machine, not in hands of a third party (and certainly not of a company which is well known for poor security).


(Log in to post comments)

SUSE and Secure Boot: The Details (SUSE Blog)

Posted Aug 14, 2012 10:09 UTC (Tue) by anselm (subscriber, #2796) [Link]

The nice thing about SSL/TLS is that many applications do not actually require the use of an external signing authority. You have everything you need to be your own CA, and that can in many cases be quite helpful.

In the same vein, if I was in charge of IT for a big(gish) organisation I would certainly take a look at UEFI Secure Boot with a view to using my own keys to sign stuff I want to run on my machines. The SUSE approach doesn't look too bad at first glance.

SUSE and Secure Boot: The Details (SUSE Blog)

Posted Aug 14, 2012 22:19 UTC (Tue) by marm (guest, #53705) [Link]

Yes, but you need to remove the Microsoft's key first.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds