Page 1 of 10 123 ... LastLast
Results 1 to 10 of 94

Thread: The State Of Linux Distributions Handling SecureBoot

  1. #1
    Join Date
    Jan 2007
    Posts
    14,335

    Default The State Of Linux Distributions Handling SecureBoot

    Phoronix: The State Of Linux Distributions Handling SecureBoot

    For those of you curious about the state of available Linux distributions that can handle UEFI SecureBoot on modern PCs certified for Microsoft Windows 8, here's a run-down of the most common Linux environments and their SecureBoot friendliness...

    http://www.phoronix.com/vr.php?view=MTI2MzI

  2. #2
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    So if I read that correctly it more or less states that MS gets to decide which linux distros can boot on your shiny new computer..... can I say thats fucked up?

  3. #3
    Join Date
    Dec 2012
    Posts
    457

    Default

    Isn't the signing only about the bootloader? I mean, do the bootloaders require the kernel to be signed as well? Maybe that can be turned off or something. I read some stuff about this, but it's unclear from there to me...

    If the answer is yes, then I foresee no more problems.

    If the answer is no, I hope the EU will file lawsuits against whoever is forcing this insanity upon us. Free market? Yeah whatever...

    'Some are more equal than others' (George Orwell, Animal Farm) springs to mind...

    Ow and umm, did anyone ever encounter a virus that works it's way in through the bootloader/kernel? Most stuff I encounter is because of a leak in a browser plugin :/ . Or is SecureBoot just the beginning? Eventually everything has to be signed and verified?

  4. #4
    Join Date
    Apr 2011
    Posts
    114

    Default

    Quote Originally Posted by Rexilion View Post
    Isn't the signing only about the bootloader? I mean, do the bootloaders require the kernel to be signed as well? Maybe that can be turned off or something. I read some stuff about this, but it's unclear from there to me...
    Define "require". There's no additional security if you permit unsigned kernels, and if your bootloader is signed by Microsoft then it may be considered a violation of the agreement that you signed with them. You're certainly at risk of having your signature blacklisted. If you require explicit user intervention before booting unsigned kernels, then that's fine.

    Ow and umm, did anyone ever encounter a virus that works it's way in through the bootloader/kernel? Most stuff I encounter is because of a leak in a browser plugin :/ . Or is SecureBoot just the beginning? Eventually everything has to be signed and verified?
    The bootloader's not an avenue of initial compromise, but it makes it possible to make the compromise persistent and almost impossible to remove.

  5. #5
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    MS needs to worry about IE's vulnerabilities before they need to worry about the linux kernels vulnerabilities. This secureboot shit is assinine. I'll never use win8 just because of this crap.

  6. #6
    Join Date
    Apr 2011
    Posts
    114

    Default

    Quote Originally Posted by duby229 View Post
    MS needs to worry about IE's vulnerabilities before they need to worry about the linux kernels vulnerabilities. This secureboot shit is assinine. I'll never use win8 just because of this crap.
    They're not worried about the Linux kernel's vulnerabilities.

  7. #7
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    So then stop fuckin with our shit then.

  8. #8
    Join Date
    Apr 2011
    Posts
    114

    Default

    Quote Originally Posted by duby229 View Post
    So then stop fuckin with our shit then.
    What's the difference between an unsigned Linux kernel and an unsigned trojaned Windows bootloader?

  9. #9
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    MS's problem not ours.

  10. #10
    Join Date
    Apr 2011
    Posts
    114

    Default

    Quote Originally Posted by duby229 View Post
    MS's problem not ours.
    And a problem they've solved in the only way that it's possible to solve it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •