Linked by Thom Holwerda on Fri 22nd Jun 2012 23:17 UTC
Ubuntu, Kubuntu, Xubuntu After Fedora, Ubuntu has now also announced how it's going to handle the nonsense called "Secure" Boot. The gist: they'll use the same key as Fedora, but they claim they can't use GRUB2. "In the event that a manufacturer makes a mistake and delivers a locked-down system with a GRUB 2 image signed by the Ubuntu key, we have not been able to find legal guidance that we wouldn't then be required by the terms of the GPLv3 to disclose our private key in order that users can install a modified boot loader. At that point our certificates would of course be revoked and everyone would end up worse off." So, they're going to use the more liberally licensed efilinux loader from Intel. Only the bootloader will be signed; the kernel will not.
Permalink for comment 523438
To read all comments associated with this story, please click here.
RE[2]: Comment by NuxRo
by Alfman on Sat 23rd Jun 2012 05:55 UTC in reply to "RE: Comment by NuxRo"
Alfman
Member since:
2011-01-28

Doc Pain,

"But even with SecureBoot seen in all its glory and wonderfulness, there are many other attack vectors remaining. Security theatre as usual."

Well, the trouble is, even when secure boot is functioning properly, boot malware will slip right by unnoticed if it's signed by someone who's purchased a microsoft code signing cert. That's not going to stop a determined attacker. In my opinion secure boot ought to have been designed to alert the owner to system alterations such that even signed malware would raise flags if the user didn't make those changes.

Reply Parent Score: 4