Linked by Thom Holwerda on Fri 22nd Jun 2012 23:17 UTC
Ubuntu, Kubuntu, Xubuntu After Fedora, Ubuntu has now also announced how it's going to handle the nonsense called "Secure" Boot. The gist: they'll use the same key as Fedora, but they claim they can't use GRUB2. "In the event that a manufacturer makes a mistake and delivers a locked-down system with a GRUB 2 image signed by the Ubuntu key, we have not been able to find legal guidance that we wouldn't then be required by the terms of the GPLv3 to disclose our private key in order that users can install a modified boot loader. At that point our certificates would of course be revoked and everyone would end up worse off." So, they're going to use the more liberally licensed efilinux loader from Intel. Only the bootloader will be signed; the kernel will not.
Permalink for comment 523482
To read all comments associated with this story, please click here.
RE[2]: The solution[tm]...
by pepper on Sat 23rd Jun 2012 16:05 UTC in reply to "RE: The solution[tm]..."
pepper
Member since:
2007-09-18

Making a signed bootloader that chainloads into an unsigned bootloader would break Secure Boot completely


As you point out, this is equivalent to chainloading an unverified kernel. So its the same security level as the proposed Ubuntu solution, but you can easily implement it and don't have to drop the most mature and flexible bootloader out there.

Trusted Boot does not, as far as I can tell, load
sufficiently early, if a piece of malware manages to
write to the MBR


No, trusted boot is started by the initial BIOS and in fact also measures extended BIOS firmware. So its in fact "earlier" than Secure Boot. And it gives you actual evidence of what happened. And it gives you an option to do something about it, instead of just stop booting. And it does not need a revocation infrastructure in the BIOS/UEFI.

Trusted Boot was specifically invented because Secure Boot is unsuitable for general-purpose PCs, where there are multiple parties that can determine what is "legitimate" and what not (you, your company, your vendor, ...).

With a system like UEFI and/or SMM, you could even let the TPM chip be implement in software by the BIOS. Still same security level as UEFI/secure boot but much more flexible and also more powerful.

Reply Parent Score: 2