Linked by Thom Holwerda on Thu 31st May 2012 11:11 UTC
Fedora Core "Fedora 18 will be released at around the same time as Windows 8, and as previously discussed all Windows 8 hardware will be shipping with secure boot enabled by default. [...] We've been working on a plan for dealing with this. It's not ideal, but of all the approaches we've examined we feel that this one offers the best balance between letting users install Fedora while still permitting user freedom." Wait for it... "Our first stage bootloader will be signed with a Microsoft key."
Thread beginning with comment 520517
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Comment by Radio
by Alfman on Sun 3rd Jun 2012 03:30 UTC in reply to "RE[3]: Comment by Radio"
Member since:

Thanks for answering my questions, but with regards to those, what is your source for the information? I'm not willing to assume this works like microsoft's normal code signing process without something authoritative that specifically says so. I couldn't find any of the information specific to alternate bootloader signing on the microsoft links.

I still find it unfortunate that secure boot was designed to control *who* has access instead of being a useful tool for owners to determine their machine has been compromised by bootloader malware. From the sounds of it, it won't be difficult for someone to sign a trojan directly or exploit someone else's buggy code. And from what we already know, "secure boot" will just accept the microsoft key without question.

After the fact revocation is better than nothing I suppose, but it gives very little confidence against a targeted attack, where a trojan is unlikely to be discovered by a victim for whom secure boot has failed.

Sorry mjg59, these last few paragraphs aren't addressed to you... I'm just extremely disappointed that we're going to be stuck with this instead of a more valid and open solution.

Reply Parent Score: 2