Linked by Thom Holwerda on Fri 22nd Jun 2012 23:17 UTC
Ubuntu, Kubuntu, Xubuntu After Fedora, Ubuntu has now also announced how it's going to handle the nonsense called "Secure" Boot. The gist: they'll use the same key as Fedora, but they claim they can't use GRUB2. "In the event that a manufacturer makes a mistake and delivers a locked-down system with a GRUB 2 image signed by the Ubuntu key, we have not been able to find legal guidance that we wouldn't then be required by the terms of the GPLv3 to disclose our private key in order that users can install a modified boot loader. At that point our certificates would of course be revoked and everyone would end up worse off." So, they're going to use the more liberally licensed efilinux loader from Intel. Only the bootloader will be signed; the kernel will not.
Thread beginning with comment 523418
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: meh
by WereCatf on Sat 23rd Jun 2012 02:21 UTC in reply to "meh"
WereCatf
Member since:
2006-02-15

and whilst Secure boot might not be nice for Linux, it does exist for a good reason.


I really have to say that all this feels more like trying to kill a fly with a god damn nuclear weapon; there are extremely few modern boot-sector viruses -- I atleast am not aware of a single one -- and you don't need boot-sector viruses anyway to cause damage. As long as the virus/malware has access to users' files and input devices then the users are already screwed and Secure Boot does not prevent that. Besides, a virus shouldn't even get to the point of being able to infect the boot sector in the first place.

That is to say that Secure Boot solves only a highly theoretical issue that really isn't all that pressing a matter, atleast for now. It doesn't mean it's useless, but it's given way too much weight. The bigger issue, though, is that Secure Boot is all controlled and designed by Microsoft. If it was really aimed at securing end-users then there would be a public design-and-approval process and some sort of a multi-party committee to govern the keys and Secure Boot-usage in order to ensure proper cross-platform functionality, to find and fix any faults with the implementation and to not let only a single party control the whole thing when it has the potential of affecting every single PC-user and manufacturer. That right there is my one, single biggest issue with Secure Boot.

Reply Parent Score: 17

RE[2]: meh
by hoak on Sat 23rd Jun 2012 03:23 in reply to "RE: meh"
hoak Member since:
2007-12-17

I agree with WereCatf and would add this reeks of 'Security Theater' to move an agenda forward that has more to do with control of revenue opportunity then real security.

Not to say that boot security is not a concern without veracity, but the aggressive move to adoption, lack of anything that resembles peer review, and obvious pressure from the Vole -- just smells bad.

Reply Parent Score: 4

RE[2]: meh
by Drumhellar on Sat 23rd Jun 2012 17:57 in reply to "RE: meh"
Drumhellar Member since:
2005-07-12

Well, Stuxnet contained a rootkit, which is SecureBoot would prevent from operating.

Granted, it also ran in user mode, which SecureBoot wouldn't stop, but that's a freakin' complicated bit of malware.

Reply Parent Score: 2