Hello Doug, Doug <dmcgarrett@optonline.net> wrote: > I read the referenced post. It looks to me like Fedora will boot > without hassle, because they paid off Microsoft, and obtained a key, > but everything else, not having a key, will not. Yes. More precisely, they want to get a small piece of software signed by Microsoft, so that the computer will boot this small piece of software. It will then continue to load a Fedora-signed Grub, which loads a Fedora-signed kernel, which only loads Fedora-signed modules. > If I don't understand > it, then please explain in plain words how one could boot anything > else without modifying the BIOS. ‘Modifying the BIOS’ only includes changing settings within the BIOS, not flashing/upgrading the BIOS. It is comparable to changing the boot device or something like that. > If you can boot anything without a > key, then what is different than what we have now? You will have to disable secure boot or add the key used to sign the bootloader to your computer. > (I don't care > about modifying the BIOS, and so far I have not heard of a virus > that attacks Linux, but I'm aware that it is possible--just not worth > anyone's trouble to write, for such a small installed base.) The problem here is that ‘we’ want a chain of trust from the BIOS to the desktop, so that malware cannot infect the kernel before it loads[1]. This means that the BIOS/UEFI must only load stuff that is deemed ‘safe’, which in turn - obviously - should only load other stuff that is also safe [2]. Hence, a Linux distribution that wants to boot by default from such devices must get signed by a key that is contained within the UEFI by default - for example, Microsoft’s [3]. In any case, the key point to remember is: a) You can turn off secure boot completely. b) Secure boot allows you to control more closely what software runs on your computer [4]. c) By reducing the possibilities to attack Windows [5], you also help to reduce spam, DDoS attacks etc. Best regards, Claudius [1] This happens with Windows at the moment and is also a possibility with Linux - maybe not on the botnet-scale, but imagine someone changing the installed kernel on your computer’s unencrypted boot device to a malicious kernel that tries to send the passphrase for the encrypted hard drive to the attacker. [2] This will be: Grub, the Linux kernel and Linux kernel modules. These are all signed by Fedora (in their release), but they want to make it easy for you to build your own secure-boot kernels and grubs: Lower stages will accept any key contained within the UEFI key store (such as those you add yourself). [3] The alternative would have been to either get manufacturers to include a Red Hat key (easy, but not fair for other distributions) or set up an independent foundation. However, auditing and signing code, handling of revocations etc. is probably more expensive than $99. [4] You can/should be able to remove all keys from the UEFI key store and then add only your own: This way, only software signed by _you_ will boot off your computer. [5] Windows cannot defend itself against software that was loaded before Windows took over (neither can Linux). -- No amount of careful planning will ever replace dumb luck. http://chubig.net telnet nightfall.org 4242
Attachment:
signature.asc
Description: PGP signature