James Bottomley just published a description of the Linux Foundation's Secure Boot plan, which is pretty much as I outlined in the second point here - it's a bootloader that will boot untrusted images as long as a physically present end-user hits a key on every boot, and if a user switches their machine to setup mode it'll enrol the hash of the bootloader in order to avoid prompting again. In other words, it's less useful than shim. Just use shim instead.
- 1: Playing with Thunderbolt under Linux on Apple hardware
- 2: A short introduction to TPMs
- 3: More in the series of bizarre UEFI bugs
- 4: Samsung laptop bug is not Linux specific
- 5: Rebooting
- 6: Update on leaked UEFI signing keys - probably no significant risk
- 7: Leaked UEFI signing keys
- 8: Secure Boot and Restricted Boot.
- 9: The current state of UEFI and Linux
- 10: Using pstore to debug awkward kernel crashes
Expand Cut Tags
No cut tags