Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat Clarifies Doubts Over UEFI Secure Boot Solution

Posted by Unknown on from the there-goes-freedom-one dept.

sfcrazy writes "Red Hat's Tim Burke has clarified Fedora/Red Hat's solution to Microsoft's secure boot implementation. He said, 'Some conspiracy theorists bristle at the thought of Red Hat and other Linux distributions using a Microsoft initiated key registration scheme. Suffice it to say that Red Hat would not have endorsed this model if we were not comfortable that it is a good-faith initiative.'" Color me unimpressed, and certainly concerned: "A healthy dynamic of the Linux open source development model is the ability to roll-your-own. For example, users take Fedora and rebuild custom variants to meet personal interest or experiment in new innovations. Such creative individuals can also participate by simply enrolling in the $99 one time fee to license UEFI. For users performing local customization, they will have the ability to self-register their own trusted keys on their own systems at no cost." From what I can tell, the worst fears of the trusted computing initiative are coming true despite any justifications from Red Hat here. Note that the ability to install your owns keys is certainly not a guaranteed right.

3 of 437 comments (clear)

  1. User key management by Junta · · Score: 4, Interesting

    self-register their own trusted keys on their own systems at no cost.

    How? Most reasonable mechanisms that could be envisioned would likely be considered an 'attack vector' in certain scenarios. I'm genuinely curious as to the mechanisms allowed for end-user key management in this sort of system.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  2. Re:Just say 'No' by gregthebunny · · Score: 4, Interesting

    Agreed! This is an opportunity for us to protest with our wallets. Not only will I be actively pursuing non-UEFI motherboards, but I will also be actively campaigning my colleagues, coworkers, friends, and family to not buy non-UEFI machines as well. Microsoft is trying to fix a system that isn't broken. They shouldn't have to rely on securities at the hardware and BIOS level to lock down their new operating systems. They should just, you know, build a more secure operating system...

  3. Re:So where's the security? by bws111 · · Score: 4, Interesting

    Untrue. The requirement is that secure boot can not be disabled. If you have a signed bootloader (like one from Red Hat, Fedora, or any other distro that pays the $99 to use this service) you can boot any OS you want.