Ubuntu Lays Plans For Getting Past UEFI SecureBoot

An anonymous reader writes "Canonical has laid out their plans for handling UEFI SecureBoot on Ubuntu Linux. Similar to Red Hat paying Microsoft to get past UEFI restrictions, Canonical does have a private UEFI key. Beyond that they will also be switching from GRUB to the more liberal efilinux bootloader, and only require bootloader binaries be signed — and they want to setup their own signing infrastructure separate from Microsoft."

Re:How much of the 'operating system' needs to sig

[Rich0]

Yeah, and all those Ubuntu users will be happy one day when their key gets revoked, after it turns out some rootkit uses it to infect the MBR.

MBR runs trusted Ubnutu bootloader. Ubuntu bootloader looks at its virus-written config file and loads the rootkit. The rootkit goes on and boots windows.