Red Hat Will Address Secure Boot Issue in Fedora 18
Fedora bypasses UEFI restrictions with Microsoft signing service.
As we have reported previously HPC and Linux magazine web sites, all Windows 8 licensed hardware will ship with the new UEFI secure boot enabled by default. In a nutshell, the UEFI specification associates the firmware with a signing key, which prevents users from installing a new operating system – such as Linux.
According to Red Hat developer Matthew Garrett, the company has been working on a plan for dealing with the situation. Although Red Hat explored several alternatives, Garrett reports that “Microsoft will be offering signing services through their sysdev portal.” The solution is not free; a US$ 99 fee is required to gain access. Garrett notes that the US$ 99 goes to Verisign, not Microsoft and that, once paid, you can sign as many binaries as you want.
Garrett states that this approach, which will be implemented in Fedora 18, “ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions.” Garrett also says that the solution “is not ideal, but of all the approaches we’ve examined we feel that this one offers the best balance between letting users install Fedora while still permitting user freedom.”
Steven J. Vaughn-Nichols at ZDNet spoke about this issue with Linus Torvalds, who doesn’t think Microsoft’s spin on Windows 8 UEFI secure boot is sufficient for security. Torvalds said, “The real problem, I feel, is that clever hackers will bypass the whole key issue either by getting a key of their own (how many of those private keys have stayed really private again? Oh, that’s right, pretty much none of them) or they’ll just take advantage of security bugs in signed software to bypass it without a key at all.” Stay tuned.
You can read Matthew Garrett’s blog at: http://mjg59.dreamwidth.org/12368.html and find the article by Steven J. Vaughn-Nichols here.
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.