Red Hat Will Address Secure Boot Issue in Fedora 18

Jun 14, 2012

Fedora bypasses UEFI restrictions with Microsoft signing service.

As we have reported previously HPC and Linux magazine web sites, all Windows 8 licensed hardware will ship with the new UEFI secure boot enabled by default. In a nutshell, the UEFI specification associates the firmware with a signing key, which prevents users from installing a new operating system – such as Linux.

According to Red Hat developer Matthew Garrett, the company has been working on a plan for dealing with the situation. Although Red Hat explored several alternatives, Garrett reports that “Microsoft will be offering signing services through their sysdev portal.” The solution is not free; a US$ 99 fee is required to gain access. Garrett notes that the US$ 99 goes to Verisign, not Microsoft and that, once paid, you can sign as many binaries as you want.

Garrett states that this approach, which will be implemented in Fedora 18, “ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions.” Garrett also says that the solution “is not ideal, but of all the approaches we’ve examined we feel that this one offers the best balance between letting users install Fedora while still permitting user freedom.”

Steven J. Vaughn-Nichols at ZDNet spoke about this issue with Linus Torvalds, who doesn’t think Microsoft’s spin on Windows 8 UEFI secure boot is sufficient for security. Torvalds said, “The real problem, I feel, is that clever hackers will bypass the whole key issue either by getting a key of their own (how many of those private keys have stayed really private again? Oh, that’s right, pretty much none of them) or they’ll just take advantage of security bugs in signed software to bypass it without a key at all.” Stay tuned.

You can read Matthew Garrett’s blog at: and find the article by Steven J. Vaughn-Nichols here

Related content

  • Linux News
    • Red Hat Addresses Secure Boot
    • FSF Addresses Secure Boot
    • Android 4.1 Jelly Bean
  • UEFI and Secure Boot

    The coming Windows 8 implementation of UEFI with Secure Boot adds an extra layer of complexity for some Linux users. We look at the problem and two solutions from Fedora and Canonical.

  • UEFI Developments

    Windows secure boot controversy gets uglier.

  • Win8/Linux Dual-Boot

    Although getting Windows to play nice with an existing Linux installation is difficult, with a few tricks, you can set up Windows 8 to dual-boot with Linux.

  • The State of Secure Boot

    Opinions differ on the UEFI boot security system, but one thing is certain: Secure Boot is here to stay. We thought it was time to ask, "How hard is it to boot a popular Linux distribution in a UEFI Secure Boot environment?"

comments powered by Disqus

Issue 180/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)