UEFI secure boot: Next generation booting or a controversial debate
by Aditya Balapure - Monday, 15 July 2013.
An alternative approach could be to have the drivers signed by a key included in the majority of the platforms. This would help hardware vendors from having per-platform issues. Also, if secure boot is disabled to boot an alternate OS, then this process would be limited to those who are technologically-savvy, i.e. not for the masses. Another disadvantage to the signing process is that if the signing key is disclosed and gets in the wrong hands, it may be used to boot a malicious operating system even with Secure Boot restrictions. To avoid this, the signing key would have to be blacklisted, which would prevent the operating system from booting. If the same happens with hardware vendors then the drivers would not validate and would cease the system process.

Hence, we come to a point that the UEFI Secure Boot technology is a crucial part of a Linux setup and increases the protection at the root level to fight against the use of malicious software. The only limitation is that it should not hinder user freedom by limiting its use of different operating systems. The sad part is that the current version of Secure Boot model deters easy installation of Linux and inhibits users to play with the whole system. So after a long research initiative, the open source community recommended that the Secure Boot implementation is designed around the hardware vendor who would have full control over security restrictions.

It is also recommended that the original equipment manufacturer should agree with allowing the secure boot option to be easily disabled and enabled as per the userís choice. (This means that secure boot may be disabled through the OS and you may have the option to enable it through the firmware interface something like BIOS has.)

This would help the open source community and also help the cause of the Secure Boot initiative.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th