UEFI Secure Boot and Ubuntu - implementation
Matthew Garrett
mjg59 at srcf.ucam.org
Sat Jun 23 03:21:33 UTC 2012
On Fri, Jun 22, 2012 at 12:04:29PM +0100, Steve Langasek wrote:
(snip)
> we have not been able to find legal guidance that we wouldn't then be
> required by the terms of the GPLv3 to disclose our private key in
> order that users can install a modified boot loader.
Have you talked to the FSF about their position on this? They're the
sole copyright holder of grub 2, so any position they'd publicly take
would be pretty relevant in terms of potential legal action.
> Therefore, we will only be requiring authentication of boot loader
> binaries. Ubuntu will not require signed kernel images or kernel
> modules.
How are you going to prevent your bootloader from being used to launch a
trojaned Fedora kernel, for instance? This is the kind of decision that
doesn't just affect Ubuntu, it has ramifications for the security model
that other distributions use. This makes it impossible to implement any
kind of signed userspace unless the user explicitly revokes the Ubuntu
bootloader first or uses their own trust chain.
> As announced earlier today, we've generated an Ubuntu signing key for
> use with UEFI. The private half of this key will be stored securely on
> our Launchpad infrastructure, which will be responsible for signing boot
> loader images and distributing them in the Ubuntu archive.
I'm not fully clear on this. If the bootloaders you distribute in the
archive will be signed with your key, how do you get your key installed
on existing systems? Or will there be two bootloader packages, one
signed by Microsoft and one signed by you, with the first chaining to
the second?
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the ubuntu-devel
mailing list