|
|
|
|
|
|
by crdoconnor
4127 days ago
|
|
|
>The problem with secure boot is that most want to choose what parties to trust for managing the security of the boot chain. The problem is that this process of whom to choose is completely opaque and usually based upon who has the most market power, definitely not who is the most trustworthy. Hence tons of OEMs ship with Microsoft's key being the only trusted one. Imagine if the only CA trusted in 95% of browsers was Microsoft's CA. We'd be seeing blog posts like this telling us that since we didn't read the SSL spec, and because it's open, we're all just a bunch of know-nothing whingers :) |
|
|
Let's face it, most motherboards will run Windows, so it makes sense to ship Microsoft's keys (also they have to do that to get certified by Windows). Do you really expect OEMs to go hunting down keys from Red Hat, SuSE and Canonical? What about all the other little distros? I would expect that companies like Microsoft know how to handle key material properly (plus they have a vested interest in doing it correctly), but how much do you trust all the little distros? Once a key is trusted, it's trusted, so if you want Secure Boot to do-what-it-says-on-the-tin, you need to have confidence that the pre-installed keys are all kosher.
And the CA model will definitely not work - we have seen what happens in the browser world. One bad CA, one bad signed certificate and the game is lost. And since it's running in firmware, there's no easy way to revoke or blacklist certificates.
I run Linux exclusively on my PC (and have for 15 years) so I'm sympathetic with everyone's concerns with Secure Boot, but I also completely understand why only Microsoft's key is pre-installed on most systems, and I believe that's probably the correct solution. The fact that the UIs for installing new keys or disabling Secure Boot suck is a good point. Complaining that Microsoft's key being the only pre-installed key isn't.