Correction on Secure Boot Article

Posted by tuxchick on Dec 5, 2012 6:05 PM
LXer Feature; By Carla Schroder

LXer Feature: 05-Dec-2012

This is an important correction to "Linux Has Not Won, Microsoft is as Dangerous as Ever, Fie on Secure Boot" that explains correctly how the Platform Key works.

In Linux Has Not Won, Microsoft is as Dangerous as Ever, Fie on Secure Boot I incorrectly described how the Secure Boot Platform Key works. A reader gave me the correct description:

Quoting: The platform key is the firmware vendor's key. Each motherboard will have a platform key controlled by the firmware provider. That key is used to sign the actual SB keys packaged with the system at ship time. Microsoft has no involvement in that at all, except to ask the vendors to sign their key. If the mobo vendor wants to include Microsoft's key, they put it in the list and sign it with the platform key. If they want to include anyone else's key - as well as or instead of Microsoft's key - they put it in the list and sign it with the platform key. The firmware vendor controls the platform key, not Microsoft. The presence of a platform key is an inevitability of any design based around signatures, not a Microsoft plot. The concept that the single platform key controlled by the firmware vendor is used to sign *multiple* OS vendor keys is expressly designed to allow multiple keys to be trusted 'from the factory', precisely the opposite of what you suggest in the article.

This is the only plausible way to design it: it's just the root of the trust chain. There has to be one in any chain of trust. The only possible choices for who should own the trust root are a) the vendor of the firmware and b) the user, and Secure Boot expressly allows for both.

So it is not correct to call it a Windows Platform Key, because there is no such thing. It is important to get this right because it is fundamental to how Secure Boot works.

Return to the LXer Features

Subject Topic Starter Replies Views Last Post
In that scenario, nmset 4 2,073 Dec 6, 2012 2:28 PM
Linux in general bunker85 0 1,852 Dec 6, 2012 8:34 AM

You cannot post until you login.


  Latest Features
James Dixon: Attempting to install Linux on a new laptop
Jun 07, 2019

Hans Kwint: Updating from Ubuntu LTS 16.04 to 18.04
May 03, 2018

Dr Tony Young: A KMail Breakthrough.
May 01, 2016

James Dixon: Installing jstock with Slackware 14.1
Jan 19, 2016

James Dixon: Installing sbopkg with Slackware 14.1
Jan 16, 2016

James Dixon: Open Source Wealth Management
Jan 15, 2016

Hans Kwint: GNUifying Windows: Make the best of imposed Windows-use at work
Oct 23, 2015

Dr. Tony Young: Update to "How long is a piece of string?"
Oct 20, 2015

Russell Hollander: Chromebooks, Linux, and Lenovo
Sep 23, 2015

Scott Ruecker (Phoenix, U.S.) : Interview With Richard Kenner of AdaCore
Aug 29, 2014

View all

  Search Features

Search LXer Features:

[ Copyright © LXer | All times are recorded in Central Daylight Time (CDT) ]

[ Contact Us | Privacy Policy | Terms of Service | About us | rss | Mobile ]