Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

First Attempt At Linux Kernel Secure Boot Support

Written by Michael Larabel in Hardware on 6 September 2012 at 09:31 AM EDT. 1 Comment

HARDWARE

Matthew Garrett published the first patches this week that take an initial stab at the Linux kernel UEFI Secure Boot support.

An "RFC" (Request For Comments) patch series was published entitled First attempt at kernel secure boot support by Red Hat's Matthew Garrett.

The UEFI Secure Boot trust model is based on it not being possible for a user to cause a signed OS to boot an unsigned OS, even if that user has administrative privileges. This is an initial attempt at a set of patches to reduce root's ability to modify the kernel. We've done this with an additional capability for a couple of reasons:

1) CAP_SYS_RAWIO already covers pretty much everything we want, but also disables a lot of functionality that we don't want to lose. Following the same model seems reasonable.

2) This capability may be more generically useful for some use-cases. Adding a set of hardcoded is_secure_boot() checks in the same places would prevent that.

Feedback welcome.

See more UEFI SecureBoot coverage for those not up to speed on the Linux implementation.

1 Comment

Related News

ASRock Announces Passively Cooled Radeon RX 7900 Series

New Dell PC Driver & Intel Performance Limit Reasons Help Laptops On Linux 6.11

HID-BPF Improvements & Apple Keyboard Backlight Support For Some T2 Macs In Linux 6.11

ASUS ROG Ally X Begins Seeing Linux Patches

Linux 6.11 Upstream Now Defaults To A Better SATA Link Power Management Policy

Intel Xe2/Battlemage & AMD RDNA4 Lead The Graphics Driver Changes In Linux 6.11

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

EXT4 Has A Very Nice Performance Optimization For Linux 6.11

systemd Talks Up Automatic Boot Assessment In Light Of The Crowdstrike-Microsoft Outage

XZ Patches For The Linux Kernel Updated, Drops "Jia Tan" As A Maintainer

New Linux Patches Enable The Snapdragon X1 Elite Powered Lenovo ThinkPad T14s Gen 6

KDE Developers Tackle The Five Most Common Plasma Crashes

USB & Thunderbolt Improvements Land In Linux 6.11

NVIDIA 560 Linux Driver Beta Released - Defaults To Open GPU Kernel Modules

Mesa 24.2-rc1 Released With Many OpenGL & Vulkan Driver Improvements