Re: Boot failed on latest CentOS 7 update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> On the side note: it is Microsoft that signs one of Linux packages
> now. We seem to have made one more step away from “our” computers
> being _our computers_. Am I wrong?
> 

Secure booting using UEFI requires that the code is signed - that is
the "secure" bit.  Microsoft are the CA for that signing. There's
nothing sinister about it, they aren't signing the RPM package just one
of the bits of code in the package. I seem to remember that Microsoft
were the most vocal advocates for secure booting to get around boot
sector viruses and in order to facilitate a more universal uptake they
committed to signing any UEFI boot code from other OSes so long as it
came from a bona fide source.

You don't have to use UEFI secure booting - most machines can fall back
to legacy booting using BIOS settings. If you do that, you won't use
any Microsoft signed code.

I haven't looked in detail at the bug this all was supposed to fix, but
I think it had the capability of by-passing the UEFI security checking,
hence why the release of the advisory was delayed until the OSes were
patched and why there was a scramble to get everything out in time.
It's a nasty bug and was difficult to fix from what I've heard.

P.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux