Red Hat Clarifies Doubts Over UEFI Secure Boot Solution

sfcrazy writes "Red Hat's Tim Burke has clarified Fedora/Red Hat's solution to Microsoft's secure boot implementation. He said, 'Some conspiracy theorists bristle at the thought of Red Hat and other Linux distributions using a Microsoft initiated key registration scheme. Suffice it to say that Red Hat would not have endorsed this model if we were not comfortable that it is a good-faith initiative.'" Color me unimpressed, and certainly concerned: "A healthy dynamic of the Linux open source development model is the ability to roll-your-own. For example, users take Fedora and rebuild custom variants to meet personal interest or experiment in new innovations. Such creative individuals can also participate by simply enrolling in the $99 one time fee to license UEFI. For users performing local customization, they will have the ability to self-register their own trusted keys on their own systems at no cost." From what I can tell, the worst fears of the trusted computing initiative are coming true despite any justifications from Red Hat here. Note that the ability to install your owns keys is certainly not a guaranteed right.

Re:So where's the security?

[vlm]

Oh genius hits milliseconds after I hit the Fing submit button... A tee shirt with a QR code of the official microsoft secret signing key with iconic 1984 or maybe animal farm styling.

Coming soon, from VLM enterprises...

Just ask Flame developers

[luizd]

C'mon, it is very easy to solve the problem. Uses them same Microsoft CA that Flame worm is using.

SecureBoot is more a "reduce users power to change OS" than "protect from malwares", as Flame proved.