Linux and Secure Boot HOW-TO

Greig Paul has an article in Linux Journal, a new Security HOW-TO on UEFI Secure Boot.

Take Control of Your PC with UEFI Secure Boot

[..] This article focuses on a single useful but typically overlooked feature of UEFI: secure boot. Often maligned, you’ve probably encountered UEFI secure boot only when you disabled it during initial setup of your computer. Indeed, the introduction of secure boot was mired with controversy over Microsoft being in charge of signing third-party operating system code that would boot under a secure boot environment. In this article, we explore the basics of secure boot and how to take control of it. We describe how to install your own keys and sign your own binaries with those keys. We also show how you can build a single standalone GRUB EFI binary, which will protect your system from tampering, such as cold-boot attacks. Finally, we show how full disk encryption can be used to protect the entire hard disk, including the kernel image (which ordinarily needs to be stored unencrypted). […]

Full article:

http://www.linuxjournal.com/content/take-control-your-pc-uefi-secure-boot

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s