←back to thread

Linux and Secure Boot certificate expiration

(lwn.net)
253 points pabs3 | 3 comments | 18 Jul 25 03:53 UTC | HN request time: 0s | source
Show context
greatgib ◴[18 Jul 25 06:46 UTC] No.44601921[source]
It's totally crazy that we have to go through Microsoft to sign things to be able to have our OS run on third parties computers, and that Microsoft manage to win about this so easily as it was never seriously challenged.
replies(7): >>44601962 #>>44602085 #>>44602088 #>>44602288 #>>44602373 #>>44602674 #>>44615523 #
1. whatagreatboy ◴[18 Jul 25 07:15 UTC] No.44602085[source]
Only legal requirements can change it. Nowadays, the mokutil is good enough that linux users can build a good tool around it to automate registration at boot that should ease some pain. But otherwise, it is a big mess and still needs legal requirement.
replies(1): >>44615789 #
2. riedel ◴[19 Jul 25 14:34 UTC] No.44615789[source]
The EU should step in and make sure that any critical OS attestation is taken out of the hands of the big players. Look at GrapheneOS is being denied Google Play Integrity [1] on pretty much no grounds with large consequences. Such security infrastructure is to easily abused to put bias into the market. On the other hand funding is needed to professionally run this stuff.

[1] https://discuss.privacyguides.net/t/grapheneos-is-taking-act...

replies(1): >>44634608 #
3. nullc ◴[21 Jul 25 13:00 UTC] No.44634608[source]
"The EU should step in"

EU mandates any hardware sold will only boot software signed by EU private key, with signatures only provided to software including government spyware and passing a billion euro certification process.

"No not like that!"