Linus Torvalds: Hackers will eventually bypass Windows 8's secure boot feature
As we all know, Windows 8 PCs will ship with secure boot enabled by default. These PCs will feature Unified Extensible Firmware Interface (UEFI) instead of the traditional BIOS. UEFI will add an extra layer of security to your PC. But that's not what the father of Linux thinks.
"I’m certainly not a huge UEFI fan, but at the same time I see why you might want to have signed bootup etc. And if it’s only $99 to get a key for Fedora, I don’t see what the huge deal is," the father of Linux, Linus Torvalds, argues. Still Torvalds doesn’t think Microsoft’s decision of introducing UEFI secure boot in Windows 8 is going to make any significant change to the security. He adds:
"The real problem, I feel, is that clever hackers will bypass the whole key issue either by getting a key of their own (how many of those private keys have stayed really private again? Oh, that’s right, pretty much none of them) or they’ll just take advantage of security bugs in signed software to bypass it without a key at all."
He concluded: "Signing is a tool in the tool-box, but it’s not solving all the security problems, and while I think some people are a bit too concerned about it, it’s true that it can be mis-used."
Fedora, a Red Hat distribution has found a way to deal with this. They signed up with Microsoft via Verisign to make their own Windows 8 system compatible UEFI secure boot key. Matthew Garrett, a Red Hat developer, explained why Fedora decided to sign up with Microsoft for UEFI secure boot key:
"We explored the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it, but turned it down for a couple of reasons. First, while we had a surprisingly positive response from the vendors, there was no realistic chance that we could get all of them to carry it. That would mean going back to the bad old days of scouring compatibility lists before buying hardware, and that’s fundamentally user-hostile. Secondly, it would put Fedora in a privileged position. As one of the larger distributions, we have more opportunity to talk to hardware manufacturers than most distributions do. Systems with a Fedora key would boot Fedora fine, but would they boot Mandriva? Arch? Mint? Mepis? Adopting a distribution-specific key and encouraging hardware companies to adopt it would have been hostile to other distributions. We want to compete on merit, not because we have better links to OEMs."