Torvalds: UEFI Keys Are a Solution, but Clever Hackers Will Bypass the System

A number of Microsoft fans are seeing the new Unfied Extensible Firmware Interface (UEFI) as an efficient way to improve a system’s security. However, the main issue is that the Windows 8 licensed hardware that will incorporate the secure boot feature will only be compatible with this particular OS.

While most operating systems will be difficult to boot up on these devices, Red Hat has come up with a compromise.

“The UEFI secure boot mechanism requires pairing of trusted keys with low-level operating system software (bootloaders) signed with the respective key. The big challenge is how to both initially ship and later update the set of trusted keys stored in the system firmware,” said Tim Burke, vice president at Linux Engineering.

The solution: Microsoft will provide keys for Windows and Red Hat for Red Hat Enterprise Linux and Fedora. Other Linux distributions can also participate for a fee of $99 (74 EUR).

Some agree with this method and some don’t.

According to ZDNet, Linus Torvalds, the one who started the development of the open source Linux kernel, claims that even though he is not a bit supporter of UEFI, this solution could be a decent one.

“Yes, yes, the sky is falling, and I should be running around like a headless chicken in despair over signing keys. But as long as you can disable the key checking in order for kernel developers to be able to do their job, signed binaries really can be a (small) part of good security. I could see myself installing a key of my own in a machine that supports it,” he said.

However, he has some concerns regarding the use of these keys.

“The real problem, I feel, is that clever hackers will bypass the whole key issue either by getting a key of their own (how many of those private keys have stayed really private again? Oh, that’s right, pretty much none of them) or they’ll just take advantage of security bugs in signed software to bypass it without a key at all,” he explained.

As history has shown on numerous occasions, it’s only a matter of time until those “clever hackers” show what they’re capable of, so it shouldn’t surprise anyone if Torvalds is right.