Secure Boot BoF

Speakers: Ben Hutchings nicoo

Type: BoF (45 mins)

Room: Menzies 13

Time: Jul 08 (Fri), 15:00

Secure Boot is a UEFI feature that prevents unsigned boot code from being loaded. Assuming the bootloader checks the signature on the kernel, and the kernel checks the signature on code it itself loads, this chain of trust can be extended quite far into the running system. Unfortunately, the only signing key that is trusted by most implementations is held by Microsoft.

There are 2 major reasons for supporting Secure Boot in Debian:

  • some computers now ship with Secure Boot enabled by default, making it harder to install Debian;
  • while not perfect, it is a technology that can be used to make Debian user safer.

The plan the Ben (bwh) has been hatching is as follows:

  • a minimalistic shim bootloader is signed by Microsoft;
  • the shim load a bootloader that was properly signed by Debian (in the long run, ftpmaster@; right now, it's bwh's signing key);
  • the bootloader loads a kernel signed by Debian;
  • the kernel only accepts to load code signed by Debian (securelevel = 1).

The signing process itself uses signature packages, so as not to keep signing keys on the buildds or break reproducibility.


  • no dependency on Microsoft, once the shim is signed (and it should need fixes very seldom);
  • robust process that can take advantage of reproducible builds;
  • gives reasonable guarantees that the running kernel is a legitimate one;
  • trusting only Debian (as opposed to anything Microsoft signs) can easily be achieved by shipping a Debian-signed shim and having the user put the Debian key as the only trusted one.


  • doesn't protect the userspace (yet!);
  • still vulnerable to somebody with a kernel exploit (but this doesn't grant persistence) or who can get a bootloader signed by Microsoft.

Help us, fellow Debian hackers! You are our only hope.


Platinum Sponsors

Gold Sponsors

Silver Sponsors

Bronze Sponsors