Ubuntu – the advantage of a signed kernel

kerneluefi

I was looking through APT packages for Quantal and I found one called linux-signed-image-generic, which only says that it's "Signed with the Ubuntu EFI key." The kernel package that it currently depends on says pretty much the same thing.

So if your hardware supports EFI (I think I'm running the signed kernel now) then what benefits does the signed kernel have? Is it just a security thing?

Best Answer

It is a security thing but there is no performance benefit for your system.

New hardware will have secure boot. The problem is, that this hardware won't boot an OS that is not signed. The hardware is checking the software at startup to see if it is signed. If it isn't, the hardware will prevent the software from booting.

This is a security thing, because in theory it will prevent e.g. malware to start on your hardware.

There was a lot of discussion about this feature because an open source OS must get signed to run on future computers and that must be paid. And this is not the Open Source way.

This is a short explanation, but there is a lot of stuff on the web about it.