Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Fighting UEFI



On Sat, Jul 28, 2012 at 02:43:00PM -0400, Richard Pieri wrote:
> On 7/28/2012 1:59 PM, Chuck Anderson wrote:
> >To be fair, it isn't UEFI per se that is the problem, it is Secure
> >Boot.  My current laptop works just fine in UEFI mode and doesn't
> >support Secure Boot.  Most current servers also support UEFI without
> >Secure Boot.
> 
> It's not even Secure Boot that's a problem.  It's Microsoft's
> requirement that Secure Boot be enabled on hardware that ships with
> Windows 8 and that Secure Boot cannot be disabled on ARM hardware
> that ships with Windows 8.
> 
> The typical Linux server or workstation doesn't ship with Windows of
> any flavor.  Linux hardware vendors will continue to ship hardware
> with Linux as an option.  These will not have Secure Boot enabled,
> or these will have the option for owners installing their own
> certificates, or both.  Therefore the whole "issue" is nothing more
> than FUD as far as I'm concerned.

Additionally, there are options to boot custom
bootloaders/kernels/OSes even on Windows 8 certified x86 boxes:

1. Disable Secure Boot in the firmware.

2. Load your own keys into the firmware.

3. Pay $99 to Verisign so you can sign as many binaries as you want
   and have them automatically be trusted by the default firmware
   keys.

Fedora/Red Hat opted for option #3 to make it easy for their users:

"While Microsoft have modified their original position and all x86
Windows machines will be required to have a firmware option to disable
this or to permit users to enrol their own keys, it's not really an
option to force all our users to play with hard to find firmware
settings before they can run Fedora. We've been working on a plan for
dealing with this. It's not ideal, but of all the approaches we've
examined we feel that this one offers the best balance between letting
users install Fedora while still permitting user freedom." [1]

[1] http://mjg59.dreamwidth.org/12368.html

For Windows 8 certified ARM boxes, you are SOL.  But on existing
non-Windows 8 ARM devices, you are already most likely SOL
anyway--most ARM devices are mobile/smartphone/tablet devices, and
most of them already lock you down with locked bootloaders and such.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org