SUSE Slowly Shows UEFI Secure Boot Plan 190
itwbennett writes "One blog post at a time, SUSE is revealing its plan for getting SUSE Linux Enterprise Server (SLES) to boot on machines with UEFI Secure Boot. The short version: 'For now, it seems, SLES will implement an approach similar to that used by Fedora,' writes Brian Proffitt. '[Director of the SUSE Linux Enterprise Olaf] Kirch's first blog entry on Tuesday merely introduced the problem of UEFI Secure Boot. Today's blog only specified the use of the shim bootloader.' Just dying to know what's next? Tune in to the SUSE blog."
It is a trap - control over the OS (Score:2, Interesting)
Re:There's a totally open source verified boot (Score:4, Interesting)
UEFI is a standard. It's not a codebase. There's no reason there can't be F/OSS implementations of UEFI, and indeed Secure Boot - SB relies on asymmetrical key signing, which of course can be perfectly well implemented by F/OSS code. In fact, I think there's a partial F/OSS implementation of UEFI and SB for qemu already.
Re:what is the point again? (Score:5, Interesting)
Think you can disable it? Think again: who is going to care about your being able to disable it when, eventually, Microsoft requires it to be always on on Intel versions of Windows just like they have done on ARM?
Re:Slashdot has gone batsh*t crazy (Score:4, Interesting)
But HDCP is also weak and has already been defeated. Secure Boot could make it hard for instance to put in a driver that would accept non-HDCP links.
The problem is that Secure Boot is a solution looking for a problem. Boot-time malware can already be detected in software, is really hard to pull off, can be secured by not allowing software other than the OS to access the boot records and wouldn't be a benefit to anyone if it was undetectable.