The Linux Foundation's UEFI Secure Boot Pre-Bootloader Delayed 179
hypnosec writes "The Linux Foundation's plans for releasing a signed pre-bootloader that will enable users to install Linux alongside Windows 8 systems with UEFI have been reportedly delayed. The Foundation proposed a signed pre-bootloader that will chain-load a bootloader which, in turn, will boot the desired operating system, thus keeping Linux installations for novice users as simple as it was before. Further, this particular component is meant for small-time Linux distros which otherwise wouldn't have the required expertise or resources to develop their own system to tackle the secure boot issue. This was going as per plans up until Linux kernel maintainer James Bottomley disclosed that he has been having rather bizarre experiences with Microsoft sysdev centre. Bottomley said, 'The first time I sent the loader through, it got stuck (it still is, actually). So I sent another one through after a week or so. That actually produced a download, which I've verified is signed (by the MS UEFI key) and works, but now the Microsoft sysdev people claim it was "improperly" signed and we have to wait for them to sort it out. I've pulled the binary apart, and I think the problem is that it's not signed with a LF [Linux Foundation] specific key, it's signed by a generic one rooted in the UEFI key. I'm not sure how long it will take MS to get their act together but I'm hoping its only a few days."
Update: 11/21 14:22 GMT by U L : See the Original weblog post, and one interesting tidbit: Microsoft banned bootloaders licensed under the GPLv3 and "similar open source licenses."
Present user test? (Score:2, Interesting)
Does that mean the user has to actually be present to press a key? That renders secure boot unuseable on remote-admined or unattended servers, the very place you would most want to have a secure boot chain.
Not surprised at all (Score:5, Interesting)
Disabling secure boot and dual booting? (Score:3, Interesting)
I know that new laptops shipping with Windows 8 preloaded have to allow the user to disable secure boot.
Now that some laptops are out there, does anyone know if disabling secure boot will still let you run Windows, ideally even after its partition has been resized? Or will the preinstalled Windows just refuse to boot if secure boot has been switched off?
Re:Microsoft banned GPL in UEFI binaries .. (Score:5, Interesting)
This restriction is imposed by the GPLv3 not by Microsoft. They are just being helpful in letting you know, they can't give specifics for all other licensees out there.
Need to replace UEFI with CoreBoot (Score:5, Interesting)
Re:Not surprised at all (Score:5, Interesting)
Maybe the "Secure" in "UEFI Secure Boot" referes to securing Microsofts Monopoly and existence in the OS market?
Re:Not surprised at all (Score:4, Interesting)
Actually UEFI does prevent a huge amount of it, and most important all the worst stuff that was beyond the ability of AV software to get rid of. Remember all those fake anti-virus scams? They installed a rootkit that changed the low level SATA driver which is loaded very early in the boot process. UEFI prevents an OS modified in that way from booting and the Windows 8 recovery system can detect and fix it.
Re:Not surprised at all (Score:4, Interesting)