Forgot your password?
typodupeerror
Linux Hardware

UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions 185

Posted by timothy
from the next-level-reached dept.
hypnosec writes "The Linux Foundation's UEFI secure boot pre-bootloader is still in the works, and has been modified substantially so that it allows any Linux version to boot through UEFI secure boot. The reason for modifying the pre-bootloader was that the current version of the loader wouldn't work with Gummiboot, which was designed to boot kernels using BootServices->LoadImage(). Further, the original pre-bootloader had been written using 'PE/Coff link loading to defeat the secure boot checks.' As it stands, anything run by the original pre-bootloader must also be link-loaded to defeat secure boot, and Gummiboot, which is not a link-loader, didn't work in this scenario. This is the reason a re-write of the pre-bootloader was required and now it supports booting of all versions of Linux." Also in UEFI news: Linus Torvalds announced today that the flaw which was bricking some Samsung laptops if booted into Linux has been dealt with.
This discussion has been archived. No new comments can be posted.

UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions

Comments Filter:
  • by ozmanjusri (601766) <aussie_bob.hotmail@com> on Saturday February 02, 2013 @04:03AM (#42769829) Journal

    The redesigned bootloader has already been submitted to Microsoft for singing and once the signed version is received, The Linux Foundation is planning to provide it for free.

    Why in hell did the world give Microsoft control over computer bootup hardware?

    That's just insane.

  • by Xipher (868293) on Saturday February 02, 2013 @04:14AM (#42769845)

    The alternative is to try and get every motherboard manufacturer to accept a singing key from them. Having Microsoft sign it means they don't have to deal with that headache.

  • by fph il quozientatore (971015) on Saturday February 02, 2013 @04:16AM (#42769855) Homepage

    Why in hell did the world give Microsoft control over computer bootup hardware? That's just insane.

    I am curious - with a huge SSL signing and authorities infrastructure in place, why did no one ever think to use it? That's probably horribly broken in many other ways, but at least it will only take one solution to solve both problems, when someone manages to fix SSL.

  • by SuricouRaven (1897204) on Saturday February 02, 2013 @04:33AM (#42769891)

    Because Microsoft demanded OEMs give it that control, or else lose their access to dirt-cheap OEM windows licenses. As it is impossible to sell a computer without Windows outside of a very small niche - most users don't even know what an OS is - that gives Microsoft such bargaining power that when they demand, OEMs have no choice but to comply.

  • by Bob9113 (14996) on Saturday February 02, 2013 @04:48AM (#42769925) Homepage

    Why in hell did the world give Microsoft control over computer bootup hardware?

    Because our government leaders voted that the risk of allowing corporations to inhibit competition was less threatening than the risk of allowing the government to regulate such behavior. It reflects the laissez-faire notion that corrupt elected officials are more dangerous than corrupt corporate executives. Though, in practice, our lax policy regarding such anti-free-market behavior is the result of corrupt corporate executives financing corrupt elected officials.

  • Alternatives (Score:5, Insightful)

    by fyngyrz (762201) on Saturday February 02, 2013 @05:10AM (#42769979) Homepage Journal

    Well, actually, another alternative is for motherboard manufacturers to continue to make motherboards that boot the same way as they have for some time. So older, fully functional operating systems can continue to boot.

    Of course, this would allow us to continue to use those fully functional OSs, and remove a goodly portion of the incentive to upgrade... so one might, if one were cynical, imagine that there is a corporate motive at work here.

  • by Patch86 (1465427) on Saturday February 02, 2013 @05:45AM (#42770085)

    If he was wrong, it would be nice if they could respond to each point he raised and tell him why he was wrong. Getting a reply which says "trust us, don't worry about it" is always going to be unsatisfying.

  • Re:Then why UEFI (Score:1, Insightful)

    by Anonymous Coward on Saturday February 02, 2013 @05:56AM (#42770117)

    Only if user can set the keys, not MS / NSA.

  • by KingMotley (944240) on Saturday February 02, 2013 @06:06AM (#42770137) Journal

    If he wants to find out why he is wrong, perhaps he should be consulting with a lawyer. No offense, but I don't want to pay for a DOJ that staffs an extra 2,000 people just so that they can read every piece of email that comes in, and respond back with a detailed analysis of all the legal mistakes made.

    They are doing exactly what they should be doing. They group up emails that pertains to specific subjects then determine which ones they need to look into based on the number of people affected, the seriousness of the accusations, and the realistic ability to make a case. Apparently in this case, the DOJ has already looked at the issue, from some of the most informed lawyers in the country and have determined that they haven't violated any laws. Along comes Mr. Anonymous, and writes a big ass letter. Do they really need to read every point he tried to make when it most likely boils down to one legal mistake after another?

    I haven't read Mr. Fretts letter, but I can only imagine it goes something like:
    Dear DOJ,
            Microsoft is evil and they broke a bunch of laws including the Sherman one. As you well know, they don't have anyone named Sherman, so they are in clear violation and need to be fined, disbanded, all their source code made public domain, and all assets sold off and dived up between all the people running linux because I'm butt hurt.
    {insert 3 more pages about there being no one named Sherman}
    Thank you,
    Mr. Fretts.

  • by martin-boundary (547041) on Saturday February 02, 2013 @07:40AM (#42770363)

    No offense, but I don't want to pay for a DOJ that staffs an extra 2,000 people just so that they can read every piece of email that comes in, and respond back with a detailed analysis of all the legal mistakes made.

    I'd prefer they waste their money on that, than use it to prosecute hackers who copy science papers. The money, once in the budget, will be spent regardless. If it _won't_ be spent on serving the public, it _will_ get spent on selfish career making schemes.

  • by exomondo (1725132) on Saturday February 02, 2013 @08:01AM (#42770435)

    The alternative is to try and get every motherboard manufacturer to accept a singing key from them. Having Microsoft sign it means they don't have to deal with that headache.

    Or to not use secureboot motherboards or just turn secureboot off and continue on as we do now, hell if you really wanted to use windows 8 you still could, it doesn't need secureboot either, it doesn't even need UEFI.

Aren't you glad you're not getting all the government you pay for now?

Working...