Linux Foundation's Secure Boot Pre-Bootloader Released

hypnosec writes "The Linux Foundation's UEFI Secure Boot pre-bootloader for independent Linux distros and software developers has finally been released. Announcing the release of the secure boot system James Bottomley noted that the signed pre-bootloader was delivered by Microsoft on February 6th. Bottomley has released two validated files: PreLoader.efi and HashTool.efi. Bottomley has also created a bootable mini-USB image that provides 'an EFI shell where the kernel should be and uses Gummiboot to boot.' Just last week the pre-bootloader had to be rewritten to accommodate booting of all versions of Linux."

What about *BSD?

[ad454]

This is great news for Linux distributions, and a small victory in the losing battle for openness.

But in the spirit of openness, hopefully bootloaders for NetBSD, OpenBSD, and FreeBSD will also be eventually signed.

Everyone should be able to install and run whatever they want on their own computers.

Great! Now let's boycott it.

[UltraZelda64]

Seriously, when Microsoft is paid for the key and they own the key into our computers, we've lost. Simple solution: Avoid ARM-based machines as long as Microsoft requires that no way exists to disable Secure Boot. By buying into this shit, we're just setting ourselves up to be fucked in the ass by Microsoft. I can't say anything good about the Linux Foundation for playing ball with these assholes either. Pre-bootloader, my ass--more like pre-pre-boot-extra-complexity-nightmare, thanks to Microsoft. Having to use this would be a disgrace; that alone should be enough to get people to buy more compatible hardware (but won't be).

Enough is enough

[benjymouse]

Microsoft surely knows that Secure Boot won't affect savvy nerds from converting to Linux. They also surely know that Linux is still growing organically, relying on word-of-mouth and firsthand try-before-you-buy experience.

You are seriously delusional. "Converting" to Linux is not, has never been and will never become a threat to Microsoft. Right now Microsoft is pressured on other fronts, such as desktop PC losing relevance, not being on the boat on mobile and not competing effectively in the tablet game.

You are trying to wage last decades battle. Microsoft does not feel threatened by Linux on the desktop *at* *all*. Get real. The threats to Microsoft do not come from conversions in the x86 space, the come from vertical players and mobile, like Chromebooks, tablets, smartphones.

Note how *all* of these emerging platforms have more restricted app models, and especially *boot* models. Microsoft is simply evolving their primary platform to match the features and security (from closed and semi-closed gardens) of the threatening platforms.

The threat to Microsofts desktop business is *not* Linux. Even though Linux has evolved in that space and on the surface appears to be able to go head-to-head, Microsoft Windows is still *much* more mature than any desktop Linux. Consider for instance group policies, restart manager, volume shadow service, various troubleshooting guides, shims for both application and device compatibility etc. The real threat is that the desktop become irrelevant.

If the desktop is perceived as less secure than an online counterpart, Microsoft will be losing. They *need* to ensure secure boot. It is not a anti-Linux move at all. You are flattering yourself. And being stupid.

Re:Enough is enough

[corvax]

Even if it wasnt intentional (i doubt it) what this does do is make it just a little bit harder to install linux. And makes microsoft the gatekeeper of YOUR hardware. What happens to ALOT of old windows pc's? They get linux installed on them to give them a few more years of usefulness = a loss of revenue for microsoft. Even if it is a small percentage its not enough microsoft would be much happier if the percentage was ZERO......

Re:Great! Now let's boycott it.

[Kjella]

Seriously, when Microsoft is paid for the key and they own the key into our computers, we've lost. Simple solution: Avoid ARM-based machines as long as Microsoft requires that no way exists to disable Secure Boot.

Uhh this isn't about ARM, Microsoft doesn't allow any third party OS on their ARM machines period. This is if you want any x86 machine shipping with Windows 8 and the "Designed for Windows 8" label to boot any other OS without finding the obscure and non-standard way to disable Secure Boot in UEFI (the new BIOS). At least in this incarnation you can always disable it yourself (again, only on x86), but I smell a Darth Vader quote coming as in "I'm altering the deal. Pray that I do not alter it further." But there's really no way to boycott Secure Boot without boycotting all machines with Win8 preinstalled, which has a snowball's chance in hell of working. What you'd really want is Linux preinstalled laptops, but they're still very few and far between. Desktops are less of an issue because you can always build from parts, or have one built for you.

Re:What about *BSD?

[AmiMoJo]

One issue that never seems to be mentioned but could be potentially huge is that the signed bootloader requires user interaction to boot. It was designed that way to prevent malware using the bootloader to silently root the OS, the very thing SecureBoot was designed to prevent.

It won't boot until you press a key to continue. Many Linux machines don't have any facility for that, either because they are a tablet with no physical keyboard or because they are a headless server with no-one around to operate them locally.