Forgot your password?

Linux Foundation's Secure Boot Pre-Bootloader Released 178

Posted by timothy
from the what-about-the-pre-pre-pre-bootloader? dept.
hypnosec writes "The Linux Foundation's UEFI Secure Boot pre-bootloader for independent Linux distros and software developers has finally been released. Announcing the release of the secure boot system James Bottomley noted that the signed pre-bootloader was delivered by Microsoft on February 6th. Bottomley has released two validated files: PreLoader.efi and HashTool.efi. Bottomley has also created a bootable mini-USB image that provides 'an EFI shell where the kernel should be and uses Gummiboot to boot.' Just last week the pre-bootloader had to be rewritten to accommodate booting of all versions of Linux."
This discussion has been archived. No new comments can be posted.

Linux Foundation's Secure Boot Pre-Bootloader Released

Comments Filter:
  • This is bollocks (Score:4, Interesting)

    by Skiron (735617) on Saturday February 09, 2013 @01:47PM (#42844299) Homepage

    All the time Microsoft have control, they will always have control.

    Why don't people LEARN from history from how they operate?

    This will all go horribly wrong, mark my words.

    And I still do not understand how Microsoft get to control this.

  • Re:What about *BSD? (Score:5, Interesting)

    by Anonymous Coward on Saturday February 09, 2013 @02:17PM (#42844511)

    Incidentally.. Microsoft will have two keys. One for Windows, and another for "third party" stuff.

    So they can revoke everyone's software and leave theirs working.

    BTW: Anyone interested in the abuses that UEFI allows should read both the UEFI guidelines and the Microsoft Mandate (the rules they apply to OEMs for Win8 certs, and anyone wanting to have their software signed).

    Microsoft's rules violate several of the guidelines - unsurprisingly those to do with who actually controls the PC.

  • by QuietLagoon (813062) on Saturday February 09, 2013 @03:11PM (#42844901)
    ... why Microsoft is the gatekeeper for what OS's are allowed to boot on the computers I buy.
  • Re:only (Score:5, Interesting)

    by SuricouRaven (1897204) on Saturday February 09, 2013 @03:50PM (#42845183)

    True. Except that it can be used to bypass secure boot:
    1. Boot secure OS.
    2. Hack it, get root.
    3. Write hibernate image to the drive containing your hacked kernel, which includes disabling of the code to delete the image after use.
    4. Trigger reboot.
    5. Pwnage.

    It'd take some very impressive skill to do that - it isn't something you could just make a script-kiddie toolbox for. The only way to prevent this is for the kernel to use TPM hardware to sign the boot image. As this isn't yet an option, it's debated if Secure Boot linux should also disable hibernation, in order to be strictly compliant, even though it introduces much user annoyance to provide protection against an attack that would be near-impossible for even the best hacker to pull off.

  • Its NOT Microsoft (Score:4, Interesting)

    by ArchieBunker (132337) on Saturday February 09, 2013 @04:33PM (#42845477) Homepage

    Nobody ever brings this up but me. Guess who else is in the UEFI group?

    AMD, American Megatrends, Apple, Dell, HP, IBM, Insyde Software, Intel, Lenovo, Microsoft, and Phoenix Technologies

The "cutting edge" is getting rather dull. -- Andy Purshottam