Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Open Source Software Linux

Systemd Getting UEFI Boot Loader 471

New submitter mrons writes: Many new features are coming for systemd. This includes the ability to do a full secure boot. As Lennart Poettering mentions in a Google+ comment: "This is really just about providing the tools to implement the full trust chain from the firmware to the host OS, if SecureBoot is available. ... Of course, if you don't have EFI SecureBoot, than nothing changes. Also if you turn it off, than nothing changes either. [sic]" Phoronix notes, "Gummiboot is a simple UEFI boot manager that's been around for a few years but only receives new work from time-to-time. Lennart and Kay Sievers are looking at adding Gummiboot to systemd to complete the safety chain of the boot process with UEFI Secure Boot. Systemd will communicate with this UEFI boot loader to ensure the system didn't boot into a compromised state."
This discussion has been archived. No new comments can be posted.

Systemd Getting UEFI Boot Loader

Comments Filter:
  • tl;dr (Score:5, Funny)

    by fisted ( 2295862 ) on Tuesday February 03, 2015 @08:13AM (#48967919)
    Many features
    In the bloat
    Off to FreeBSD
    In a safety boat
    burma shave
    • by Anonymous Coward on Tuesday February 03, 2015 @08:31AM (#48968057)

      Just over four months ago, I updated my Debian testing workstation. To keep a long story short, systemd was installed, and my workstation basically got trashed. It no longer booted properly, and none of my attempts to fix it worked. I used a livecd to perform one final backup.

      I proceeded to install FreeBSD 10. In hindsight, I wish I had done this years ago. FreeBSD has worked almost perfectly for me. The installation was fast and actually quite simple. All of the open source software I used to use under Debian is available and easily installed. ZFS is amazing. My system feels faster than it ever did before. It has yet to crash even once, unlike Debian and Linux, where I'd get a kernel panic around once a month. The upgrade to FreeBSD 10.1 went very smoothly, with almost no effort on my part.

      I used to be disturbed by the recent degradation of the Debian project. But now I no longer care. Since moving to FreeBSD, I have no need for Debian. Debian is basically dead to me now. If it dies as a project, I don't care. FreeBSD does everything I need, and it does it better than Debian and Linux ever did.

      Good riddance, Debian. Good riddance, Linux. Good riddance, systemd. All of them are failures compared to FreeBSD.

      • by kthreadd ( 1558445 ) on Tuesday February 03, 2015 @08:35AM (#48968085)

        Just over four months ago, I updated my Debian testing workstation. To keep a long story short, systemd was installed, and my workstation basically got trashed. It no longer booted properly, and none of my attempts to fix it worked. I used a livecd to perform one final backup.

        Have you tried it on a stable OS release that has systemd? I assume you know that testing is a development branch and is supposed to break, otherwise it would be called stable. Fedora has been using it for years now and it has been fine.

        • by donaldm ( 919619 ) on Tuesday February 03, 2015 @08:45AM (#48968155)

          Just over four months ago, I updated my Debian testing workstation. To keep a long story short, systemd was installed, and my workstation basically got trashed. It no longer booted properly, and none of my attempts to fix it worked. I used a livecd to perform one final backup.

          Have you tried it on a stable OS release that has systemd? I assume you know that testing is a development branch and is supposed to break, otherwise it would be called stable. Fedora has been using it for years now and it has been fine.

          I concur, I have been using Fedora for quite a few years and have never had a problem with systemd. I unfortunately think our words are totally wasted on the haters though .

          • by ruir ( 2709173 )
            I too am using Debian 8 and no systemd here. For now...at least it buys me a year or two to test FreeBSD better. Havent used *BSD for years now as a server.
          • I concur, I have been using Fedora for quite a few years and have never had a problem with systemd.

            While you may have a point that judging it based on testing branch distros may be a bit unfair, "it doesn't crash as much as people say" isn't much of a selling point.

          • by Anonymous Coward on Tuesday February 03, 2015 @09:46AM (#48968703)

            Well, you see, I don't have a problem with systemd not working. My problem is that systemd is a great OS that lacks a decent init system.

          • by Anonymous Coward

            This is quite the common tactic in some places. So much so that islamists have a word for it: taqiyya.

            No, I'm not saying you should grow a beard and start wearing a tent, go ass-in-the-air on a mat five times a day offering praise to the prophet poettering. I'm saying your words employ a tactic that's been used before, to the point that there's a word for it.

            • SJW tactics 101 (Score:3, Informative)

              by Anonymous Coward

              Just look at this presentation [youtube.com], where a presenter dares to suggest that some people don't want Gnome, and then Lennart construes this (immediately) as an attack on handicapped people or people who don't speak English. I'm not exaggerating at all - as soon as someone even suggests doing things a different way, he'll just jump up and say, 'you must hate handicapped people.'

              In fact, this is exactly how Debian has turned now that it's been taken over by his cronies. Anyone who even dares to go against him and G

        • Re: (Score:2, Informative)

          I assume you know that testing is a development branch and is supposed to break,

          No, it's not "supposed to break". Heck I ran unstable for years and only had 1 serious problem in all that time. If you really want crazy go to experimental.

          Testing is for hashing out deep and difficult bugs not "This is a complete POS"

          • by rahvin112 ( 446269 ) on Tuesday February 03, 2015 @09:36AM (#48968595)

            No, it's not "supposed to break"

            https://wiki.debian.org/Debian... [debian.org]

            The Unstable repositories are updated every 6 hours.

            Some times are safer than others to upgrade packages in unstable, as at any given time, one or more OngoingTransitions may render some packages uninstallable, or release critical bugs may affect key packages.

            Nearly every single time Debian has made major plumbing changes, by for example upgrading or changing major boot packages that run by default, they've broken testing. Read the archives and you'll even find times they've corrupted peoples drives. Maybe you should be aware of what you are using, for gods sake they have a warning when you install testing that you run the chance of total data loss and having to format and reinstall.

            But of course you know better than the Debian Developers!

            • by rahvin112 ( 446269 ) on Tuesday February 03, 2015 @09:41AM (#48968647)

              Not enough coffee this morning, I quoted Unstable. Testing has similar warnings and you will find that every time there is major plumbing changes testing breaks. It's inevitable as edge cases break things.

              Still, sometimes, especially when packages are being restructured, packages that are not quite releasable may get into the next-stable distribution. So, there may remain some of the fun of using a constantly evolving development distribution.

              Search the archives, there have been plenty of instances where a package pushed into testing broke people's machines. I remember several.

        • by RabidReindeer ( 2625839 ) on Tuesday February 03, 2015 @08:53AM (#48968229)

          Fedora has been using it for years now and it has been fine.

          Mostly fine.

        • by Anonymous Coward on Tuesday February 03, 2015 @08:58AM (#48968267)

          That's the problem. There isn't a stable release with systemd. The code isn't audited, nor has it seen actual production testing. It was just foisted on the end users without any transition period, possibly breaking every single app that uses the init.d mechanism for starting and control.

          To boot, with systemd's ability to listen on the network, it has a good chance of becoming a massive remote root exploit in the waiting. Does it have any internal security? We can cross fingers that this large blob of new code does more harm than good, but all it takes is one glitch, and it would mean havoc worse than the RTM worm on the UNIX side ages ago, or the Windows worms in the early 2000s.

          • by kthreadd ( 1558445 ) on Tuesday February 03, 2015 @09:09AM (#48968373)

            That's the problem. There isn't a stable release with systemd.

            Fedora has so far released six stable releases with systemd, and Red Hat shipped their first stable release with systemd last summer.

            The code isn't audited, nor has it seen actual production testing. It was just foisted on the end users without any transition period, possibly breaking every single app that uses the init.d mechanism for starting and control.

            It has been shipping in Fedora for the past four years, and in RHEL since last summer. If that's not production testing then what is?

            To boot, with systemd's ability to listen on the network, it has a good chance of becoming a massive remote root exploit in the waiting. Does it have any internal security? We can cross fingers that this large blob of new code does more harm than good, but all it takes is one glitch, and it would mean havoc worse than the RTM worm on the UNIX side ages ago, or the Windows worms in the early 2000s.

            Inetd has been doing that for years. It has since moved to a different project. Big deal?

            • by Bengie ( 1121981 ) on Tuesday February 03, 2015 @12:14PM (#48970475)

              It has been shipping in Fedora for the past four years, and in RHEL since last summer. If that's not production testing then what is?

              And to think, enterprise users are still complaining about problems that SystemD is creating, but those issues are being shrugged off as "working as expected".

              To compare it, Windows 8 must be a success because it's been in production for a few years now. SystemD is nearly identical to Metro in every abstract way. The end users who care, don't want it, some people just accept it and think it's great. Well good for them, now give us an option to not use Metro/SystemD and let people who like it use it. the problem with SystemD is there is no option, everything breaks without it as more things become dependent on it.

          • by Anonymous Coward on Tuesday February 03, 2015 @09:17AM (#48968431)

            Does it have any internal security?

            It has UEFI Secure Boot. That means that it is now secure.

        • by 0100010001010011 ( 652467 ) on Tuesday February 03, 2015 @11:23AM (#48969865)

          Have you tried it on a stable OS release that has systemd?

          You mean like Fedora/RH which has 4 'urgent' severity bugs with systemd [redhat.com]

          Including one where systemd breaks Keyboard shortcuts handling in text virtual consoles [redhat.com] on Redhat Enterprise Linux.

          If you lower the bar to "high" priority you get some fun ones like:

          Unable to boot when systemd's LogTarget is set to syslog-or-kmsg or syslog [redhat.com] on RHEL7. (The devs left it at "Ok, dropping log messages even just from systemd itself isn't probaly a best way, but wee need more time for investigation." in September 2014).

          reboot or shutdown commands unresponsive during systemd-fsck [redhat.com]

          systemd stuck when auto-mouting volume for NFS [redhat.com]

          Systemd doesn't unmount all devices before calling reboot/halt and thus corrupts a clean RAID1 [redhat.com]

          These aren't "oops, I can't play MP3" level bugs.

          • Re: (Score:3, Insightful)

            by Anonymous Coward

            What we're seeing is a real-life demonstration of "why you really shouldn't try to re-implement the first 4 network layers":

            Because you're going to make all the same mistakes that were stomped out of the Unix TCP/IP stack over the last 25 years.

      • by koinu ( 472851 ) on Tuesday February 03, 2015 @08:52AM (#48968213)

        FreeBSD user here since over a decade. Welcome.

        You haven't seen FreeBSD crash? It only means that you haven't seen enough, yet. FreeBSD is a great system and I recommend it to everyone who can manage it, but you don't need to mention stability as a feature, because it is not the highlight about FreeBSD. You don't install a system and watch how stable it is, but how useful it is (for you and your special requirements).

        The best thing about FreeBSD are the FreeBSD Ports and how much commitment there is to make every possible application work on the system. You have basically far more possibilities and options than on Linux distributions thanks to the great job they are doing on this system.

        A second point is that it is easier to feel comfortable on the system, because the whole thing is consistent and easy to understand, provided you take some time and learn about the concepts.

        • by Viol8 ( 599362 )

          "You don't install a system and watch how stable it is, but how useful it is"

          A system that goes down halfway through updating a million rows of customer data is not terribly useful. The whole point about *nix is its stability. You can leave the Oooh Shiny Features and piss poor stability to Microsoft, they've got that covered.

        • by account_deleted ( 4530225 ) on Tuesday February 03, 2015 @10:22AM (#48969067)
          Comment removed based on user account deletion
      • by ruir ( 2709173 )
        I could have asked me before. Well, I am joking, I realised it was installed systemd, and uninstalled by hand. Then, in all my Debian testing network, I replicated this configuration, and presto problem solved. /etc/apt/preferences.d/01systemd Package: systemd Pin: origin "" Pin-Priority: -1 Package: dbus Pin: origin "" Pin-Priority: -1
      • It has yet to crash even once, unlike Debian and Linux, where I'd get a kernel panic around once a month.

        This sounds like the problem right here. What was casing the kernel panics? From what you say you seem extremely competent with *NIX systems, so why didn't you find the cause of the panics?

        For what it's worth, I run quite a few Debian-based systems (alright, I'll say it: Ubuntu Server) both on real hardware (commodity and a Dell PowerEdge) and also in AWS (virtual machines in the cloud). I cannot remember my last kernel panic, it has been _years_ since I've seen that.

        Note that Ubuntu is still using upstart,

    • How dare they offer support for booting from EFI.

      Freebsd offers this too so you better choose a different OS. Jeez people

      • Re: tl;dr (Score:5, Insightful)

        by armanox ( 826486 ) <asherewindknight@yahoo.com> on Tuesday February 03, 2015 @09:28AM (#48968529) Homepage Journal
        I think the bigger complaint is that it's being added to systemd, not that it exists (Note that GRUB can already be used with secure boot). Lennart Poettering is pretty disliked for his abandonment of UNIX principles (the biggest one being portability), and somehow his software becomes the de facto standard in the Linux world, long before it is ready (PulseAudio anyone)? He creates issues and fractures the community, and then blames everyone else for the problems.
        • Re: (Score:3, Insightful)

          by PRMan ( 959735 )
          Why would anyone use anything else from the guy that created PulseAudio?
      • How dare they offer support for booting from EFI.

        Freebsd offers this too so you better choose a different OS. Jeez people

        I'd swear the haters are just transplanted Microsoft shills.

        Time to break out that old Timex Sinclair.

    • Re:tl;dr (Score:4, Funny)

      by Ol Olsoc ( 1175323 ) on Tuesday February 03, 2015 @09:37AM (#48968607)

      Many features

      In the bloat

      Off to FreeBSD

      In a safety boat

      burma shave

      systemd has got you itchin'

      would you please just quit your bitchin'?

    • by hcs_$reboot ( 1536101 ) on Tuesday February 03, 2015 @09:49AM (#48968741)
      That thing gets bigger by the day. Isn't there some kind of anti-virus or some' to get rid of it?
  • by Blaskowicz ( 634489 ) on Tuesday February 03, 2015 @08:21AM (#48967977)

    This is an evil ploy to prevent freedom-seeking users from trying Windows 10 alongside Systemd OS.

  • Amusing (Score:2, Funny)

    by Anonymous Coward

    Trust chain. Systemd. Amusing.

  • Maybe it's time to switch back to paper tape boot loader, or better yet, toggling it in. That would be more secure, and most importantly, more reliable. I've had it with all the security bullshit being added. Just more frustration for the end user.
  • by dark.nebulae ( 3950923 ) on Tuesday February 03, 2015 @08:34AM (#48968073)

    This was the only piece that was missing from systemd.

    I'm sure now all of the growth will end and the community will start rallying around systemd.

    Hmm, is that hell freezing over outside?

    • by serviscope_minor ( 664417 ) on Tuesday February 03, 2015 @08:45AM (#48968159) Journal

      This was the only piece that was missing from systemd.

      It's still missing a good editor.

  • Trust Chain? (Score:5, Insightful)

    by Anonymous Coward on Tuesday February 03, 2015 @08:34AM (#48968079)

    With Lennart Poettering and Kay Sievers lol. 2 of the most untrustworthy and two faced developers in the Linux world.

    Something isn't quite right here

  • by account_deleted ( 4530225 ) on Tuesday February 03, 2015 @08:42AM (#48968147)
    Comment removed based on user account deletion
  • by Virtucon ( 127420 ) on Tuesday February 03, 2015 @09:12AM (#48968397)

    When will Systemd get 3D printing capabilities?

  • by Bent Spoke ( 972429 ) on Tuesday February 03, 2015 @09:16AM (#48968419)

    The Systemd Consortium of Uber-Masters (SCUM) is proud to announce the finalization of it's acquisition of the NSA. Hot on the heels of absorbing the CIA and FBI, Vice Chancellor Lennart Poettering had this to say: ".. this brings us one step closer to our ulitimate goal of reducing complexity for the common man."

  • by Torp ( 199297 ) on Tuesday February 03, 2015 @09:17AM (#48968429)

    ... a great many new contributors to BSD :)

  • by Anonymous Coward

    After the systemd fiasco what are people moving to mostly?

    • by Dan Ost ( 415913 )

      Gentoo cotinues to work fine for me. If there's a systemd transition coming, I haven't seen any indications of it.

  • by B5_geek ( 638928 ) on Tuesday February 03, 2015 @09:57AM (#48968841)

    The only thing missing was kitchensinkd!

    A couple of the items were interesting (i.e. ntp-lite). I think the biggest take-away from this is that in the very near future every 'application' will be its own container. While this has some very good merits I am not sure how I feel about it. Cautiously optimistic?

    As a server admin I hate systemd and all of its hell-spawn, but as an end-user i like some of these features.

  • by loonycyborg ( 1262242 ) on Tuesday February 03, 2015 @09:57AM (#48968845)
    Too much effort to cover an attack vector that is rarely used in practice. Even if you consider it a move against modders/free platforms it's still a geeky waste of time to stop something that is a niche activity and matters little for anyone's bottom line.
  • by walterbyrd ( 182728 ) on Tuesday February 03, 2015 @10:34AM (#48969231)

    Just an honest question.

    Certainly this does not have to be part of systemd to work, just like udev did not have to be part of systemd to work.

    So why?

  • by Anonymous Coward on Tuesday February 03, 2015 @10:44AM (#48969381)

    Here's what sure looks like Mr Poettering's plan going forward:
    1. Expand systemd to the point where large swaths of everything depend on it, so that he is controlling as much of the code base as possible.
    2. Insult Linus Torvalds for a while to try to undermine his authority.
    3. Fork Linux, or demand that Linus give control of Linux over to him, or he will rage-quit and take his code with him.

    His goal doesn't seem to be great code (given the number of times he's screwed up big time), or great design (given that he seems to ignore everything Thompson, Ritchie, etc said about how Unix should work). It sure seems to be about becoming the Grand High Poobah of the open source world, without any idea what that actually takes.

    What he doesn't understand is that Linus is in charge because other open source developers genuinely respect his judgment. If Linus was doing a lousy job in his role, there would be calls for Alan Cox or someone else who's been in the inner circle forever to take over, and Linus might actually step aside. If, on the other hand, you're running around insulting everyone for no good reason, you're not going to have the respect of other developers, and they will quite happily shunt you aside, forking systemd if necessary to get rid of you, and life will go on.

    • by ewhac ( 5844 )
      1. Expand systemd to the point where large swaths of everything depend on it, so that he is controlling as much of the code base as possible.
      2. Insult Linus Torvalds for a while to try to undermine his authority.
      3. Fork Linux, or demand that Linus give control of Linux over to him, or he will rage-quit and take his code with him.

      I don't see it unfolding that way. Remember what happened when BitKeeper tried to get up in his business. Linus, if provoked, could write an init/system management framework in a couple

news: gotcha

Working...