Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ubuntu Lays Plans For Getting Past UEFI SecureBoot

Posted by timothy on from the first-you-fake-an-injury dept.

An anonymous reader writes "Canonical has laid out their plans for handling UEFI SecureBoot on Ubuntu Linux. Similar to Red Hat paying Microsoft to get past UEFI restrictions, Canonical does have a private UEFI key. Beyond that they will also be switching from GRUB to the more liberal efilinux bootloader, and only require bootloader binaries be signed — and they want to setup their own signing infrastructure separate from Microsoft."

4 of 393 comments (clear)

  1. Why is this a problem? by Anonymous Coward · · Score: 5, Informative

    Shouldn't I be able to load my own private key (or that of my distribution of choice) in the UEFI interface and then sign the bootloader I want with it (or use that of said distribution)? Ideally changing the key would only be possible while a jumper on the board is set.

    If I trust Ubuntu, then my computer would reject the Windows bootloader and vice versa. Isn't that how it should be?

  2. Re:How much of the 'operating system' needs to sig by thegarbz · · Score: 5, Informative

    This smells of the war against terror. There are actually very few pieces of malware out in circulation which rely on rootkits invoked by the bootloader. It's something which we haven't really seen much of since the viruses of the DOS days. I'd rather take my chances with the malware than have the liberties of doing what I want with my computer taken away.

  3. Re:UEFI SecureBoot is a catastrophy by Anonymous Coward · · Score: 5, Informative

    The difference is that you have an iMac that currently does not use the EFI Secureboot features, as I understand it. If you purchase a Windows 8 certified PC, those are the ones that will be requiring the EFI Secure Boot.

    I told my friends & family that I have bought my last Windows PC, shortly after I purchased a Macbook a few years ago...turns out that may have been a good choice...

        I'm not going to encourage PC manufacturers to bow and kowtow to any one software vendors wishes. If I buy my hardware from [insert your favorite PC maker here] and I want to install some oddball software on it, say AROS, or ReactOS, then that is what I should be able to do without having to wage war against EFI or any other "security features" that may prevent me from installing software that I want to use.

    That's a bit of a rant...but things like this that don't make sense to me are hot-button issues with me...

  4. Re:How much of the 'operating system' needs to sig by LordLimecat · · Score: 5, Informative

    This smells of the war against terror. There are actually very few pieces of malware out in circulation which rely on rootkits invoked by the bootloader.

    Whether or not the reasons they gave are bogus, THIS isnt true. There are TONS of rootkits out there that screw with the bootloader, which is why MBRCheck should be a standard part of everyone's rootkit removal kit. If you ever see a machine with a virus, you must assume the bootloader has been tampered with.

    Off the top of my head, Sinowal and TDSS come to mind.