Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Foundation Offers Solution for UEFI Secure Boot

Posted by Soulskill on from the sidestep-and-ignore dept.

Ever since news broke last year that Microsoft would require Windows 8 machines to have UEFI secure boot enabled, there were concerns that it would be used to block the installation of other operating systems, such as Linux distributions. Now, reader dgharmon sends this quote from Ars Technica about a new defense against that outcome: "The Linux Foundation has announced plans to provide a general purpose solution suitable for use by Linux and other non-Microsoft operating systems. The group has produced a minimal bootloader that won't boot any operating system directly. Instead, it will transfer control to any other bootloader — signed or unsigned — so that can boot an operating system." The announcement adds, "The pre-bootloader will employ a 'present user'; test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems. This pre-bootloader can be used either to boot a CD/DVD installer or LiveCD distribution or even boot an installed operating system in secure mode for any distribution that chooses to use it."

4 of 308 comments (clear)

  1. So why even bother with secure boot by Anonymous Coward · · Score: 5, Insightful

    As per subject

    1. Re:So why even bother with secure boot by bmo · · Score: 5, Insightful

      Because secure boot has never been about securely booting.

      --
      BMO

    2. Re:So why even bother with secure boot by Cajun+Hell · · Score: 5, Insightful

      Take it easy dude. Let's try to remember what this whole thing is for.

      For all the bitching about secureboot, all currently known (yes, this can change) x86 machines which come with it, allow the user to turn it off. Remember the last 4 times you bought a new computer and, in fact, did diddle with stuff in the firmware, maybe to at least check the timings on your expensive Mushkin memory or whatever? Well, then, this whole article and the software it describes, isn't about you because you're going to turn off secure boot, making every aspect fo this boot loader irrelevant. You won't care about pressing enter, because you won't have to press enter.

      This is for users who won't do that. This is for people who are dumber or lazier than your grandma's ditzy bridge partner, for which we do not expect them to follow any directions or do anything "extra" prior to using their computer. They're not installing headless servers. They're not "picky" except in the sense that they don't want to have to read or understand anything longer than one sentence. They can, and will, press enter.

      The people who are opinionated enough to be "pretty fucking pissed" about pressing enter, will also tend to care enough to do what is needed in order to make pressing enter become unnecessary.

      If there are any people left who become furious about pressing enter, but also feel entitled enough to refuse to turn off secureboot, but also feel entitled enough to refuse to install some other secureboot loader, those people can and should go fuck themselves. Or they can go buy a Mac. Or they can boot Windows, and (think about it) they will never notice that they're not running Linux. Just lie to them and tell them Windows 8 is Linux, and they will believe you, and the lie will never have any consequences because behind the blank smile they gave you when you lied, they already forgot what you said.

      --
      "Believe me!" -- Donald Trump
  2. The solution is simple by Anonymous Coward · · Score: 5, Insightful

    The solution is simple. Simply do not purchase ANY computer that requires secure boot, or does not allow you do disable it!

    Personally, I think this is a "feature" that is going to come back and bite MS in the derriere.. At least I hope so! :-)