Matthew Garrett Makes Available Secure Bootloader For Linux Distros

TrueSatan writes "Matthew Garrett, formerly of Red Hat, is providing a shim bootloader that will allow installation/booting of secure boot enabled computers. The shim is designed to chain boot GRUB (Grand Universal Bootloader) without the need for a distribution to obtain a key from Microsoft. Garrett asks that further contacts regarding the shim be made to him and not to Red Hat as he no longer works there and they may not have knowledge of the product."

Yay!

[wgoodman]

I'm really proud of him and I really hope that there is no ensuing lawsuit for violating some sort of propitiatory BS.

Re:Yay!

He violated nothing. The better question to ask is "who the hell does MS think it is?" They don't and cannot control the HW manufacturers. Nothing stops independent HW dealers in Asia or wherever from selling directly to consumers. Look at Google, Amazon, and other large companies. They design and buy their HW direct from the manufacturer, cutting out the middle man. Cutting out the middle man is ALWAYS the right thing to do. No one is entitled to a profit. No one has the right to demand I buy from them and their overly-capitalist markup system. Screw all that.

I am going to start looking into buying from the source, even as a consumer. I have the right to buy from the source just like a company. I'm tired of dealing with the MS tax on computers. MS was and is a monopoly. I have used Linux as my home desktop/laptop system since 1998 and now this is happening. Screw any and all who would attempt to even try and dictate my actions with HW I've paid money for.

Re:Yay!

[TheRealGrogan]

Here's what's funny. The chainloaded "Grub" boot loader is actually circumventing the secure boot, because it has its own "OS kernel-like" functionality until it passes control over to the kernel components that it's booting. Grub was used to circumvent Microsoft's DRM, and now it will be used to circumvent their secure boot nonsense. I love it.

Grub is way more complex, knowledgeable (figuratively speaking... it's got high level filesystem drivers etc.) and functional than any bootloader Microsoft would envision. They'll be crying foul. Not only will this be used to boot Linux, but it will also allow booting any other OS without signing.

Re:Fuck secure boot.

[bmo]

If you could generate a self-signed key for free, then I would have less of a problem with this.

But to get a key, you have to pay a notary and prostrate yourself before Microsoft and get their blessing, for 99 bucks. It's a tax on kernel builders and hobbyists who compile their own kernels with experimental patches - a tax on progress for BSD, Linux, Haiku, everyone who isn't Microsoft. It's also a hoop to jump through deliberately engineered to scare the less informed and to make it inconveniient to use a different OS for end users.

It doesn't protect end users one bit, because boot loading malware is scarce these days since it's just easier to attack the user with his own permissions, never bothering to escalate from userspace to kernel space. Because it's "good enough." There are enough dumb users out there that will click on anything to get a purple cow for Farmville that engineering a boot hijacker is too much like work for the botnet herder. Basically because there is no antivirus out there that can protect a computer from Layer 8 dumbassery.

It's a tax, an inconvenience, and it does absolutely nothing in reality to protect the end user.

Yet you see no problem with this.

--
BMO

Re:Kudos

[cheesybagel]

The Microsoft key comes pre-loaded with every BIOS. Try installing your own key in the UEFI boot key store and see how easy that is. Microsoft users just pop in a DVD and install. Linux users can't do that.

Re:Do not disagree with Garrett

Why does it matter? Because it could ruin your reputation, even wreck your career?
http://www.itwire.com/business-it-news/open-source/57290-garrett-slams-tso-as-rape-apologist

Garrett is scum.