UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions

← Back to Stories (view on slashdot.org)

UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions

Posted by timothy on Friday February 1, 2013 @07:52PM from the next-level-reached dept.

hypnosec writes "The Linux Foundation's UEFI secure boot pre-bootloader is still in the works, and has been modified substantially so that it allows any Linux version to boot through UEFI secure boot. The reason for modifying the pre-bootloader was that the current version of the loader wouldn't work with Gummiboot, which was designed to boot kernels using BootServices->LoadImage(). Further, the original pre-bootloader had been written using 'PE/Coff link loading to defeat the secure boot checks.' As it stands, anything run by the original pre-bootloader must also be link-loaded to defeat secure boot, and Gummiboot, which is not a link-loader, didn't work in this scenario. This is the reason a re-write of the pre-bootloader was required and now it supports booting of all versions of Linux." Also in UEFI news: Linus Torvalds announced today that the flaw which was bricking some Samsung laptops if booted into Linux has been dealt with.

3 of 185 comments (clear)

Min score:

Reason:

Sort:

Re:Isn't this, "also Linux works round Samsung bug by ProfMobius · 2013-02-01 21:35 · Score: 5, Informative

Agreed. From http://www.jakobheinemann.de/en/blog.html :

The implementation in Samsungs UEFI shows some weird behavior. Error code EFI_INVALID_PARAMETER should only be returned, if one of the given pointers to variables is NULL and pointing to an invalid memory section. Samsungs implementation also throughs this error, if the given memory blocksize is not exactly 128 bytes, so for example (like the Linux-efivars module does) 1024 bytes. The Linux module does not expect the strange error code (it checks for NULL pointers itself) and does not report any UEFI variables, no boot entries, no nothing. The installer accepts that and installs the Linux boot entry into the first slot, where actually the boot entry for the setup is located - overwriting that entry! Setup is dead since Linux took its boot entry.
It does look like the Samsung implementation is doing weird things and Linux is doing weird things in return because it is expecting it to follow standards...

--
EULA : By reading the above message, you agree that I now own your soul.
Re:Alternatives by Anonymous Coward · 2013-02-01 23:34 · Score: 4, Informative

Which they do. Every motherboard out there can have its secure boot disabled by the user, in addition they should all accept custom keys.
Nothing Has Been Fixed With Samsung Laptops by segedunum · 2013-02-02 00:16 · Score: 5, Informative

I don't know where people get that idea from. If you read the kernel people are just disabling the driver because the code is so utterly retarded. Samsung haven't done shit about it as is typical for Samsung.