UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions

← Back to Stories (view on slashdot.org)

UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions

Posted by timothy on Friday February 1, 2013 @07:52PM from the next-level-reached dept.

hypnosec writes "The Linux Foundation's UEFI secure boot pre-bootloader is still in the works, and has been modified substantially so that it allows any Linux version to boot through UEFI secure boot. The reason for modifying the pre-bootloader was that the current version of the loader wouldn't work with Gummiboot, which was designed to boot kernels using BootServices->LoadImage(). Further, the original pre-bootloader had been written using 'PE/Coff link loading to defeat the secure boot checks.' As it stands, anything run by the original pre-bootloader must also be link-loaded to defeat secure boot, and Gummiboot, which is not a link-loader, didn't work in this scenario. This is the reason a re-write of the pre-bootloader was required and now it supports booting of all versions of Linux." Also in UEFI news: Linus Torvalds announced today that the flaw which was bricking some Samsung laptops if booted into Linux has been dealt with.

11 of 185 comments (clear)

Min score:

Reason:

Sort:

Microsoft controls compoter booting by ozmanjusri · 2013-02-01 20:03 · Score: 5, Insightful

The redesigned bootloader has already been submitted to Microsoft for singing and once the signed version is received, The Linux Foundation is planning to provide it for free.
Why in hell did the world give Microsoft control over computer bootup hardware?
That's just insane.

--
"I've got more toys than Teruhisa Kitahara."
1. Re:Microsoft controls compoter booting by Xipher · 2013-02-01 20:14 · Score: 5, Insightful
  
  The alternative is to try and get every motherboard manufacturer to accept a singing key from them. Having Microsoft sign it means they don't have to deal with that headache.
  
  --
  I don't know everything.
2. Re:Microsoft controls compoter booting by fph+il+quozientatore · 2013-02-01 20:16 · Score: 4, Insightful
  
  Why in hell did the world give Microsoft control over computer bootup hardware? That's just insane.
  I am curious - with a huge SSL signing and authorities infrastructure in place, why did no one ever think to use it? That's probably horribly broken in many other ways, but at least it will only take one solution to solve both problems, when someone manages to fix SSL.
  
  --
  My first program:
  Hell Segmentation fault
3. Re:Microsoft controls compoter booting by SuricouRaven · 2013-02-01 20:33 · Score: 5, Insightful
  
  Because Microsoft demanded OEMs give it that control, or else lose their access to dirt-cheap OEM windows licenses. As it is impossible to sell a computer without Windows outside of a very small niche - most users don't even know what an OS is - that gives Microsoft such bargaining power that when they demand, OEMs have no choice but to comply.
4. Re:Microsoft controls compoter booting by Bob9113 · 2013-02-01 20:48 · Score: 4, Insightful
  
  Why in hell did the world give Microsoft control over computer bootup hardware?
  Because our government leaders voted that the risk of allowing corporations to inhibit competition was less threatening than the risk of allowing the government to regulate such behavior. It reflects the laissez-faire notion that corrupt elected officials are more dangerous than corrupt corporate executives. Though, in practice, our lax policy regarding such anti-free-market behavior is the result of corrupt corporate executives financing corrupt elected officials.
  
  --
  Stop-Prism.org: Opt Out of Surveillance
5. Re:Microsoft controls compoter booting by Patch86 · 2013-02-01 21:45 · Score: 3, Insightful
  
  If he was wrong, it would be nice if they could respond to each point he raised and tell him why he was wrong. Getting a reply which says "trust us, don't worry about it" is always going to be unsatisfying.
6. Re:Microsoft controls compoter booting by KingMotley · 2013-02-01 22:06 · Score: 1, Insightful
  
  If he wants to find out why he is wrong, perhaps he should be consulting with a lawyer. No offense, but I don't want to pay for a DOJ that staffs an extra 2,000 people just so that they can read every piece of email that comes in, and respond back with a detailed analysis of all the legal mistakes made.
  They are doing exactly what they should be doing. They group up emails that pertains to specific subjects then determine which ones they need to look into based on the number of people affected, the seriousness of the accusations, and the realistic ability to make a case. Apparently in this case, the DOJ has already looked at the issue, from some of the most informed lawyers in the country and have determined that they haven't violated any laws. Along comes Mr. Anonymous, and writes a big ass letter. Do they really need to read every point he tried to make when it most likely boils down to one legal mistake after another?
  I haven't read Mr. Fretts letter, but I can only imagine it goes something like:
  Dear DOJ,
  Microsoft is evil and they broke a bunch of laws including the Sherman one. As you well know, they don't have anyone named Sherman, so they are in clear violation and need to be fined, disbanded, all their source code made public domain, and all assets sold off and dived up between all the people running linux because I'm butt hurt.
  {insert 3 more pages about there being no one named Sherman}
  Thank you,
  Mr. Fretts.
7. Re:Microsoft controls compoter booting by martin-boundary · 2013-02-01 23:40 · Score: 4, Insightful
  
  No offense, but I don't want to pay for a DOJ that staffs an extra 2,000 people just so that they can read every piece of email that comes in, and respond back with a detailed analysis of all the legal mistakes made.
  
  I'd prefer they waste their money on that, than use it to prosecute hackers who copy science papers. The money, once in the budget, will be spent regardless. If it _won't_ be spent on serving the public, it _will_ get spent on selfish career making schemes.
8. Re:Microsoft controls compoter booting by exomondo · 2013-02-02 00:01 · Score: 3, Insightful
  
  The alternative is to try and get every motherboard manufacturer to accept a singing key from them. Having Microsoft sign it means they don't have to deal with that headache.
  Or to not use secureboot motherboards or just turn secureboot off and continue on as we do now, hell if you really wanted to use windows 8 you still could, it doesn't need secureboot either, it doesn't even need UEFI.
Alternatives by fyngyrz · 2013-02-01 21:10 · Score: 5, Insightful

Well, actually, another alternative is for motherboard manufacturers to continue to make motherboards that boot the same way as they have for some time. So older, fully functional operating systems can continue to boot.
Of course, this would allow us to continue to use those fully functional OSs, and remove a goodly portion of the incentive to upgrade... so one might, if one were cynical, imagine that there is a corporate motive at work here.

--
I've fallen off your lawn, and I can't get up.
Re:Then why UEFI by Anonymous Coward · 2013-02-01 21:56 · Score: 1, Insightful

Only if user can set the keys, not MS / NSA.