UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions

hypnosec writes "The Linux Foundation's UEFI secure boot pre-bootloader is still in the works, and has been modified substantially so that it allows any Linux version to boot through UEFI secure boot. The reason for modifying the pre-bootloader was that the current version of the loader wouldn't work with Gummiboot, which was designed to boot kernels using BootServices->LoadImage(). Further, the original pre-bootloader had been written using 'PE/Coff link loading to defeat the secure boot checks.' As it stands, anything run by the original pre-bootloader must also be link-loaded to defeat secure boot, and Gummiboot, which is not a link-loader, didn't work in this scenario. This is the reason a re-write of the pre-bootloader was required and now it supports booting of all versions of Linux." Also in UEFI news: Linus Torvalds announced today that the flaw which was bricking some Samsung laptops if booted into Linux has been dealt with.

Re:Microsoft controls compoter booting

[Mike+Frett]

I actually sent a very long and detailed letter the DOJ about this and how it constitutes a violation of the Sherman Act. Not Five (5) minutes after sending I received a generic reply about how Microsoft was not in violation of anything.

With all the E-Mail these people receive and the sheer size of my Letter, there is no way in hell the DOJ read my Letter that fast. What they did was see the word 'Microsoft' and instantly reject it.

Next week my lawyer is cutting me a deal to rewrite my letter and send it by other means to the right people, we'll see what happens then. Of course I have no money to fight anybody in court, but at least I am trying to get a response that isn't generic.

Re:Microsoft controls compoter booting

[EvilIdler]

That could potentially be an article of its own. Hope you post it everywhere :)

Re:Microsoft controls compoter booting

I think you mean if someone manages to fix SSL. The huge number of SSL signing authorities is its biggest weakness IMHO.

Re:Alternatives

[Simon+Brooke]

Mobos are megacheap for what they do because of the numbers of each model that are built; a custom mobo with classic BIOS to specifically support Linux or other open OSes would cost hundreds of bucks per unit produced in limited quantities. At that point a cost-benefit analysis says "pay the damn Microsoft tax already!"

While in practice the pragmatics of the situation are that you are right, in principal I believe that we should be talking to the anti-trust authorities - both sides of the Atlantic - because this is very clear abuse of monopoly. Unless, of course, Microsoft irrevocably commits to authorise any version of any competing operating system for free, in which case the whole point of secure boot has just vanished.

Re:Microsoft controls compoter booting

[ZorinLynx]

Why not allow the owner of the motherboard to sign their own code? This could be done at OS install, then if any malware modifies the code, it won't boot.

Giving control to the manufacturer just sounds wrong.

Samsung didn't follow the standard. Linux did.

[raymorris]

Linux followed the IEFI standard. Samsung did not. Unambiguous foul on samsung.

More specifically, Samsung tried to implement version 2 of the standard and advertised it as version 2, but accidentally left in code which required version 1 behavior. Additionally, if an OS implemented version 2, when Samsung's firmware got confused, it didn't throw the proper error message, but instead returned it's own address to be overwritten. So at least two failures on Samsung's part. Linux simply followed the standard as written.