Slashdot Mirror

← Back to Stories (view on slashdot.org)

UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions

Posted by timothy on from the next-level-reached dept.

hypnosec writes "The Linux Foundation's UEFI secure boot pre-bootloader is still in the works, and has been modified substantially so that it allows any Linux version to boot through UEFI secure boot. The reason for modifying the pre-bootloader was that the current version of the loader wouldn't work with Gummiboot, which was designed to boot kernels using BootServices->LoadImage(). Further, the original pre-bootloader had been written using 'PE/Coff link loading to defeat the secure boot checks.' As it stands, anything run by the original pre-bootloader must also be link-loaded to defeat secure boot, and Gummiboot, which is not a link-loader, didn't work in this scenario. This is the reason a re-write of the pre-bootloader was required and now it supports booting of all versions of Linux." Also in UEFI news: Linus Torvalds announced today that the flaw which was bricking some Samsung laptops if booted into Linux has been dealt with.

12 of 185 comments (clear)

  1. Microsoft controls compoter booting by ozmanjusri · · Score: 5, Insightful

    The redesigned bootloader has already been submitted to Microsoft for singing and once the signed version is received, The Linux Foundation is planning to provide it for free.

    Why in hell did the world give Microsoft control over computer bootup hardware?

    That's just insane.

    --
    "I've got more toys than Teruhisa Kitahara."
    1. Re:Microsoft controls compoter booting by Xipher · · Score: 5, Insightful

      The alternative is to try and get every motherboard manufacturer to accept a singing key from them. Having Microsoft sign it means they don't have to deal with that headache.

      --
      I don't know everything.
    2. Re:Microsoft controls compoter booting by SuricouRaven · · Score: 5, Insightful

      Because Microsoft demanded OEMs give it that control, or else lose their access to dirt-cheap OEM windows licenses. As it is impossible to sell a computer without Windows outside of a very small niche - most users don't even know what an OS is - that gives Microsoft such bargaining power that when they demand, OEMs have no choice but to comply.

    3. Re:Microsoft controls compoter booting by Zemran · · Score: 5, Funny

      I love the idea of singing motherboards :-) it would be much better than this stupid idea that is being forced on us in order to make more money for M$...

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    4. Re:Microsoft controls compoter booting by Mike+Frett · · Score: 5, Interesting

      I actually sent a very long and detailed letter the DOJ about this and how it constitutes a violation of the Sherman Act. Not Five (5) minutes after sending I received a generic reply about how Microsoft was not in violation of anything.

      With all the E-Mail these people receive and the sheer size of my Letter, there is no way in hell the DOJ read my Letter that fast. What they did was see the word 'Microsoft' and instantly reject it.

      Next week my lawyer is cutting me a deal to rewrite my letter and send it by other means to the right people, we'll see what happens then. Of course I have no money to fight anybody in court, but at least I am trying to get a response that isn't generic.

    5. Re:Microsoft controls compoter booting by EvilIdler · · Score: 5, Interesting

      That could potentially be an article of its own. Hope you post it everywhere :)

    6. Re:Microsoft controls compoter booting by Anonymous Coward · · Score: 5, Funny

      It'd be loads more fun to troubleshoot as well.

      fur elise - bad ram check
      oh fortuna - check video card

      etc etc.

      Much easier than beep codes and instills a bit of culture too.

    7. Re:Microsoft controls compoter booting by ami.one · · Score: 5, Funny

      Reminds of the old days when a linux kernel compile would take 6 hours and we were trying some modifications for VIA hardware which required hundreds of tries with minor changes in the driver codes - so we would start the compile with a script to play two different types of music on Error or Success, and then go to sleep.

      If in the middle of the night it was dire straits then we would get up and debug/fix the errors and start a compile again; if it was some soothing instrumental we would continue sleeping knowing that its compiled.

    8. Re:Microsoft controls compoter booting by Anonymous Coward · · Score: 5, Funny

      Standard boot message:
      "Is this the real life?
      Is this just fantasy?
      Caught in a landslide
      No escape from reality..."

      Oh so many lines from that song would make great kernel error messages.

  2. Alternatives by fyngyrz · · Score: 5, Insightful

    Well, actually, another alternative is for motherboard manufacturers to continue to make motherboards that boot the same way as they have for some time. So older, fully functional operating systems can continue to boot.

    Of course, this would allow us to continue to use those fully functional OSs, and remove a goodly portion of the incentive to upgrade... so one might, if one were cynical, imagine that there is a corporate motive at work here.

    --
    I've fallen off your lawn, and I can't get up.
  3. Re:Isn't this, "also Linux works round Samsung bug by ProfMobius · · Score: 5, Informative
    Agreed. From http://www.jakobheinemann.de/en/blog.html :

    The implementation in Samsungs UEFI shows some weird behavior. Error code EFI_INVALID_PARAMETER should only be returned, if one of the given pointers to variables is NULL and pointing to an invalid memory section. Samsungs implementation also throughs this error, if the given memory blocksize is not exactly 128 bytes, so for example (like the Linux-efivars module does) 1024 bytes. The Linux module does not expect the strange error code (it checks for NULL pointers itself) and does not report any UEFI variables, no boot entries, no nothing. The installer accepts that and installs the Linux boot entry into the first slot, where actually the boot entry for the setup is located - overwriting that entry! Setup is dead since Linux took its boot entry.

    It does look like the Samsung implementation is doing weird things and Linux is doing weird things in return because it is expecting it to follow standards...

    --
    EULA : By reading the above message, you agree that I now own your soul.
  4. Nothing Has Been Fixed With Samsung Laptops by segedunum · · Score: 5, Informative

    I don't know where people get that idea from. If you read the kernel people are just disabling the driver because the code is so utterly retarded. Samsung haven't done shit about it as is typical for Samsung.