Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Foundation's Secure Boot Pre-Bootloader Released

Posted by timothy on from the what-about-the-pre-pre-pre-bootloader? dept.

hypnosec writes "The Linux Foundation's UEFI Secure Boot pre-bootloader for independent Linux distros and software developers has finally been released. Announcing the release of the secure boot system James Bottomley noted that the signed pre-bootloader was delivered by Microsoft on February 6th. Bottomley has released two validated files: PreLoader.efi and HashTool.efi. Bottomley has also created a bootable mini-USB image that provides 'an EFI shell where the kernel should be and uses Gummiboot to boot.' Just last week the pre-bootloader had to be rewritten to accommodate booting of all versions of Linux."

11 of 178 comments (clear)

  1. What about *BSD? by ad454 · · Score: 5, Insightful

    This is great news for Linux distributions, and a small victory in the losing battle for openness.

    But in the spirit of openness, hopefully bootloaders for NetBSD, OpenBSD, and FreeBSD will also be eventually signed.

    Everyone should be able to install and run whatever they want on their own computers.

    1. Re:What about *BSD? by Anonymous Coward · · Score: 5, Interesting

      Incidentally.. Microsoft will have two keys. One for Windows, and another for "third party" stuff.

      So they can revoke everyone's software and leave theirs working.

      BTW: Anyone interested in the abuses that UEFI allows should read both the UEFI guidelines and the Microsoft Mandate (the rules they apply to OEMs for Win8 certs, and anyone wanting to have their software signed).

      Microsoft's rules violate several of the guidelines - unsurprisingly those to do with who actually controls the PC.

  2. This is bollocks by Skiron · · Score: 4, Interesting

    All the time Microsoft have control, they will always have control.

    Why don't people LEARN from history from how they operate?

    This will all go horribly wrong, mark my words.

    And I still do not understand how Microsoft get to control this.

    1. Re:This is bollocks by EdZ · · Score: 5, Informative

      And I still do not understand how Microsoft get to control this.

      For anything x86 based; they don't. They expressly require OEMs (and onyone else producing motherboards with a little Windows 8 sticker on the box) to allow the end user to add their own Secure Boot keys, as well as insert Microsoft's key. No end-user modification, no certification.

      So what are various Linux distros getting bootloaders signed by Microsoft? Because they assume users are not competent enough to enter keys manually. Thus, they ask Microsoft (or take advantage of the service Microsoft offers) to sign their bootloader with Microsoft's preloaded key.

    2. Re:This is bollocks by Sarten-X · · Score: 5, Informative

      It's not an issue of "competent". It's an issue of "willing".

      A major source of Linux's desktop growth is the use of live CDs. Just drop in a disk at boot, and you've got yourself a working Linux desktop to play with and perhaps even like. You can see the filesystem's different layout, you can see each application's settings saved to plain old files, and you can see the package manager's simple installation of useful software. Perhaps you can even like it and decide to install. If not, there's no changes to your computer.

      That's all changed now. Now, either you your computer must be prepared for Linux first, through some means of adding a new key. While not really beyond the average user's level of competence, it is beyond their level of ambition just to try "that Linux thing". The longstanding promise of "try it without changing anything" that has fueled trials isn't wholly true any more. Supposedly Windows' bootloader will let you boot unsigned CDs, but I've tried that three times with three failures on known-good disks, so I expect there's something screwey hidden in that route, and that doesn't really solve the problem of booting once the installation's complete.

      To make matters worse, there's no standard mechanism for adding the boot key. One option is an BIOS-based tool, which with come with the typical polish of a motherboard manufacturer we've had on BIOS setups for years. Expect a keyboard-based menu with unique brand-specific names. Another option that might be viable in the future is a Windows tool to add a key, which will inspire Windows to raise scary warnings about compromising security and never starting again, which will do wonders for the user's confidence.

      Microsoft surely knows that Secure Boot won't affect savvy nerds from converting to Linux. They also surely know that Linux is still growing organically, relying on word-of-mouth and firsthand try-before-you-buy experience. By requiring Secure Boot to be user-modifiable, they've thrown a roadblock in the path for Linux's growth, without looking like they're being blatantly nasty. They can keep exaggerating the threat of bootloader rootkits to justify locking everybody out, then point to the key-adding ability to dispel accusations of abusing their monopoly.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    3. Re:This is bollocks by EdZ · · Score: 4, Informative
      From the horse's mouth itself (the Windows 8 certification guidelines, specifically System.Fundamentals.Firmware.UEFISecureBoot para.17):

      Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following: It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.

      Separately (Para.18):

      Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv.

  3. Great! Now let's boycott it. by UltraZelda64 · · Score: 4, Insightful

    Seriously, when Microsoft is paid for the key and they own the key into our computers, we've lost. Simple solution: Avoid ARM-based machines as long as Microsoft requires that no way exists to disable Secure Boot. By buying into this shit, we're just setting ourselves up to be fucked in the ass by Microsoft. I can't say anything good about the Linux Foundation for playing ball with these assholes either. Pre-bootloader, my ass--more like pre-pre-boot-extra-complexity-nightmare, thanks to Microsoft. Having to use this would be a disgrace; that alone should be enough to get people to buy more compatible hardware (but won't be).

  4. Enough is enough by benjymouse · · Score: 4, Insightful

    Microsoft surely knows that Secure Boot won't affect savvy nerds from converting to Linux. They also surely know that Linux is still growing organically, relying on word-of-mouth and firsthand try-before-you-buy experience.

    You are seriously delusional. "Converting" to Linux is not, has never been and will never become a threat to Microsoft. Right now Microsoft is pressured on other fronts, such as desktop PC losing relevance, not being on the boat on mobile and not competing effectively in the tablet game.

    You are trying to wage last decades battle. Microsoft does not feel threatened by Linux on the desktop *at* *all*. Get real. The threats to Microsoft do not come from conversions in the x86 space, the come from vertical players and mobile, like Chromebooks, tablets, smartphones.

    Note how *all* of these emerging platforms have more restricted app models, and especially *boot* models. Microsoft is simply evolving their primary platform to match the features and security (from closed and semi-closed gardens) of the threatening platforms.

    The threat to Microsofts desktop business is *not* Linux. Even though Linux has evolved in that space and on the surface appears to be able to go head-to-head, Microsoft Windows is still *much* more mature than any desktop Linux. Consider for instance group policies, restart manager, volume shadow service, various troubleshooting guides, shims for both application and device compatibility etc. The real threat is that the desktop become irrelevant.

    If the desktop is perceived as less secure than an online counterpart, Microsoft will be losing. They *need* to ensure secure boot. It is not a anti-Linux move at all. You are flattering yourself. And being stupid.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
    1. Re:Enough is enough by Anonymous Coward · · Score: 4, Informative

      I agree with most of your points, however I feel Microsoft is its own biggest threat. Them fucking around with all sorts of shit in Windows is going to drive people away. I number of changes since WinXP have irritated me, but I have stuck with Windows until now.

      I recently bought a new laptop (Lenovo x230). I upgraded the storage myself - to use an mSATA SSD for the operating systems. After spending hours trying to get Win8 installed (no OS DVD provided) I gave up, it was the last straw. The UEFI stuff was a pain in the ass, but managed to get Arch Linux up and running comapartively easily.

      I have been tinkering with Linux for a number of years, but it finally took Windows 8 to drive me to Linux full time & I couldn't be happier. This is the first computer I have owned without Windows installed on any partition - it was nerve-wracking at first, but now wish I had made the move sooner.

    2. Re:Enough is enough by nzac · · Score: 4, Informative

      Consider for instance group policies, restart manager, volume shadow service, various troubleshooting guides, shims for both application and device compatibility

      I don't think Linux has a nice "clicky" interface to any of these things but to suggest that it does not have solid equivalents to the first 3 (the rest appear to assume Linux has the same problems as Windows).
      Group polices are probably difficult to fully replicate on Linux but its due to flaws in windows that it even needs a restart manager. Maybe SSV is more permission friendly than LVM also.
      You are just another windows user who assumes that a proper OS should function the same Windows. There are better lists than this for things Linux is missing on the desktop but the one is the lack of third party applications.

  5. Re:only by SuricouRaven · · Score: 4, Interesting

    True. Except that it can be used to bypass secure boot:
    1. Boot secure OS.
    2. Hack it, get root.
    3. Write hibernate image to the drive containing your hacked kernel, which includes disabling of the code to delete the image after use.
    4. Trigger reboot.
    5. Pwnage.

    It'd take some very impressive skill to do that - it isn't something you could just make a script-kiddie toolbox for. The only way to prevent this is for the kernel to use TPM hardware to sign the boot image. As this isn't yet an option, it's debated if Secure Boot linux should also disable hibernation, in order to be strictly compliant, even though it introduces much user annoyance to provide protection against an attack that would be near-impossible for even the best hacker to pull off.