Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD Team Begins Work On Booting On UEFI-Enabled Systems

Posted by timothy on from the is-a-shim-a-shame? dept.

An anonymous reader writes "The FreeBSD project has begun the process of making it possible for the operating system to run alongside Windows 8 on a computer which has secure boot enabled." Linux distros have taken to using a minimal loader, signed by Microsoft, to enable booting on UEFI systems with secure boot. "Indeed we will likely take the Linux shim loader, put our own key in it, and then ask Microsoft to sign it," says developer Marshall McKusick in the linked IT Wire article. "Since Microsoft will have already vetted the shim loader code, we hope that there will be little trouble getting them to sign our version for us."

4 of 248 comments (clear)

  1. Re:Well I'll be... by icebike · · Score: 4, Informative

    No it defeats no point, and Microsoft is free to accept or deny just about anything. Properly implemented secure boot increases your security by letting you decide what the machine should boot and prevent it from booting unknown or potentially malware infected operating system. That is a good feature. It has nothing to do with preventing competition.

    Deciding that one, and only one company can sign shims, can't be considered anything but anticompetitive.

    Then, forcing that company to sign boot shims from Linux and FreeBsd to avoid illegal restraint of trade charges, pretty well eliminates any benefit the plan might have had. Is Microsoft going to sign every backroom version of Linux and every clone of FreeBsd, ot did the just pare down the competition teo a few major distros?

    --
    Sig Battery depleted. Reverting to safe mode.
  2. Re:Hmm... by rmdashrf · · Score: 5, Informative

    And that attack vector can completely be negated by having the BIOS read-only by default, while only enabling updates when the user toggles a physical switch when the BIOS needs an update.

    --
    Nihil in publicum sputa.
  3. Re:Why not promote motherboard manufacturers by SuricouRaven · · Score: 4, Informative

    Just to clarify: UEFI is not the problem. It's just a replacement for the old BIOS system which addresses the decades of accumulated legacy bodging that is the PC. Secure Boot is a feature that UEFI enables. You can have UEFI without Secure Boot.

  4. Re:Why not promote motherboard manufacturers by petermgreen · · Score: 4, Informative

    There is no reason that a traditional PC BIOS can't boot a 3TB drive. The bios just reads the first sector of the drive and runs the code, it doesn't need to care what type of partition table is used. So the 2TB limit of the DOS style partition table is irrelevent to the first stage of booting a PC. AIUI grub2 has no problems being booted by a traditional PC bios and then going on to read a GPT partition table and load linux from it.

    The inability to boot windows on a 3TB GPT drive with a traditional PC bios is entirely microsoft's fault.

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register