FreeBSD Team Begins Work On Booting On UEFI-Enabled Systems

An anonymous reader writes "The FreeBSD project has begun the process of making it possible for the operating system to run alongside Windows 8 on a computer which has secure boot enabled." Linux distros have taken to using a minimal loader, signed by Microsoft, to enable booting on UEFI systems with secure boot. "Indeed we will likely take the Linux shim loader, put our own key in it, and then ask Microsoft to sign it," says developer Marshall McKusick in the linked IT Wire article. "Since Microsoft will have already vetted the shim loader code, we hope that there will be little trouble getting them to sign our version for us."

Re:Why not promote motherboard manufacturers

[Arker]

It's UEFI, the Unified Extensible Firmware interface. EUFI is ExtraUterine Fetal Incubation. Very different things.

The motherboards they are shipping now have a simple disable. So there is no immediate fear of being unable to run Linux on the things. BUT you have to go in and disable it in BIOS which is just completely over the head of most computer users these days. You dont have to make it impossible to deter most people from using it, just a tiny hurdle will divert the herd.

Right now they are signing the certificates without a problem. But what will they do in a year or five or a decade? Building a business that relies on getting certs signed by MS doesnt seem wise long term. Of course no one thinks long term anymore... a small change in the law here, an easily fabricated incident using a signed bootloader to compromise a business there, and they could easily revoke these keys.

The other problem is that UEFI is actually really cool tech, we dont want to get rid of it. We want to be able to use it. I should be able to install my own key on my own motherboard so it will only load code that I sign personally. Rather than simply trusting MicroSoft or turning off a great security component that I already paid for and theoretically own.