Slashdot Mirror

← Back to Stories (view on slashdot.org)

Systemd Getting UEFI Boot Loader

Posted by Soulskill on from the one-module-among-many dept.

New submitter mrons writes: Many new features are coming for systemd. This includes the ability to do a full secure boot. As Lennart Poettering mentions in a Google+ comment: "This is really just about providing the tools to implement the full trust chain from the firmware to the host OS, if SecureBoot is available. ... Of course, if you don't have EFI SecureBoot, than nothing changes. Also if you turn it off, than nothing changes either. [sic]" Phoronix notes, "Gummiboot is a simple UEFI boot manager that's been around for a few years but only receives new work from time-to-time. Lennart and Kay Sievers are looking at adding Gummiboot to systemd to complete the safety chain of the boot process with UEFI Secure Boot. Systemd will communicate with this UEFI boot loader to ensure the system didn't boot into a compromised state."

2 of 471 comments (clear)

  1. Re:My FreeBSD Report: Four Months In by koinu · · Score: 5, Informative

    FreeBSD user here since over a decade. Welcome.

    You haven't seen FreeBSD crash? It only means that you haven't seen enough, yet. FreeBSD is a great system and I recommend it to everyone who can manage it, but you don't need to mention stability as a feature, because it is not the highlight about FreeBSD. You don't install a system and watch how stable it is, but how useful it is (for you and your special requirements).

    The best thing about FreeBSD are the FreeBSD Ports and how much commitment there is to make every possible application work on the system. You have basically far more possibilities and options than on Linux distributions thanks to the great job they are doing on this system.

    A second point is that it is easier to feel comfortable on the system, because the whole thing is consistent and easy to understand, provided you take some time and learn about the concepts.

  2. Re:My FreeBSD Report: Four Months In by kthreadd · · Score: 5, Informative

    That's the problem. There isn't a stable release with systemd.

    Fedora has so far released six stable releases with systemd, and Red Hat shipped their first stable release with systemd last summer.

    The code isn't audited, nor has it seen actual production testing. It was just foisted on the end users without any transition period, possibly breaking every single app that uses the init.d mechanism for starting and control.

    It has been shipping in Fedora for the past four years, and in RHEL since last summer. If that's not production testing then what is?

    To boot, with systemd's ability to listen on the network, it has a good chance of becoming a massive remote root exploit in the waiting. Does it have any internal security? We can cross fingers that this large blob of new code does more harm than good, but all it takes is one glitch, and it would mean havoc worse than the RTM worm on the UNIX side ages ago, or the Windows worms in the early 2000s.

    Inetd has been doing that for years. It has since moved to a different project. Big deal?