Slashdot Mirror

← Back to Stories (view on slashdot.org)

Systemd Getting UEFI Boot Loader

Posted by Soulskill on from the one-module-among-many dept.

New submitter mrons writes: Many new features are coming for systemd. This includes the ability to do a full secure boot. As Lennart Poettering mentions in a Google+ comment: "This is really just about providing the tools to implement the full trust chain from the firmware to the host OS, if SecureBoot is available. ... Of course, if you don't have EFI SecureBoot, than nothing changes. Also if you turn it off, than nothing changes either. [sic]" Phoronix notes, "Gummiboot is a simple UEFI boot manager that's been around for a few years but only receives new work from time-to-time. Lennart and Kay Sievers are looking at adding Gummiboot to systemd to complete the safety chain of the boot process with UEFI Secure Boot. Systemd will communicate with this UEFI boot loader to ensure the system didn't boot into a compromised state."

32 of 471 comments (clear)

  1. tl;dr by fisted · · Score: 5, Funny

    Many features
    In the bloat
    Off to FreeBSD
    In a safety boat
    burma shave

    --
    CLI paste? paste.pr0.tips!
    1. Re: tl;dr by armanox · · Score: 5, Insightful

      I think the bigger complaint is that it's being added to systemd, not that it exists (Note that GRUB can already be used with secure boot). Lennart Poettering is pretty disliked for his abandonment of UNIX principles (the biggest one being portability), and somehow his software becomes the de facto standard in the Linux world, long before it is ready (PulseAudio anyone)? He creates issues and fractures the community, and then blames everyone else for the problems.

      --
      I'm starting to think GNU is the problem with "GNU/Linux" these days.
  2. Re:Makes sense by halivar · · Score: 4, Funny

    Just wait. One of these days I expect to read, "Systemd to get Emacs editor."

  3. Monopolist practices by Blaskowicz · · Score: 4, Funny

    This is an evil ploy to prevent freedom-seeking users from trying Windows 10 alongside Systemd OS.

  4. My FreeBSD Report: Four Months In by Anonymous Coward · · Score: 4, Interesting

    Just over four months ago, I updated my Debian testing workstation. To keep a long story short, systemd was installed, and my workstation basically got trashed. It no longer booted properly, and none of my attempts to fix it worked. I used a livecd to perform one final backup.

    I proceeded to install FreeBSD 10. In hindsight, I wish I had done this years ago. FreeBSD has worked almost perfectly for me. The installation was fast and actually quite simple. All of the open source software I used to use under Debian is available and easily installed. ZFS is amazing. My system feels faster than it ever did before. It has yet to crash even once, unlike Debian and Linux, where I'd get a kernel panic around once a month. The upgrade to FreeBSD 10.1 went very smoothly, with almost no effort on my part.

    I used to be disturbed by the recent degradation of the Debian project. But now I no longer care. Since moving to FreeBSD, I have no need for Debian. Debian is basically dead to me now. If it dies as a project, I don't care. FreeBSD does everything I need, and it does it better than Debian and Linux ever did.

    Good riddance, Debian. Good riddance, Linux. Good riddance, systemd. All of them are failures compared to FreeBSD.

    1. Re:My FreeBSD Report: Four Months In by kthreadd · · Score: 4, Insightful

      Just over four months ago, I updated my Debian testing workstation. To keep a long story short, systemd was installed, and my workstation basically got trashed. It no longer booted properly, and none of my attempts to fix it worked. I used a livecd to perform one final backup.

      Have you tried it on a stable OS release that has systemd? I assume you know that testing is a development branch and is supposed to break, otherwise it would be called stable. Fedora has been using it for years now and it has been fine.

    2. Re:My FreeBSD Report: Four Months In by donaldm · · Score: 5, Interesting

      Just over four months ago, I updated my Debian testing workstation. To keep a long story short, systemd was installed, and my workstation basically got trashed. It no longer booted properly, and none of my attempts to fix it worked. I used a livecd to perform one final backup.

      Have you tried it on a stable OS release that has systemd? I assume you know that testing is a development branch and is supposed to break, otherwise it would be called stable. Fedora has been using it for years now and it has been fine.

      I concur, I have been using Fedora for quite a few years and have never had a problem with systemd. I unfortunately think our words are totally wasted on the haters though .

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
    3. Re:My FreeBSD Report: Four Months In by koinu · · Score: 5, Informative

      FreeBSD user here since over a decade. Welcome.

      You haven't seen FreeBSD crash? It only means that you haven't seen enough, yet. FreeBSD is a great system and I recommend it to everyone who can manage it, but you don't need to mention stability as a feature, because it is not the highlight about FreeBSD. You don't install a system and watch how stable it is, but how useful it is (for you and your special requirements).

      The best thing about FreeBSD are the FreeBSD Ports and how much commitment there is to make every possible application work on the system. You have basically far more possibilities and options than on Linux distributions thanks to the great job they are doing on this system.

      A second point is that it is easier to feel comfortable on the system, because the whole thing is consistent and easy to understand, provided you take some time and learn about the concepts.

    4. Re:My FreeBSD Report: Four Months In by RabidReindeer · · Score: 4, Funny

      Fedora has been using it for years now and it has been fine.

      Mostly fine.

    5. Re:My FreeBSD Report: Four Months In by Anonymous Coward · · Score: 4, Insightful

      That's the problem. There isn't a stable release with systemd. The code isn't audited, nor has it seen actual production testing. It was just foisted on the end users without any transition period, possibly breaking every single app that uses the init.d mechanism for starting and control.

      To boot, with systemd's ability to listen on the network, it has a good chance of becoming a massive remote root exploit in the waiting. Does it have any internal security? We can cross fingers that this large blob of new code does more harm than good, but all it takes is one glitch, and it would mean havoc worse than the RTM worm on the UNIX side ages ago, or the Windows worms in the early 2000s.

    6. Re:My FreeBSD Report: Four Months In by ruir · · Score: 4, Insightful

      Are you being dense in purpose? The problem is not learning something new, is imposing a political decision down your throat, and letting the cornerstone of open source, choice, out of the equation. Even in my testing servers where sysv was installed, an upgrade was forced to systemd breaking my corporate setup rules and my configurations. What the hell is that?

    7. Re:My FreeBSD Report: Four Months In by kthreadd · · Score: 5, Informative

      That's the problem. There isn't a stable release with systemd.

      Fedora has so far released six stable releases with systemd, and Red Hat shipped their first stable release with systemd last summer.

      The code isn't audited, nor has it seen actual production testing. It was just foisted on the end users without any transition period, possibly breaking every single app that uses the init.d mechanism for starting and control.

      It has been shipping in Fedora for the past four years, and in RHEL since last summer. If that's not production testing then what is?

      To boot, with systemd's ability to listen on the network, it has a good chance of becoming a massive remote root exploit in the waiting. Does it have any internal security? We can cross fingers that this large blob of new code does more harm than good, but all it takes is one glitch, and it would mean havoc worse than the RTM worm on the UNIX side ages ago, or the Windows worms in the early 2000s.

      Inetd has been doing that for years. It has since moved to a different project. Big deal?

    8. Re:My FreeBSD Report: Four Months In by Anonymous Coward · · Score: 4, Funny

      Does it have any internal security?

      It has UEFI Secure Boot. That means that it is now secure.

    9. Re:My FreeBSD Report: Four Months In by rahvin112 · · Score: 4, Insightful

      No, it's not "supposed to break"

      https://wiki.debian.org/Debian...

      The Unstable repositories are updated every 6 hours.

      Some times are safer than others to upgrade packages in unstable, as at any given time, one or more OngoingTransitions may render some packages uninstallable, or release critical bugs may affect key packages.

      Nearly every single time Debian has made major plumbing changes, by for example upgrading or changing major boot packages that run by default, they've broken testing. Read the archives and you'll even find times they've corrupted peoples drives. Maybe you should be aware of what you are using, for gods sake they have a warning when you install testing that you run the chance of total data loss and having to format and reinstall.

      But of course you know better than the Debian Developers!

    10. Re:My FreeBSD Report: Four Months In by rahvin112 · · Score: 4, Informative

      Not enough coffee this morning, I quoted Unstable. Testing has similar warnings and you will find that every time there is major plumbing changes testing breaks. It's inevitable as edge cases break things.

      Still, sometimes, especially when packages are being restructured, packages that are not quite releasable may get into the next-stable distribution. So, there may remain some of the fun of using a constantly evolving development distribution.

      Search the archives, there have been plenty of instances where a package pushed into testing broke people's machines. I remember several.

    11. Re:My FreeBSD Report: Four Months In by Anonymous Coward · · Score: 5, Funny

      Well, you see, I don't have a problem with systemd not working. My problem is that systemd is a great OS that lacks a decent init system.

    12. Re:My FreeBSD Report: Four Months In by squiggleslash · · Score: 5, Funny

      The best thing about FreeBSD are the FreeBSD Ports and how much commitment there is to make every possible application work on the system

      That's awesome. Has systemd been ported yet? That's the only absolute must-have I have that's keeping me in GNU/Linux, if systemd is available on FreeBSD I'll switch over tonight.

      --
      You are not alone. This is not normal. None of this is normal.
    13. Re:My FreeBSD Report: Four Months In by 0100010001010011 · · Score: 5, Interesting

      Have you tried it on a stable OS release that has systemd?

      You mean like Fedora/RH which has 4 'urgent' severity bugs with systemd

      Including one where systemd breaks Keyboard shortcuts handling in text virtual consoles on Redhat Enterprise Linux.

      If you lower the bar to "high" priority you get some fun ones like:

      Unable to boot when systemd's LogTarget is set to syslog-or-kmsg or syslog on RHEL7. (The devs left it at "Ok, dropping log messages even just from systemd itself isn't probaly a best way, but wee need more time for investigation." in September 2014).

      reboot or shutdown commands unresponsive during systemd-fsck

      systemd stuck when auto-mouting volume for NFS

      Systemd doesn't unmount all devices before calling reboot/halt and thus corrupts a clean RAID1

      These aren't "oops, I can't play MP3" level bugs.

    14. Re:My FreeBSD Report: Four Months In by tlhIngan · · Score: 4, Informative

      The difference is that SysAdmins hate SystemD and FreeBSD is primarily developed by SysAdmins. When FreeBSD has to solve the same problems that SystemD is hoping to solve, FreeBSD will do it in a way that SysAdmins will be more comfortable with.

      SystemD is attempting to solve problems without understanding how they should best be solved. Get a decade or two of managing tens of thousands of servers, then come back and attempt to solve the problems, You'll probably do it a bit differently.

      More like different focuses.

      FreeBSD is nice, but it's very server-oriented. Sure you can use it on a desktop through ports, but everything's still basically assuming you're on a server.

      SystemD is like PulseAudio, CUPS, and NetworkManager - they're tools to handle the complex desktop use cases that don't exist with servers.

      Of course, one thing FreeBSD does have is a general guidance and an avoidance of the latest shiny or political plays, which means a lot of Linux cruftiness is avoided, so stability in that form means things don't change too much.

      But, desktop users have a lot of requirements that just cannot be band-aided over like they do in Linux where you have spitwads, gum and duct tape holding together a lot of the system. Sure it works, but it's an extremely fragile system that's just begging for breakage.

      Here's some use cases that are extremely common in a desktop, but not at all on a server, and how various packages handle them.

      Audio - modern desktops have multiple audio paths - from HDMI to plain old speaker/headphone/line outs. And new ones appear and disappear constantly (say, Bluetooth). And audio needs to be mixed because the user might be watching a YouTube video when the system needs to alert them via a system sound. Or say, the user is listening to music, and then a VoIP call comes in which means muting the audio from the music player and activating the communications audio path (which can be completely different audio paths - the music may play through a speaker path, while the VoIP takes place over a headset using either a separate set of ADCs and DACs, Bluetooth, or whatever). Or perhaps the user is listening to music over their A/V system using HDMI audio. Then they turn off their A/V system losing the audio connection - audio now needs to be transported to a secondary source transparently to the application (can't have apps crashing because the audio device disappeared). Or how about a user opening an audio device for exclusive use (low latency, bit-perfect, whatever), and the system needs to play a sound (VoIP, alert, whatever). If there's no other audio path, it's a too-bad situation. But if there's another set of speakers or audio, why not route that audio that way so the user can get the alert through a secondary audio path?

      Networks are just as tricky - you want to connect to many different networks with differing roles - perhaps if you're at home, you bring down the firewall, while if you're on the go, the firewall goes up and maybe the VPN does too. Suddenly media connections are very important too because once you disconnect, you don't know if the next attachment will be to a trusted or untrusted network. And the firewall may need to manage different rules - like perhaps the HTTP server is allowed on all networks - public, private, VPN, whatever, while say Samba should only be accessible on private networks only. Repeat for other applications as necessary.

      SystemD is similar - a lot of services these days aren't launched on the system's behalf, but on the user. Right now there are dozens of different ways to have services launch when you log in - every environment provides a different way of doing it and there's no standard, so perhaps if you need a service to launch on Ubuntu when you log in, it won't work on Fedora. That's a huge mess - why not have something that's good at managing processes do it? Sure you have system services that start up on system boot, but there are a lot

    15. Re:My FreeBSD Report: Four Months In by sconeu · · Score: 4, Funny

      Coming to Netflix this fall: "Systemd is the new EMACS"

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    16. Re:My FreeBSD Report: Four Months In by Bengie · · Score: 4, Insightful

      It has been shipping in Fedora for the past four years, and in RHEL since last summer. If that's not production testing then what is?

      And to think, enterprise users are still complaining about problems that SystemD is creating, but those issues are being shrugged off as "working as expected".

      To compare it, Windows 8 must be a success because it's been in production for a few years now. SystemD is nearly identical to Metro in every abstract way. The end users who care, don't want it, some people just accept it and think it's great. Well good for them, now give us an option to not use Metro/SystemD and let people who like it use it. the problem with SystemD is there is no option, everything breaks without it as more things become dependent on it.

    17. Re:My FreeBSD Report: Four Months In by blue9steel · · Score: 5, Funny

      What next, systemd incorporates a mysql server?

      How else would you properly store all your binary log files?

    18. Re:My FreeBSD Report: Four Months In by muirhead · · Score: 4, Funny

      That would be ridiculous. MySQL is so last year. systemD needs something far more Big Data.

  5. Trust Chain? by Anonymous Coward · · Score: 5, Insightful

    With Lennart Poettering and Kay Sievers lol. 2 of the most untrustworthy and two faced developers in the Linux world.

    Something isn't quite right here

  6. slow to arrive. by nimbius · · Score: 5, Funny

    I for one have been waiting for the promise of a UEFI bootloader for some time, but as an avid Systemd fan I can't help but wonder when Pottering and the team are going to get off their lazy asses and implement a systemd version of the Kernel. The Kernel (linux, ganoo, whatever) is old, inefficient, and can be handled much better by systemd. dmesg is a confusing command too. to replace it in systemd you would just issue a simple systemctl service engage geiss wobble manager=1 --upchuck --lasermode /var/tmp/var/eng/lib/lib64/service/svc/portal/optimized/Skernel.wrapper to get the same data converted from a binary disk image into real text, imaginary text, a full color background, and a chart-topping indie song (--noyuke to remove yukelele) Its really quite simple and I dont understand why linux makes such a fuss about their old fashioned kernels.

    --
    Good people go to bed earlier.
  7. Re:I can't wait! by serviscope_minor · · Score: 5, Funny

    This was the only piece that was missing from systemd.

    It's still missing a good editor.

    --
    SJW n. One who posts facts.
  8. Re:I can't wait! by RabidReindeer · · Score: 5, Insightful

    "does everything you should want to do".

    Do you work for Apple?

  9. Re:I can't wait! by serviscope_minor · · Score: 4, Insightful

    It really is the one and only thing that Linux has been missing for more than 20 years.

    Oh gosh no. For the first time in about 10 years I can no longer get my laptop to sleep reliably using the sleep key, because systemd is eating the events and doing something with them. I've discussed it with various people online and off and no one has been able to help me figure it out.

    The thing is, maybe Linux did need a better boot process (though I've never seen any enormously convinving arguments as it's not like Linux never worked before systemd), but systemd seems to be a bit of a hive of complexity and opaqueness.

    The fact that I can't debug problems that didn't used to be problems is not an enormous point in its favour. It's that sort of reason why so many people are suspicious of it. Well, that and binary log files.

    and does everything you should want to do.

    Well, technically, "everything you should want" is a subset of "everything under the this sun and all others", so systemd does indeed qualify as doinng everything anyone wants.

    --
    SJW n. One who posts facts.
  10. Re:So, UEFI is a good thing now? by ssam · · Score: 4, Insightful

    Can be used for good or evil. Depends if control is in the hands of the hardware manufacturers or the users.

  11. The Systemd of Everything? by Bent+Spoke · · Score: 5, Insightful

    The Systemd Consortium of Uber-Masters (SCUM) is proud to announce the finalization of it's acquisition of the NSA. Hot on the heels of absorbing the CIA and FBI, Vice Chancellor Lennart Poettering had this to say: ".. this brings us one step closer to our ulitimate goal of reducing complexity for the common man."

  12. What's coming next ... by Anonymous Coward · · Score: 5, Insightful

    Here's what sure looks like Mr Poettering's plan going forward:
    1. Expand systemd to the point where large swaths of everything depend on it, so that he is controlling as much of the code base as possible.
    2. Insult Linus Torvalds for a while to try to undermine his authority.
    3. Fork Linux, or demand that Linus give control of Linux over to him, or he will rage-quit and take his code with him.

    His goal doesn't seem to be great code (given the number of times he's screwed up big time), or great design (given that he seems to ignore everything Thompson, Ritchie, etc said about how Unix should work). It sure seems to be about becoming the Grand High Poobah of the open source world, without any idea what that actually takes.

    What he doesn't understand is that Linus is in charge because other open source developers genuinely respect his judgment. If Linus was doing a lousy job in his role, there would be calls for Alan Cox or someone else who's been in the inner circle forever to take over, and Linus might actually step aside. If, on the other hand, you're running around insulting everyone for no good reason, you're not going to have the respect of other developers, and they will quite happily shunt you aside, forking systemd if necessary to get rid of you, and life will go on.

  13. Re:So, UEFI is a good thing now? by Wyzard · · Score: 5, Interesting

    First of all, UEFI is more than Secure Boot. UEFI has been standard on PCs for the past few years, and on Macs ever since they switched to x86. Secure Boot is just a feature of some newer UEFI implementations.

    Second, Secure Boot is a legitimate security feature that helps to protect against boot-time malware. There's nothing inherently evil about it. The controversy is over who should have the power to decide which OS is considered trustworthy and allowed to boot: the owner of the computer, or the vendor of the OS that came preinstalled on the computer?

    Naturally, you don't want to buy a computer that doesn't let you choose which OS you trust. But if you have a computer that does give you that choice, why not take advantage of it? Seems to me that it's good to have hardware vendors see increased demand for machines that support securely booting the OS of your choice, as opposed to those where you just have to disable Secure Boot entirely if you want to run something other than Windows.