Slashdot Mirror
UEFI Secure Boot Booted From Debian 9 'Stretch' (theregister.co.uk)
Debian's release team has decided to postpone its implementation of Secure Boot. From a report: In a release update from last week, release team member Jonathan Wiltshire wrote that "At a recent team meeting, we decided that support for Secure Boot in the forthcoming Debian 9 'stretch' would no longer be a blocker to release. The likely, although not certain outcome is that stretch will not have Secure Boot support." "We appreciate that this will be a disappointment to many users and developers," he continued, "However, we need to balance that with the limited time available for the volunteer teams working on this feature, and the risk of bugs being introduced through rushed development." The decision not to offer Secure Boot support at release leaves Debian behind Red Hat and Suse, making it the only one of Linux's three main branches not to support the heir-to-BIOS and the many security enhancements it offers.
Lot of FUD being spread in this article. Debian certainly supports UEFI, the *true* "heir-to-BIOS." Secure Boot was a terrible technology from the start. It's disappointing that they weren't able to finish work on it in time, but this certainly isn't the huge issue this article is making it out to be. The majority of Debian installations are going to be in virtualised environments in the first place. Desktop users are probably going to be on testing or another Debian derivative. It kind of makes me angry that Ubuntu didn't contribute this code to Debian straight away, but what can you do.
I have to disagree, at least on the BIOS front.
BIOS is a mess, hard to code for, pragmatically impossible to patch (how many users will actually do the updates).
BIOS is a 16 bit system... it _needed_ to go away.
UEFI may not be perfect, and it may not be the best delivery, but BIOS simply can't support what systems provide these days. > 512 byte disk sectors, SSDs, massive ram, BIOS is crap at all of them. Sure you can shoehorn some support in, but it's still crap. Most systems have been on EFI much longer than most people realize (mid 90's for big systems, 2000 for consumer), and uEFI since 05.
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Begone, Troll!
RedHat/CentOS haven't suffered from dependency hell for years. The adoption of YUM solved the issues.
The real "Libtards" are the Libertarians!
UEFI works fine. It will only be SecureBoot that runs on top of it that could cause problems.
If you'll be running Debian on a server or virtual machine, this will not be a problem.
If you run Debian on "Windows 7" era or older desktops, it will also run fine.
Where you need to be careful is with newer desktop systems mainly designed to run Windows.
If there is a "Windows 10 compatible" sticker for example, you won't be able to run Debian on it.
If there is a "Windows 8 compatible" sticker, you may or may not be able to, depending on what that OEM decided to do, so will need a bit of research.
Microsoft declared that to get the Windows 10 compatible certification, the system must have SecureBoot and there must not be a way to disable it.
In order to get the Windows 8 certification, Microsoft said the system must have SecureBoot, but they didn't yet dictate that it can't have an option to disable it. It was mostly up to the OEM, and I'm not aware of too many that did this.
Where SecureBoot can not be disabled, your only options are to use boot loaders signed by Microsoft, or to upload your own private keys into SecureBoot and sign your own boot loaders.
If that doesn't sound like an option for you, you'll want to avoid those OEM vendors.
Note that you can still have working Debian desktops with the latest gen hardware, but you'll need to either build a system from parts, or find an OEM vendor that specifically caters to Linux.
PC hardware support is still years ahead on Linux, especially for stuff such as WiFi adapters and GPU.
The fact that you ignore NVMe SSDs makes you sound even more clueless...