Slashdot Mirror

← Back to Stories (view on slashdot.org)

UEFI Secure Boot Booted From Debian 9 'Stretch' (theregister.co.uk)

Posted by msmash on from the going-forward dept.

Debian's release team has decided to postpone its implementation of Secure Boot. From a report: In a release update from last week, release team member Jonathan Wiltshire wrote that "At a recent team meeting, we decided that support for Secure Boot in the forthcoming Debian 9 'stretch' would no longer be a blocker to release. The likely, although not certain outcome is that stretch will not have Secure Boot support." "We appreciate that this will be a disappointment to many users and developers," he continued, "However, we need to balance that with the limited time available for the volunteer teams working on this feature, and the risk of bugs being introduced through rushed development." The decision not to offer Secure Boot support at release leaves Debian behind Red Hat and Suse, making it the only one of Linux's three main branches not to support the heir-to-BIOS and the many security enhancements it offers.

8 of 168 comments (clear)

  1. RedHat by Aighearach · · Score: 4, Interesting

    This is an example of why 20 years later, I'm still running RedHat/Fedora/Centos family distros.

    I want all my FLOSS software to work. And I want business integration to work too. I don't want to have to choose them because they're not actually in conflict.

    1. Re: RedHat by Anonymous Coward · · Score: 0, Interesting

      I see what you're saying, but the problem I have with your reasoning is that we have seen total crap like systemd, PulseAudio, Gnome 3, Gtk+ 3, and Wayland come out of that camp/community. Those things have hurt my Linux experience more than anything else has. Systemd alone has caused me more headaches than anything MS or SCO ever did. In fact it was software from that camp which made me evaluate OpenBSD. It turns out that OpenBSD gives me everything good that GNU/Linux used to, but without so much awful software. OpenBSD has better security, too. That's why nearly all of my systems use OpenBSD now, and the remaining ones will soon be switched over.

    2. Re: RedHat by TWX · · Score: 3, Interesting

      Back in the late nineties I convinced my best friend to drop NetBSD and join us on Linux. At the time Linux seemed to be where all of the development was being done to make new hardware work where it didn't do so well in BSD. Now I'm wondering if it's time to reconsider the BSDs.

      --
      Do not look into laser with remaining eye.
    3. Re: RedHat by Aighearach · · Score: 2, Interesting

      I love systemd and PulseAudio.

      Gnome 3 I don't use, I use xfce and the world is wonderful and the desktop never changes. I don't actually use a "desktop," but I do like a traditional window manager and task bar.

      Gtk+ 3 is irrelevant to me. Even when I'm writing Gtk-based GUI apps I can just use the parts of the API that were in Gtk 2 if I want. There is nothing wrong with Gtk+ 3 though, the way there is with Gnome 3 and the needless shifting of paradigms. Gtk mostly behaves the way it always has, from the application perspective or the user perspective.

      Wayland isn't something I'm ever likely to use. I guess I'm weird but I like having a networked window system. X isn't going away from serious platforms, even as other options are added.

      If you can't manage a system because of systemd, if you actually have serious business-y high maintenance system needs and you can't learn how to have it be easier under systemd, then maybe it is actually just you? If OpenBSD does everything you need, this is probably more of a grooming issue than a technical issue.

  2. What about Non-Secure Boot UEFI Boot? by Zombie+Ryushu · · Score: 4, Interesting

    Several of my boards support UEFI boot, or CSM Boot but the Secure Boot Portion can be turned off (or is absent in the case of one of my boards. I have one of the few early boards that has UEFI but not Secure Boot.). You can do a UEFI Boot without SecureBoot Verification like Macs do,

  3. Re:"Heir-to-BIOS?" by bws111 · · Score: 4, Interesting

    Why is secure boot a 'terrible technology'? We use it quite successfully here. What are the problems with it?

  4. Re:"Heir-to-BIOS?" by bws111 · · Score: 4, Interesting

    1) Why? Because you said so? Exactly what is insecure about it?

    2) Exactly the opposite in our case. We sign our own images. The only code that will run is stuff signed by the appropriate key. That means users, hackers, and especially rogue admins don't get to install their own backdoors. Our stuff remains OURS, not THEIRS. As it should be.

  5. Re:"Heir-to-BIOS?" by bws111 · · Score: 4, Interesting

    We use it to protect important machines (servers, automation controllers, etc) from tampering by external or internal parties. Of course, it is not secure boot by itself that does that, it is in combination with SELinux and IMA. Secure boot, however, is a key component (does no good to have your kernel verify signatures before running things if the kernel itself is not trusted).