Quote Originally Posted by lsatenstein View Post
New hardware systems are uefi based. Anaconda was first coded with one solution, and then, following SUSE, whose solution was superior, they dropped that solution for one that is as compliant.
This is confused, in several ways.

For a start, you're confusing UEFI and Secure Boot. UEFI is a new firmware standard for PCs, replacing the old BIOS standard. It has been around for several years, and Fedora has supported it for several releases, since Fedora 12 at least.

You seem to be talking about Secure Boot, which is a single feature of recent versions of the UEFI specification. It is not mandatory under the UEFI spec, though it is required by Microsoft's Windows 8 certification program. Many systems have already shipped with UEFI firmwares in the last few years, with no Secure Boot. I'm typing this on one.

As far as Secure Boot goes, most of the necessary support is not in anaconda, it is in the bootloader and kernel layers. anaconda does not have to do anything special to support Secure Boot, really, beyond maybe installing an extra package.

And in terms of actually supporting Secure Boot - it is more correct to say that many parties, including RH and SUSE, have been working in collaboration to support SB. RH's Matthew Garrett came up with the broad design that Fedora, SUSE and Ubuntu will all use. SUSE suggested a neat revision to the design which Matt liked, and incorporated into his work; it's not correct to say that we started out with one codebase and then completely ditched it for a different one which SUSE designed, this is a misrepresentation. Since SUSE's plan was pretty much the same as Matt's plan plus the neat improvement, and Matt added their suggested improvement, they just decided to use the code Matt was working on. In the end it works out as a collaborative effort.

Fedora and SUSE will both use virtually the same code for SB support. Ubuntu will use a slightly older version of the same code initially, configured in a slightly different way. As Matthew wrote at http://mjg59.dreamwidth.org/18945.html:

"As far as I know, Suse and Fedora will be shipping the same code. Ubuntu is shipping an older version of Shim but should pick up the local key management code in the next release. The only significant difference is that Ubuntu doesn't require that kernel modules be signed."

I do recommend reading through Matt's blog archive on the topic. It's dense stuff, but you'll wind up better informed