Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Linux Foundation Releases Secure Boot System

  1. #1
    Join Date
    Jan 2007
    Posts
    15,111

    Default Linux Foundation Releases Secure Boot System

    Phoronix: Linux Foundation Releases Secure Boot System

    The Linux Foundation has finally released its UEFI Secure Boot system that's intended for independent Linux distributions and software developers to more easily have access to a signed boot shim...

    http://www.phoronix.com/vr.php?view=MTI5NzQ

  2. #2
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    This preloader is simpler to use as it works with unsigned efi binaries as well. Shim does not allow that - at least that was what i noticed. Why shim is allowed to add a key (i.e. MOK.cer) and this loader not is a bit weird. The error that MS most likely found is there with hashes as well - i see no way to reset those when they have been added. Try yourself you have got a board with Secure Boot - preferred do a backup of your firmware before (you can use flashrom for some boards).

  3. #3
    Join Date
    Jan 2012
    Posts
    186

    Default

    It is outright criminal that we have to endure such crap as this secure boot. The idea is good, i give them that. But the implementation, it sucks big time.

    The only feature one would need is for the UEFI firmware to be able to import the MD5 hash of the bootloader/kernel. This way anything short of hash collision / firmware reflash would not allow for compromising the boot process and all inconvenience to the user would be skipped.

    They should learn how chrome os does it and implement that to secureboot 2.

  4. #4
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    Well with physical access secure boot was useless since the first 3rd party binary was signed You can enroll any hash/key you want. With phyiscal access you usally could disable Secure Boot anyway, so you lose nothing. It is just simpler for noobs to boot Linux without changing firmware settings when the loader is signed. Some loaders enforce signed kernels and the kernel itself could be patched as well to disable loading of unsigned kernel modules. The problem there is that you can just exchange the bootloader. It would be even more fun when somebody finds a way to modify the key db inside Linux.

  5. #5

    Default

    This sounded like a bad idea from the beginning. The Linux Foundation being beholden to Microsoft now? I never thought I'd see this.

    Linux distros are better off using Google and Intel's open source solutions.

  6. #6
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    And where do you see signed preloaders from Google or Intel that can be used for systems with Win 8 logo which have Secure Boot (+fast boot) enabled? It is tricky enough to start from usb key when fastboot disables keyboard input on bootup. Now you need at least basic Win 8 knowledge to boot Linux. Hint: hold down SHIFT when you select reboot (Win+I as shortcut for that menu).

  7. #7
    Join Date
    Jul 2012
    Posts
    797

    Default

    Why do we need this again? I have not missed it on my PCs for the last 17 years.

  8. #8
    Join Date
    Jul 2008
    Posts
    869

    Default

    yes and that explains why rms was pissed getting a linux foundation award... he said it like it would be a obi wan kinobi award for luke sky walker or something like that.

    Ok thats another point... but in generell I understand a bit more why RMS really hard fights opensource movement, and why he sees it basicly as a danger and he strongly points to the differences and dont sees it as one movement with small misunderstandings... I found that sometimes a bit to radical or so... but I more and more understand that its no small differences or missunderstandings...

    lets take the kernel... now you can say ok its only gpl2 and gpl3 has only a few small stuff that goes further... but there will be more freedom steeling things in the future, and there will someday come a gplv4 that targets this... and then the kernel will stay still gpl2 till ever... the difference between real software-freedom and what linux offers will grow over time...

    and with windows 8 and arm it gets even more unfree (no really free grafics drivers for any arm hardware)... and now even arm bought sparc or something (the arch the laptop of rms has) and will shut that down, too...

    the future is darker not brighter... and yes for me its not all about softwarefreedom... its about freedom at all.. and yes gpl even if all software would be use this lisense would make free peoples... but its one aspect of ride to hell we are doing...

    To give a hint what I mean with other stuff, is that a basic income grant could change the whole system so that bad people who wants to get rich, would not find so easy people that today take every job, because they basicly are forced... to hurt themself by doing stuff they dont want to do and hurting other people/environment.

  9. #9

    Default

    when i try in my local host, it still could not work, so i could not test the security one

  10. #10
    Join Date
    Aug 2012
    Posts
    201

    Default

    Quote Originally Posted by blackout23 View Post
    Why do we need this again? I have not missed it on my PCs for the last 17 years.
    Redmond & co wants ur $$$ really bad. U don't pay them enough.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •