UEFI Secure Boot Still A Big Problem For Linux

Written by Michael Larabel in Free Software on 17 January 2012 at 09:12 PM EST. 29 Comments
FREE SOFTWARE
Matthew Garrett has provided some insight regarding some of the problems still outstanding for Linux to handle UEFI Secure Boot.

Matthew Garrett, the Red Hat developer commonly working on power management and UEFI/BIOS matters for Linux, has a new blog post related to UEFI Secure Boot. This latest posting is simply entitled Why UEFI secure boot is difficult for Linux.

The post covers that the code for Linux to handle UEFI Secure Boot is practically done, but there's many other issues outstanding related to the handling of custom secure boot mode, out-of-tree kernel drivers, licensing, key distribution, and other matters. Microsoft has said that for x86/x86_64 systems it should be possible to disable UEFI Secure Boot, but recently it's come to light that ARM-based Windows 8 systems will not be permitted to disable this Microsoft-inspired feature.

Garrett also points out that using Secure Boot under Linux would effectively kill out-of-tree kernel drivers like the AMD Catalyst and NVIDIA graphics drivers. "Signed Linux kernels must refuse to load any unsigned kernel modules. Virtualbox on Linux? Dead. Nvidia binary driver on Linux? Dead. All out of tree kernel modules? Utterly, utterly dead. Building an updated driver locally? Not going to happen."

Matthew summarizes the current situation as, "We can write the code required to support secure boot on Linux in a minimal amount of time - in fact, most of it's now done. But significant practical problems remain, and so far we have no workable solutions for any of them."
29 Comments
Related News
Valkey Celebrates Its First Stable Release As Open-Source Redis Fork
Servo Driving Modularity To Support Different JavaScript Engines
Vim Lands XDG Base Directory Specification Support
OpenJPH 0.11 Works Toward Low-Latency High-Throughput JPEG-2000 (HTJ2K)
Dbus-Broker 36 Released For This Fastest D-Bus Implementation
Sound Open Firmware 2.9 Released With Major Performance Optimizations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Ubuntu Maker Canonical Announces New Collaboration With Qualcomm
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
KDE's KWin Merges Wayland Explicit Sync Support
Gentoo Linux Now An SPI Project