Fedora to use Microsoft-signed bootloader on EFI Secure Boot enabled hardware

Discussion in 'all things UNIX' started by Gullible Jones, May 31, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Can you link where in the EFI specification it says that secureboot keys should be handled by current certificate authorities?
     
  2. guest

    guest Guest

    You need to register (it's free) to access these contents. http://www.uefi.org/specs/agreement

    BTW, I think that a PDF file from their official Learning Center is more than enough proof that they wanted keys to be handled by their partners.

    http://www.uefi.org/learning_center/ -> http://www.uefi.org/learning_center/6_-_Insyde_Plugfest_May2012.pdf
     
  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,713
    Location:
    George, S.Africa
    All very confusing, for me at least. What about non RHEL distros, especially the non mainstream ones, will they also purchase a key from MS, will Debian based distros be
    sharing a key, .. and I am still not clear as to whether one will simply be able to disable secure
    boot etc. etc.

    Linus Torvalds on Windows 8, UEFI, and Fedora

     
  4. guest

    guest Guest

    I recommend you to read these:

    - www.uefi.org/learning_center/

    - http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx

    - http://mjg59.dreamwidth.org/12368.html

    But it's easier for Linux fanboys to blame Microsoft for the faults of Linux, isn't it?

    Overall Linux key was (is) an option. But nobody from the Linux "community" or whatever volunteered to make it real.

    They lack time, they lack money. So surprising.
     
    Last edited by a moderator: Jun 12, 2012
  5. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,373
    Location:
    West Yorkshire, UK
    What is the point in a central Linux signing key when you would have to allow anyone to be able to sign the bootloader as Linux GPL has to allow unlimited deritives and varients.
     
  6. guest

    guest Guest

    Does the first stage bootloader necessarily needs to be under GPL?
     
  7. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,373
    Location:
    West Yorkshire, UK
    I was referring to a central Linux signing key particiularly this bit:

    Everybody and anybody who complies with GPL has equal right under Linuxs GPL licence.

    To answer your question, no, Fedoras bootloader does not need to be under GPL, a distro can do what it wants and sign its own (or others) boot loaders.
     
    Last edited: Jun 12, 2012
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Woah, are you trying to blame the Linux community for not starting their own CA? lol that's insane

    There's a reason VeriSign is handling this.

    When they say "nobody is volunteering" it's nto some laziness thing it's a matter of this costing millions of dollars that would be invested into something that doesn't exist yet. That's why they're just building it into the current CA system.
     
  9. guest

    guest Guest

    No I'm not. I know they don't have money neither time to invest in this, and for good reasons - I stated "so surprising" with sarcasm.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    This is more of what I'm referring to. Microsoft implementing a system that Linux can't compete with economically is not exactly the fault of Linux.

    But if it's sarcasm than all good.
     
  11. guest

    guest Guest

    Now I disagree. It's the fault of Linux and its community if it can't compete economically.
     
  12. Umm, same would apply to any startup company making a proprietary OS. Microsoft is quite clearly abusing its position as the biggest desktop OS manufacturer, IMO; and the fact that there is no viable competition for Windows at the moment, does not mitigate the fact that Secure Boot is anticompetitive.\

    Heck, if anything it's going to be more effective without current competition - it will mean that startups making desktop OSes will have more trouble getting off the ground.
     
  13. guest

    guest Guest

    It's not a step being taken by Microsoft alone. The UEFI Forum has many members and is open to new ones. IBM, for example, is one of the members - and we all know that IBM is probably the largest company backing Linux.

    Microsoft is simply making sure that its new OS will be compatible with the Secure Boot feature of the UEFI Specification Version 2.3.1 . It's costing them money too.
     
  14. guest

    guest Guest

    Again, Secure Boot is not a feature of Windows 8.

    SUPPORT to Secure Boot is a feature of Windows 8.

    Secure Boot is a feature of the UEFI Specification Version 2.3.1.

    This spec is being implemented by several OEMs and hardware manufacturers.
     
    Last edited by a moderator: Jun 12, 2012
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    You don't actually believe this though right?
     
  16. guest

    guest Guest

    I sincerely don't see Microsoft making anything "abusive" here. IMO they are being too good subsidizing the prices of VeriSign keys. Microsoft could simply care about their own key / OS support and let the others OS makers deal with the hardware manufacturers/OEMs/etc that are part of the UEFI Forum.

    As a side question, why isn't IBM helping the Linux distros with this? IBM is already in the UEFI Forum and it wouldn't cost them "much" to make some sort of overall Linux key (look how huge IBM is!).
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It would cost them millions.
     
  18. guest

    guest Guest

    Yes, I suppose. IMHO, IBM could deal with it if its commitment to "GNU/Linux and its principles" was really serious.

    Looks like "evil" Microsoft is doing more to these principles these days than IBM, lol.
     
    Last edited by a moderator: Jun 13, 2012
  19. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,713
    Location:
    George, S.Africa
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Hopefully Google's support of Coreboot helps it get popular. It would be the ideal alternative.
     
  21. Wouldn't standardized firmware make it easier to create standardized firmware rootkits, though?
     
  22. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,373
    Location:
    West Yorkshire, UK
    May be a bigger target, but does not imply its an easier target.
    That is down to how well the project is run and maintained.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.