Duplicating EFI functionality is a waste of time

Posted Jul 8, 2012 1:51 UTC (Sun) by zlynx (guest, #2285)
In reply to: 'You have to divulge your private key' meme by mjg59
Parent article: The FSF's advice to distributors on UEFI secure boot

Network boot is done by EFI. No need to duplicate the code in another program.

Booting off FAT is a EFI requirement. Just put your boot kernel there on the boot partition and it works.

System lockdown is done in EFI with password, default boot option and 0 timeout or a startup.nsh script.

Other operating systems are supported by EFI unless it is a BIOS only operating system then a BIOS emulation layer is required to boot first, like Apple Bootcamp does for Windows XP.

You would not want another UI in a EFI bootloader because the EFI is supposed to have all of the UI already.

Summary: We do not need to duplicate everything EFI already does in a EFI boot loader.

Duplicating EFI functionality is a waste of time

Posted Jul 8, 2012 2:00 UTC (Sun) by mjg59 (subscriber, #23239) [Link] (3 responses)

"Network boot is done by EFI. No need to duplicate the code in another program."

The firmware retrieves efilinux. How does efilinux download the kernel?

"Booting off FAT is a EFI requirement. Just put your boot kernel there on the boot partition and it works."

And now your /boot is FAT and you can't make symlinks in it, resulting in various existing tools now being broken.

"System lockdown is done in EFI with password, default boot option and 0 timeout or a startup.nsh script."

All well and good until you want to modify a kernel parameter and now have to wade through a configuration menu that differs between hardware vendors.

"Other operating systems are supported by EFI unless it is a BIOS only operating system then a BIOS emulation layer is required to boot first, like Apple Bootcamp does for Windows XP."

efilinux doesn't support chaining to other operating systems, so if your shim loader boots it first then you're stuck only booting Linux. Except for:

"You would not want another UI in a EFI bootloader because the EFI is supposed to have all of the UI already."

Have you actually used an EFI system? The UI is completely inconsistent between vendors, is often slow and awkward and may not let you edit command line options. Having half your technical documentation say "Refer to your system vendor documentation in order to determine if and how you can edit kernel options" is dreadful. Doing this in the bootloader means that you can guarantee consistency.

Duplicating EFI functionality is a waste of time

Posted Jul 10, 2012 3:09 UTC (Tue) by raven667 (subscriber, #5198) [Link] (2 responses)

It seems that EFI has most of the features of GRUB and 90% of what is truly needed to direct boot a Linux kernel. Changing the Linux kernel and boot process to make it better integrate with EFI and changing the reference implementation of EFI when necessary sounds like a reasonable idea. Working on some conventions with the vendors to make the UI decent also seems like it would pay off in time. Maybe this would only work if you had a close relationship with some preferred vendors to ensure an Apple level of user experience.

Duplicating EFI functionality is a waste of time

Posted Jul 10, 2012 3:12 UTC (Tue) by mjg59 (subscriber, #23239) [Link] (1 responses)

Given that even Microsoft use a full-featured EFI bootloader I have no faith whatsoever in our ability to get every vendor to adopt a common level of UI competence.

Duplicating EFI functionality is a waste of time

Posted Jul 10, 2012 4:21 UTC (Tue) by raven667 (subscriber, #5198) [Link]

The whole thing seems like a missed opportunity then as we are going to be stuck with EFI for at least the next 20 years.