Advertisement
GStreamer Conference 2013, 22-23 Oct, Edinburgh
GStreamer, Embedded Linux, Android, VoD, Smooth Streaming, DRM, RTSP, HEVC, PulseAudio, OpenGL. Register now to attend.
| |||||||||||||
Preparing the kernel for UEFI secure bootPreparing the kernel for UEFI secure bootPosted Sep 8, 2012 7:16 UTC (Sat) by dirtyepic (subscriber, #30178)Parent article: Preparing the kernel for UEFI secure boot
> One consequence is that graphics cards without kernel mode setting (KMS) support cannot be used; fortunately, the number of systems with (1) UEFI firmware and (2) non-KMS graphics is probably countable using an eight-bit signed value.
Wouldn't this be any new system with NVidia graphics? Even if I've missed something and the Nouveau driver has gotten somewhere near usable lately, I'm pretty sure it doesn't support the Quadro K1000M in my UEFI-enabled Thinkpad W530 (the Nouveau wiki is down at the moment but I checked it just last week).
(Log in to post comments)
Preparing the kernel for UEFI secure boot Posted Sep 8, 2012 14:38 UTC (Sat) by mjg59 (subscriber, #23239) [Link]
The binary nvidia driver doesn't use the KMS infrastructure but does do modesetting through the kernel.
Preparing the kernel for UEFI secure boot Posted Sep 10, 2012 12:18 UTC (Mon) by Aissen (subscriber, #59976) [Link]
Which means that the distro will have to provide pre-compiled per-kernel signed versions of the nvidia driver (for each version of the module). How does Fedora intend to do that, knowing that the proprietary nvidia drivers are managed over at rpm fusion?
Also, will Fedora do that, knowing the recent local-root exploit vulns ?
If Fedora refuses to provide signed nvidia drivers, it could also mean that one of the most expected, biggest "Linux Desktop advantage" will be annihilated: the ability to easily run games on Linux (i.e without fiddling with your BIOS). With the Steam beta around the corner, things coulnd't go more wrong.
Sure people could still run nouveau. Except they won't, if performance isn't on par with the proprietary driver.
Preparing the kernel for UEFI secure boot Posted Sep 10, 2012 12:25 UTC (Mon) by cortana (subscriber, #24596) [Link]
> Which means that the distro will have to provide pre-compiled per-kernel signed versions of the nvidia driver (for each version of the module).
Is this legal, what with nvidia.ko being a derived work of both the kernel and NVIDIA's proprietary driver?
Preparing the kernel for UEFI secure boot Posted Sep 10, 2012 12:28 UTC (Mon) by Aissen (subscriber, #59976) [Link]
> Is this legal, what with nvidia.ko being a derived work of both the kernel and NVIDIA's proprietary driver?
Oh yeah. It depends who you ask. It hasn't been taken to court yet.
Note that the nvidia module uses an GPL layer that then loads the nvidia binary and does the link between the two.
Preparing the kernel for UEFI secure boot Posted Sep 10, 2012 12:44 UTC (Mon) by cortana (subscriber, #24596) [Link]
It seems my assumption was wrong. Debian distributes a pre-built nvidia.ko for each of its stock kernels, and if the ftpmasters can be convinced that it's OK then it probably is OK. :)
Preparing the kernel for UEFI secure boot Posted Sep 10, 2012 16:26 UTC (Mon) by Aissen (subscriber, #59976) [Link]
Apparently there was some discussion on this subject over there:
https://lwn.net/Articles/515007/#Comments
Preparing the kernel for UEFI secure boot Posted Sep 11, 2012 2:59 UTC (Tue) by dirtyepic (subscriber, #30178) [Link]
The Steam beta was exactly what I had in mind when I was asking that question.
Now, that said, I imagine the intersection of Linux users wanting to do high-performance gaming and those needing secure-boot is a pretty small cross-section of the population. And really, who is more accustomed to fiddling with BIOS settings than gamers? It's another hoop, but let's not pretend there aren't already a dozen others set up.
Preparing the kernel for UEFI secure boot Posted Sep 11, 2012 16:00 UTC (Tue) by Aissen (subscriber, #59976) [Link]
> It's another hoop, but let's not pretend there aren't already a dozen others set up.
I didn't mean to. Doesn't mean it shouldn't be solved, otherwise people trying to remove the other hoops will encounter the same argument, and it will never be working out of the box.
|
|||||||||||||