LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Linux Foundation's UEFI secure boot system

The Linux Foundation's UEFI secure boot system

Posted Oct 11, 2012 14:40 UTC (Thu) by jake (editor, #205)
In reply to: The Linux Foundation's UEFI secure boot system by pjones
Parent article: The Linux Foundation's UEFI secure boot system

> So what shim with an empty internal key list gets you is analogous
> to this plan

Ah I see, thanks for the info ... does that mean that when I want to boot a LiveCD (say), I have to write stuff (even "empty" stuff) to the UEFI boot variables of the machine? Or can shim just bypass all of that and, in effect, provide the same "always present user" boot style that the LF approach takes? At some level, I guess I am asking if shim is a complete superset of the LF approach.

There may be times or reasons that someone booting doesn't want to write to the firmware of the box ...

jake

(Log in to post comments)

The Linux Foundation's UEFI secure boot system

Posted Oct 11, 2012 14:57 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

We're pretty reluctant to just add the "Press y to continue" code because that's something Microsoft explicitly forbid from being present in the system firmware, and there's a pretty strong incentive to be conservative. Adding the functionality would be trivial, it's really a policy thing.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds