LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux NOT bootable????

Linux NOT bootable????

Posted Nov 8, 2012 15:26 UTC (Thu) by faramir (subscriber, #2327)
Parent article: UEFI secure boot kernel restrictions

At the end of the article is the line:

"On the other hand, not being able to boot Linux on x86 hardware because of key blacklisting would be problematic too."

As I understand it, all UEFI systems must have the ability to disable secure boot enforcement in order to get Microsoft certification. Is this correct? I've read the arguments about how hardware manufacturers will screw this up and I even agree that this is likely to happen with some systems at some point. And maybe this line was intended as shorthand for that possibility. However, (as written), I think that line smells an awful lot like FUD (fear, uncertainty, doubt).

(Log in to post comments)

Linux NOT bootable????

Posted Nov 8, 2012 15:44 UTC (Thu) by jake (editor, #205) [Link]

It certainly wasn't meant as FUD, but it is a bit unclear. Perhaps a correction like:

not being able to _easily_ boot Linux on x86 hardware

would help. If the bootloader keys get blacklisted, users will have to go into their BIOS and disable secure boot before being able to boot Linux. That's all I was trying to say.

jake

Linux NOT bootable????

Posted Nov 8, 2012 16:46 UTC (Thu) by mirabilos (subscriber, #84359) [Link]

Or use another bootloader, signed and not revoked, that allows unsigned images to be booted after a User Present check.

People wanting to do unattended stuff better buy some machine with a real BIOS or at least disable Restricted Boot.

Linux NOT bootable????

Posted Nov 8, 2012 15:56 UTC (Thu) by eparis (subscriber, #33060) [Link]

Not FUD. It will be on by default and we don't want users to have to go into BIOS and turn off 'security' in order to boot a livecd, or install a Linux distro. No one is saying they can't, and if they do it will work just fine without anything special, but we don't think users want to or know how to turn off 'security'.

Linux NOT bootable????

Posted Nov 8, 2012 18:42 UTC (Thu) by faramir (subscriber, #2327) [Link]

"No one is saying they can't ..."

Actually that is exactly what the article said. Someone who just read the article and hadn't spent as much time following the issue as I (or you) would be misinformed.

I was surprised to read that as I was pretty sure that it was wrong, but then again this was an actual LWN article so maybe I was wrong. That's why I asked for clarification. I'm perfectly willing to accept that this was an error on the part of the original author and not an attempt at FUD. I do, however, see it as problem in that makes it too easy for people who say that UEFI security is not an issue to easily discount the more subtle arguments about LiveCDs etc.

Linux NOT bootable????

Posted Nov 14, 2012 14:44 UTC (Wed) by Lennie (subscriber, #49641) [Link]

Windows 8 hardware on ARM has EUFI secure boot enabled, as demanded by Microsoft on the OEMs and there is no off switch.

Currently they can't force that on the x86/amd64 desktop market, because of anti-trust issues.

But maybe they can force it on the server market ?

Also if Windows 8 would be unpopulair on x86/amd64 and Microsoft lost a large share of the desktop market. In that case they could force it on their desktop market OEMs too.

So if the Year of the Linux desktop ever happend, they have a weapon ready ?

I'm very unhappy with this situation.

Linux NOT bootable????

Posted Nov 15, 2012 19:15 UTC (Thu) by ccurtis (guest, #49713) [Link]

Windows 8 hardware on ARM has EUFI secure boot enabled, as demanded by Microsoft on the OEMs and there is no off switch. Currently they can't force that on the x86/amd64 desktop market, because of anti-trust issues. But maybe they can force it on the server market ?

I'm not sure anti-trust is the reason, but this does raise an interesting thought. It seems that AMD may be looking to drive ARM processors into the server market[1]. The future may very well be ARM hardware instead of x86 -- already netbooks and laptops, etc. are going ARM. Is this an attempt to lock out Linux from the future computing markets if x86 wanes? And what about hybrid cores? Like big.LITTLE or the PS/3 but maybe instead x86 with a dozen ARM coprocessors (or v/v)?

[1] AMD promises 64-bit ARM-based Opteron server CPUs coming in 2014

Linux NOT bootable????

Posted Nov 15, 2012 19:36 UTC (Thu) by raven667 (subscriber, #5198) [Link]

Linux can't be locked out of the server space in any foreseeable future, it is far too dominant, not even MS billions has been able to change that.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds