Ubuntu's approach sounds better - if it works

Posted Jun 28, 2012 14:12 UTC (Thu) by epa (subscriber, #39769)
In reply to: Ubuntu's approach sounds better - if it works by Jonno
Parent article: Ubuntu details its UEFI secure boot plans

If Canonical's efilinux bootloader is happy to launch any Linux kernel, it can indeed be used to run any other Linux distribution, unless the other distribution depends on some special bootloader magic beyond the usual initrd and parameter passing.

But even in that case, isn't there some kexec type mechanism where the Linux kernel can be made to boot a different kernel or perhaps even GRUB2? My point is that if you can boot an arbitrary Linux kernel, with a little bit of programming work you can boot any other kernel. So Canonical's signed bootloader could be used by other distributions, even Fedora.

Ubuntu's approach sounds better - if it works

Posted Jun 29, 2012 16:03 UTC (Fri) by giraffedata (guest, #1954) [Link]

If Canonical's efilinux bootloader is happy to launch any Linux kernel, it can indeed be used to run any other Linux distribution

And I assume it can be used to launch any other program at all, Linux or not. For example, an infected Windows kernel. So a smart Windows virus would install Canonical's signed efilinux bootloader along with its infected Windows kernel and defeat Microsoft's strategy to secure Windows 8 computers altogether.

So this should mean that Microsoft would not sign a key for Canonical, or should revoke it once Microsoft finds out Canonical is using it this way.

Or maybe I'm just still confused about how UEFI works.