User: Password:
|
|
Subscribe / Log in / New account

The Linux Foundation's UEFI secure boot system

The Linux Foundation's UEFI secure boot system

Posted Oct 11, 2012 22:37 UTC (Thu) by Richard_J_Neill (subscriber, #23093)
Parent article: The Linux Foundation's UEFI secure boot system

How will this whole thing interact with network booting? If I set my BIOS to boot by PXE, then what? As I understand it, once the BIOS passes control to PXE, it's handed over control to the option ROM on whatever ethernet card is present...

Also, will the LXF make a version without the present user check? For example, if I wanted to boot a machine off Knoppix, and to ensure that every time after a power-cut, it would come up automatically and unattended?


(Log in to post comments)

The Linux Foundation's UEFI secure boot system

Posted Oct 12, 2012 3:25 UTC (Fri) by pjones (subscriber, #31722) [Link]

It's not implemented that way - basically on BIOS you call a card's UNDI driver and it implements PXE. On UEFI, the card's option ROM implements a native UEFI driver, and PXE, protocol-wise, is handled by the system's firmware. The option ROM is *also* a signed binary or it won't be loaded.

So the firmware downloads shim.efi from the server, and then it does whatever steps it needs to after that using UEFI APIs.

The Linux Foundation's UEFI secure boot system

Posted Oct 12, 2012 3:30 UTC (Fri) by jmorris42 (guest, #2203) [Link]

If you want to do those things you need to avoid buying Microsoft's hardware. Period. They used to allow their OEM partners to sell hardware that we could repurpose. Those days are ending. These efforts are simply attempts to keep some possibility of booting Linux on Microsoft PCs.

We need to always vote with our wallets for open hardware. But if want to continue to evangelize the unconverted we need these compromises to get Linux to boot in some fashion on their DRM encumbered hardware. No it won't be as clean or open as now.

The Linux Foundation's UEFI secure boot system

Posted Oct 12, 2012 5:54 UTC (Fri) by mjg59 (subscriber, #23239) [Link]

Microsoft's certification requirements for x86 hardware mean that you're guaranteed the ability to remove Microsoft's keys and implement whatever security policy you want.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds