October 12, 2012 at 00:42Linux Foundation launches bootloader to circumvent UEFI Secure Boot restrictions
Microsoft's requirement to include UEFI secure boot protection in devices certified to be compatible with Windows 8 has caused serious concern in the Open Source community. The Free Software Foundation issued a statement condemning "limited downloads." Having to manually install keys or disable secure boot to install an unsigned * nix distribution can make installing it more difficult and inconvenient. Moreover, devices may appear that will generally not allow you to install unsigned systems.
To protect free software from possible discrimination, the Linux Foundation is developing a special preloader that will be freely available on the Linux Foundation website after it is signed by Microsoft. This bootloader will save the user from having to deal with installing keys or disabling secure boot. He will only ask permission and, having received it, sign and download anything. Thus, the Linux Foundation consortium is implementing on its own the recommendations that it made to OEMs a year ago .
Linux Foundation welcomes attempts at large distributions ( Fedora , SUSE , Ubuntu) take advantage of the UEFI secure boot in normal mode, with signing not only the bootloader, but other code that works directly with the hardware. A preloader that allows you to download any unsigned code is a temporary measure aimed at enabling the creators of all distributions to quietly develop a policy for working with safe boot without worrying that their system will no longer be installed on Win8-certified devices.
You can download the bootloader sources from this repository:
git: //git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git
(file Loader.c).
Details are on the blog of James Bottomley, a member of the Linux Foundation Technical Advisory Board.
To protect free software from possible discrimination, the Linux Foundation is developing a special preloader that will be freely available on the Linux Foundation website after it is signed by Microsoft. This bootloader will save the user from having to deal with installing keys or disabling secure boot. He will only ask permission and, having received it, sign and download anything. Thus, the Linux Foundation consortium is implementing on its own the recommendations that it made to OEMs a year ago .
Linux Foundation welcomes attempts at large distributions ( Fedora , SUSE , Ubuntu) take advantage of the UEFI secure boot in normal mode, with signing not only the bootloader, but other code that works directly with the hardware. A preloader that allows you to download any unsigned code is a temporary measure aimed at enabling the creators of all distributions to quietly develop a policy for working with safe boot without worrying that their system will no longer be installed on Win8-certified devices.
You can download the bootloader sources from this repository:
git: //git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git
(file Loader.c).
Details are on the blog of James Bottomley, a member of the Linux Foundation Technical Advisory Board.