LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-18-2012, 06:41 PM   #1
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,118
Blog Entries: 3

Rep: Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404
"Linux Developers Step Up to the Secure Boot Challenge"


Hi,

"Linux Developers Step Up to the Secure Boot Challenge" is a good attempt at solving the 'Secure Boot' issue for Gnu/Linux.

Sure it is early but people are working on a solution.

Another good article: Linux and Windows 8's Secure Boot: What We Know So Far


Other useful links in Links for Helpful Linux articles & books

Last edited by onebuck; 05-26-2013 at 10:11 AM. Reason: add link
 
Old 07-18-2012, 06:52 PM   #2
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,522
Blog Entries: 2

Rep: Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020
Good to have tools for signing bootloaders, but I don't get what Tianocore is for. Anyone able to explain that to me?
 
Old 07-18-2012, 08:13 PM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Am I misunderstanding your qn?
Quote:
Intel's Tianocore, which is an open source implementation of the Unified Extensible Firmware Interface (UEFI).

The Intel Tianocore project just recently added the Secure Boot facility to its UEFI ROM images, he noted.
https://www.pcworld.com/businesscent...challenge.html
See also http://sourceforge.net/apps/mediawik...?title=Welcome
 
Old 07-18-2012, 09:02 PM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,522
Blog Entries: 2

Rep: Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020
OK, so now we have an open source implementation of UEFI, including Secure Boot. But what is it good for? Can I replace the UEFI on my motherboard with it? And how does having an open source implementation of Secure Boot change things for Linux? That is what I don't get.
 
Old 07-18-2012, 11:56 PM   #5
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, FreeBSD 10.0, CRUX 3.1
Posts: 3,009
Blog Entries: 15

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
It kinda seems to state that even if SecureBoot is enabled on a PC, they are working on developing a SecureBoot key for Linux systems to use SecureBoot without a workaround.

That's what I gathered...
 
Old 07-19-2012, 05:27 AM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,522
Blog Entries: 2

Rep: Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020
But you don't need a workaround for Secure Boot. It works for Linux.
 
Old 07-19-2012, 08:43 AM   #7
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,330

Rep: Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100
Well, we obviously do need computer systems whose "hardware software" layer is cryptographically protectable, for the same reason that we now understand the importance of cryptographically signed applications and operating-system components. The trick of it, though, is that such technologies must not be proprietary: owned by one company and known only to them, regardless of the reasoning (or the patents) given.

If you've ever seen a Linux system that was "root-kitted," you know firsthand that penetration of a system can be done very deep ... beneath, indeed, the operating-system layer upon which we routinely hang the hat of security. There's a genuine need for this kind of technology in modern computer systems. But, it can't be owned by Microsoft, by Apple, or by anyone else. And, it can't rely on secrets. To do any of these things would be to defeat its purpose. (But try telling an IP lawyer that!)
 
Old 07-20-2012, 09:49 AM   #8
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,118
Blog Entries: 3

Original Poster
Rep: Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404
Member Response

Hi,

Software/Hardware protection is not new. Early OS provided protections to prevent both intentional and accidental changes. I do remember signing several different legal agreements for AIX and UNIX to allow tweaking of a OS by the end user. This was not taken lightly at the time.

I personally can understand Microsoft's position with 'secure boot'. Some look at it as locking out. I look at it as securing the system. You are not being forced to purchase the equipment & software. Buy something else! The argument that I purchased the equipment therefore it's mine to do as I wish doesn't wash. Purchasing a piece of hardware with a known control that prevents augmentation of software unless you make the changes through the certified vendor is just that: You purchased with known restrictions thus no way to change it without major hacks thus violating the original agreement. Create a brick and you have a large door stop.
 
Old 07-20-2012, 11:22 AM   #9
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 6,959
Blog Entries: 52

Rep: Reputation: Disabled
Gary
It's not so often that I agree with you, and this time is no exception. It may be OK for Microsoft to dictate what I can do with their software, after all I've only bought a license to use it, and not bought it outright. But they should have no power to dictate or enforce what I use on my hardware. It might suit you to have limited choice, and say "buy something else", but some of us prefer to be less constrained. As far as most ARM devices go, it could very well become "locking out", if Microsoft get their way. Don't give them the thin end of the wedge. They couldn't care less about you, only profits.
 
Old 07-20-2012, 12:59 PM   #10
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,522
Blog Entries: 2

Rep: Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020
What I see in discussions about Secure Boot and Microsoft is that most people that have a negative opinion about this have most of their knowledge from FUD spreading bloggers.
Some simple facts: Every x86 mainboard/PC that wants to get the Windows 8 logo has to have options in the firmware that allow the users to disable Secure Boot and, if they don't want to disable it, to add their own custom keys. It may sound ironical, but if you buy x86 hardware with Windows 8 logo you can be sure that any Linux distribution will run on it without major problems.
If you look at ARM hardware, most of the devices that you can buy now are already locked, without Microsoft being in the game. So why is it different if Microsoft does it also?
 
Old 07-20-2012, 01:51 PM   #11
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 6,959
Blog Entries: 52

Rep: Reputation: Disabled
Yeah, maybe it's FUD. Maybe I'm being paranoid to mistrust Microsoft and anything they're keen on implementing. Maybe their boss never likened Linux to a cancer.
From:
http://technet.microsoft.com/library/hh824987.aspx
Quote:
Secure Boot is a feature that helps prevent unauthorized firmware, operating systems, or UEFI drivers (also known as Option ROMs) from running at boot time. Secure Boot does this by maintaining databases of software signers and software images that are pre-approved to run on the individual computer.
Who, besides Microsoft, decides what is unauthorized firmware and operating systems? Which operating systems and firmware are "unauthorized"?
 
Old 07-20-2012, 04:18 PM   #12
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,522
Blog Entries: 2

Rep: Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020
Quote:
Originally Posted by brianL View Post
Maybe their boss never likened Linux to a cancer.
Of course he did. In the 90's.

Quote:
Who, besides Microsoft, decides what is unauthorized firmware and operating systems?
As I stated in my last post, the user does.
Quote:
Which operating systems and firmware are "unauthorized"?
All those that you have not authorized. Just in the case you simply don't just disable Secure Boot and don't have to bother at all.
 
Old 07-20-2012, 04:47 PM   #13
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 6,959
Blog Entries: 52

Rep: Reputation: Disabled
The user, me, already decides which operating system and firmware is installed on my computer. And I hope this will be the case in future, without interference of any kind. Especially interference from would-be monopolies with dubious business ethics. So what's new?
 
Old 07-20-2012, 05:09 PM   #14
jefro
Guru
 
Registered: Mar 2008
Posts: 11,327

Rep: Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386
Linux has always had problems. Simple things that people take for granted now were show stoppers before. Take the WinModem problem. Dunno how many people only had dialup and didn't want to spend the money for a hardware modem.

This entire boot and bios deal will be solved one way or another. It is not an evil empire deal, just something linux users need to learn and use.
 
Old 07-20-2012, 05:27 PM   #15
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,522
Blog Entries: 2

Rep: Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020Reputation: 4020
Quote:
Originally Posted by brianL View Post
So what's new?
New is that you as the user can sign your OS to make sure that it is really your decision (and not the decision of a rootkit) what can run on your system.
 
  


Reply

Tags
bios, secure boot, uefi


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Will your computer's "Secure Boot" turn out to be "Restricted Boot"? LXer Syndicated Linux News 0 10-17-2011 09:00 PM
What are the easy to follow step-by-step instructions for loading "WICD" in Slackware Twilight_Bandit Linux - Software 2 06-22-2009 05:16 AM
boot hangs at the "/boot: clean" step dh4 Linux - General 1 03-10-2007 10:14 AM
LXer: Why EnGarde Secure Linux is "Secure By Design" LXer Syndicated Linux News 0 10-10-2006 12:21 AM
LXer: O'reilly Releases "Learning PHP & MySQL": A Step-by-Step Guide to ... LXer Syndicated Linux News 0 06-21-2006 06:33 AM


All times are GMT -5. The time now is 03:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration