Work-around for UEFI Secure Boot System

“In a nutshell, the Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system).  The pre-bootloader will employ a “present user” test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems.”

see Linux Foundation UEFI Secure Boot System for Open Source | James Bottomley's random Pages.

I don’t like any solution that depends on M$. If they can revoke that key, GNU/Linux falls down. They have messed up keys before either deliberately or through incompetence. Someone should sue M$ over this mess. It’s clearly anti-competitive. Also, this doesn’t look like a solution for servers. Are they exempt from this M$-crapware?

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in Teaching and tagged , , . Bookmark the permalink.

4 Responses to Work-around for UEFI Secure Boot System

  1. ram says:

    That is not a work around. A work around is something that avoids Microsoft entirely. UEFI effectively ruins motherboards for use by OEMs and embedded systems developers.

    I think this is going to bite Taiwanese motherboard manufacturers hard, real hard. Far more boards go into industrial systems than are sold to consumers. Only a small percentage of consumers want Microsoft 8, virtually no embedded systems developers want it.

    Once OEMs and embedded systems developers find alternative sources of supply to the Taiwanese motherboard manufacturers who went with UEFI they will have a VERY hard time regaining our trust. You only get to screw your big customers once!

  2. eug says:

    They are not afraid of malware.
    They are afraid of “8loader”.
    (For seven you have “7loader”)

  3. Chris Weig says:

    ROFL. The Cult of FLOSS gets bitten in the behind by its own kind. You can notice a difference, though. Those people from Canonical, Red Hat etc. are pragmatic here before they’re being FLOSS worshippers. And that’s just something this blog’s venerable Cult of FLOSS can’t do.

  4. dougman says:

    UEFI solves nothing, except locking out the competition.

    This is nothing new. The real problem is that malware is able to enter the system while running. Secure-boot may block the loading of malicious code initially, but provides no protection from whatever stupid action the OS takes next. It won’t make any difference long term to the number of compromised computers in the world even if boot-sector viruses can be completely eliminated.

    http://www.theregister.co.uk/2011/11/18/windows_8_bootkit/

    http://www.neowin.net/news/new-proof-of-concept-bootkit-targets-uefi-and-windows-8

    http://www.youtube.com/watch?v=xKgz4Y_sNjo

Leave a Reply