Wednesday, October 17, 2012

UEFI Secure Boot System for Linux

          When Microsoft announced Secure Boot for Windows 8, it received lots of flak from the Linux community because of fears that secure boot would effectively shut out Linux distributions on PCs running the operating system. The biggest problem in regards to Secure Boot was that Microsoft gave OEMs the power the decide whether to include an off-switch for Secure Boot or not. Disabling Secure Boot in UEFI frees the PC from restrictions, so that operating systems that do not support Secure Boot can be installed and run on the PC.

          The primary purpose of the protocol is to prevent the loading of unsigned drivers or operating system loaders. It needs to be mentioned that Secure Boot is only available on PCs that use UEFI, while PCs that use BIOS are not affected by this at all.

          Few days back the Linux Foundation announced that they have found a way to make Linux and other open source distributions work with Secure Boot.
          
          In a nutshell, the Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system).

The source code for the pre-bootloader is available in git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git

          The Linux Foundation notes that it may take a while to obtain a signature from Microsoft. Once it has been acquired, the pre-bootloader will be made available on the Linux Foundation website from where it can be downloaded freely. The bootloader will run a “present user” test to protect the system against attacks targeting the boot process. It is not clear how this will work out, and if it will lead to certain access restrictions. The loader does not offer any security enhancements over booting Linux with UEFI Secure Boot turned off. It is good news for PC users who want to run a dual or triple boot system on a PC with UEFI that includes Windows 8 and at least one Linux distribution or open source operating system.






[source]If you enjoyed this post, make sure you subscribe to my RSS feed! Comments are encouraged

No comments:
Write comments