UEFI secure booting and the future
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Re: UEFI secure booting and the future
Seems like this issue is already causing trouble for people as we speak:
http://benjaminkerensa.com/2011/10/23/u ... gin-linux/
(Edit: this is the current UEFI without secure boot)
http://benjaminkerensa.com/2011/10/23/u ... gin-linux/
(Edit: this is the current UEFI without secure boot)
Last edited by Dry Lips on Mon Oct 24, 2011 4:31 pm, edited 1 time in total.
Re: UEFI secure booting and the future
Yes there are more occurances already.
It is war.
By the way, do you know if it gives problems, when one has UEFI and ONLY Linux (one or more partitions)?
So when there's no Windows involved.
It is war.
By the way, do you know if it gives problems, when one has UEFI and ONLY Linux (one or more partitions)?
So when there's no Windows involved.
Re: UEFI secure booting and the future
From the article Dry Lips shared, it would be a problem even if only running Linux.rijnsma wrote:By the way, do you know if it gives problems, when one has UEFI and ONLY Linux (one or more partitions)?
So when there's no Windows involved.
A suggestion: for all those out there who already have a UEFI BIOS, perhaps you should not update your BIOS version. If Linux currently works with your UEFI BIOS, it might not after the manufacturer makes an update that includes secure boot...
I have a Asrock H67E-GE/HT motherboard, and this has a UEFI BIOS. So no more BIOS updates for me
Re: UEFI secure booting and the future
But in my opinion 'Secure Boot' was something from Microsoft?
What has that to do with EUFI from the hardware-guys? So why a problem if Windows is not on the machine??
I don't understand.
And why can UEFI not be switched off like Microsoft has said?
http://www.theregister.co.uk/2011/09/23 ... i_lock_in/
What has that to do with EUFI from the hardware-guys? So why a problem if Windows is not on the machine??
I don't understand.
And why can UEFI not be switched off like Microsoft has said?
http://www.theregister.co.uk/2011/09/23 ... i_lock_in/
Last edited by rijnsma on Mon Oct 24, 2011 8:42 am, edited 1 time in total.
Re: UEFI secure booting and the future
Apparently Linux supports UEFI, but it can be complicated to set up. Not exactly noob friendly
in other words:
https://help.ubuntu.com/community/UEFIBooting
It also seems as if quite a few people have problems setting up a UEFI system:
http://askubuntu.com/search?q=uefi
---
Edit: This is current UEFI without secure boot.
in other words:
https://help.ubuntu.com/community/UEFIBooting
It also seems as if quite a few people have problems setting up a UEFI system:
http://askubuntu.com/search?q=uefi
---
Edit: This is current UEFI without secure boot.
Last edited by Dry Lips on Mon Oct 24, 2011 4:32 pm, edited 1 time in total.
Re: UEFI secure booting and the future
So that will stop Linux altogether you think?
People find it hard enough like it was I think. (One of the reasons Linux is not big.)
People find it hard enough like it was I think. (One of the reasons Linux is not big.)
Re: UEFI secure booting and the future
Secure boot is a UEFI feature, it is not something Microsoft has invented. What Microsoft has said, is that Windows 8 won't run unless UEFI secure boot is enabled on a system. The problem here is that it is up to the BIOS / motherboard manufacturer if you can switch off UEFI secure boot in the BIOS or not. Microsoft are saying they have not mandated UEFI secure boot must always be on, only that it must be on to boot Windows 8. So it is up to the BIOS / motherboard manufacturer how to deal with this.rijnsma wrote:But in my opinion 'Secure Boot' was something from Microsoft?
What has that to do with EUFI from the hardware-guys? So why a problem if Windows is not on the machine??
I don't understand.
And why can UEFI not be switched off like Microsoft has said?
http://www.theregister.co.uk/2011/09/23 ... i_lock_in/
HP is selling its PC division, so perhaps they are not the best example currently...
Re: UEFI secure booting and the future
From wikipedia:rijnsma wrote:But in my opinion 'Secure Boot' was something from Microsoft?
What has that to do with EUFI from the hardware-guys? So why a problem if Windows is not on the machine??
I don't understand.
And why can UEFI not be switched off like Microsoft has said?
http://www.theregister.co.uk/2011/09/23 ... i_lock_in/
https://secure.wikimedia.org/wikipedia/en/wiki/UefiRed Hat developer Matthew Garrett in his article "UEFI secure booting" raised a concern that UEFI "secure boot" feature may impact Linux (machines with the Windows 8 logo with secure boot enabled that ships with only OEM and Microsoft keys will not boot a generic copy of Linux)[41][42] In response, Microsoft stated that customers may be able to disable the secure boot feature in the BIOS.[2][43] Concern remains that some OEMs might omit that capability in their computers.
Re: UEFI secure booting and the future
Ah. That explains a lot. My UEFI BIOS has the "Compatibility Support Module", allowing BIOS based operating systems to boot as normal...Dry Lips wrote:Apparently Linux supports UEFI, but it can be complicated to set up. Not exactly noob friendly
in other words:
https://help.ubuntu.com/community/UEFIBooting
It also seems as if quite a few people have problems setting up a UEFI system:
http://askubuntu.com/search?q=uefi
Re: UEFI secure booting and the future
Which is a problem when you think of the fact that quite a few people use dual-boot systems.xenopeek wrote: Microsoft are saying they have not mandated UEFI secure boot must always be on, only that it must be on
to boot Windows 8. So it is up to the BIOS / motherboard manufacturer how to deal with this.
Last edited by Dry Lips on Mon Oct 24, 2011 8:59 am, edited 1 time in total.
Re: UEFI secure booting and the future
That's better.xenopeek wrote:Ah. That explains a lot. My UEFI BIOS has the "Compatibility Support Module", allowing BIOS based operating systems to boot as normal...Dry Lips wrote:Apparently Linux supports UEFI, but it can be complicated to set up. Not exactly noob friendly
in other words:
https://help.ubuntu.com/community/UEFIBooting
It also seems as if quite a few people have problems setting up a UEFI system:
http://askubuntu.com/search?q=uefi
Don't buy ever, ever, where-ever you are and go in the world locked UEFI. (Everybody in the world can read this. )
And sign: http://www.fsf.org/campaigns/secure-boot/
Re: UEFI secure booting and the future
Good link rijnsma - I have signed up.rijnsma wrote: And sign: http://www.fsf.org/campaigns/secure-boot/
I urge everyone on this forum do the same.
Re: UEFI secure booting and the future
This is UEFI without secure boot - and that is working. UEFI with Secure Boot is more problematic.Dry Lips wrote:Apparently Linux supports UEFI, but it can be complicated to set up. Not exactly noob friendly
in other words:
https://help.ubuntu.com/community/UEFIBooting
Registered Linux User #528502
Feel free to correct me if I'm trying to write in Spanish, French or German.
Feel free to correct me if I'm trying to write in Spanish, French or German.
Re: UEFI secure booting and the future
Yes, that links were made in the continuation of the blog post I referred toAlbertP wrote:This is UEFI without secure boot - and that is working. UEFI with Secure Boot is more problematic.Dry Lips wrote:Apparently Linux supports UEFI, but it can be complicated to set up. Not exactly noob friendly
in other words:
https://help.ubuntu.com/community/UEFIBooting
about people having trouble with the present UEFI:
http://benjaminkerensa.com/2011/10/23/u ... gin-linux/
You're absolutely right... I'm going to edit my original post in order to
prevent confusion.
Re: UEFI secure booting and the future
Canonical together with Red Hat have released a white paper on the impact of UEFI Secure Boot on Linux. Announcement and download here: http://blog.canonical.com/2011/10/28/wh ... -on-linux/
The three main recommendations from white paper below, but is worth to read it fully (just 9 pages):
The three main recommendations from white paper below, but is worth to read it fully (just 9 pages):
- "We recommend that all OEMs allow secure boot to be easily disabled and enabled through a firmware configuration interface"
- "We recommend that OEMs (with assistance from BIOS vendors) provide a standardised mechanism for configuring keys in system firmware"
- "We recommend that hardware ship in setup mode, with the operating system taking responsibility for initial key installation"
Re: UEFI secure booting and the future
Of course. Everybody in the Secure Boot domain. (Also the prop. software like drivers and so on).
And if not it has to be switchable.
But not MS 'yes' and other systems 'no'.
Friendly document btw..
And if not it has to be switchable.
But not MS 'yes' and other systems 'no'.
Friendly document btw..
Last edited by rijnsma on Fri Oct 28, 2011 1:36 pm, edited 1 time in total.
Re: UEFI secure booting and the future
That's also what developers from Red Hat, Canonical and the Linux kernel suggest in this paper: http://ozlabs.org/docs/uefi-secure-boot ... -linux.pdf
It's a long piece of text but at the end they suggest offering to add the keys when removable media (CD, USB, etc.) is booted.
It's a long piece of text but at the end they suggest offering to add the keys when removable media (CD, USB, etc.) is booted.
Registered Linux User #528502
Feel free to correct me if I'm trying to write in Spanish, French or German.
Feel free to correct me if I'm trying to write in Spanish, French or German.
Re: UEFI secure booting and the future
Eh, it's the same paperAlbertP wrote:That's also what developers from Red Hat, Canonical and the Linux kernel suggest in this paper: http://ozlabs.org/docs/uefi-secure-boot ... -linux.pdf
It's a long piece of text but at the end they suggest offering to add the keys when removable media (CD, USB, etc.) is booted.
Re: UEFI secure booting and the future
You're right. That previous link was indeed the summary of the paper, with a link to the full paper.
Registered Linux User #528502
Feel free to correct me if I'm trying to write in Spanish, French or German.
Feel free to correct me if I'm trying to write in Spanish, French or German.