[GRLUG] Replacement for BIOS ROM could lock Linux OS off of PC?

[Michael Mol]

On Tue, Oct 11, 2011 at 2:29 AM, Joseph VanDerStelt
<joseph.vanderstelt at gmail.com> wrote:
> http://www.dslreports.com/forum/r26341356-Windows-8-Secure-Boot-Would-Exclude-Linux
>
> Has anyone seen information on this?

Yes.

Summary:
1) UEFI supports forcing the loading of signed bootloaders, with keys
stores in system BIOS
2) Microsoft will be requiring hardware manufacturers who want to be
Win8 Certified to support restricting the system to only boot from
signed bootloaders.
3) The UEFI keystore and crypto controls must not support programmatic
manipulation.

What this does not say, and does not mean:
1) Hardware manufacturers are disallowed from booting other operating systems.
2) Operating system vendors must get Microsoft's or hardware OEM's
specific blessing to run their software.

There are a few "outs" that will allow us to run Linux on hardware
which can also run Win8:
1) OEMs may provide keys to allow you to sign your own bootloaders.
2) OEMs may allow you to disable crypto checking. (Win8 certification
requires that it be supported, not that it be employed)

At this stage, the onus is now on OEMs if they wish to support more
operating systems than Windows 8. Such as Win7 or Linux...and hardware
OEMs know it would be suicidal to drop support for Linux on server
hardware.

I expect the general outcome will be that the Dells, eMachines and HPs
in the desktop world will have the most likely of any to become
Win8-only, but any manufacturer that sells motherboards to end-users
will either provide user access to the UEFI keystore, or they will
allow bootloader signature checking to be disabled.

-- 
:wq

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.