[GRLUG] Replacement for BIOS ROM could lock Linux OS off of PC?

Steve Romanow slestak989 at gmail.com
Tue Oct 11 10:36:33 EDT 2011


Linux Outlaws podcast has had good coverage.
On Oct 11, 2011 9:09 AM, "Michael Mol" <mikemol at gmail.com> wrote:

> On Tue, Oct 11, 2011 at 2:29 AM, Joseph VanDerStelt
> <joseph.vanderstelt at gmail.com> wrote:
> >
> http://www.dslreports.com/forum/r26341356-Windows-8-Secure-Boot-Would-Exclude-Linux
> >
> > Has anyone seen information on this?
>
> Yes.
>
> Summary:
> 1) UEFI supports forcing the loading of signed bootloaders, with keys
> stores in system BIOS
> 2) Microsoft will be requiring hardware manufacturers who want to be
> Win8 Certified to support restricting the system to only boot from
> signed bootloaders.
> 3) The UEFI keystore and crypto controls must not support programmatic
> manipulation.
>
> What this does not say, and does not mean:
> 1) Hardware manufacturers are disallowed from booting other operating
> systems.
> 2) Operating system vendors must get Microsoft's or hardware OEM's
> specific blessing to run their software.
>
> There are a few "outs" that will allow us to run Linux on hardware
> which can also run Win8:
> 1) OEMs may provide keys to allow you to sign your own bootloaders.
> 2) OEMs may allow you to disable crypto checking. (Win8 certification
> requires that it be supported, not that it be employed)
>
> At this stage, the onus is now on OEMs if they wish to support more
> operating systems than Windows 8. Such as Win7 or Linux...and hardware
> OEMs know it would be suicidal to drop support for Linux on server
> hardware.
>
> I expect the general outcome will be that the Dells, eMachines and HPs
> in the desktop world will have the most likely of any to become
> Win8-only, but any manufacturer that sells motherboards to end-users
> will either provide user access to the UEFI keystore, or they will
> allow bootloader signature checking to be disabled.
>
> --
> :wq
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20111011/4dab2f06/attachment.html>


More information about the grlug mailing list