Announcement

Collapse
No announcement yet.

Ubuntu's Plans To Implement UEFI SecureBoot: No GRUB2

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ubuntu's Plans To Implement UEFI SecureBoot: No GRUB2

    Phoronix: Ubuntu's Plans To Implement UEFI SecureBoot: No GRUB2

    Canonical has shared publicly their plans this morning on how they plan to implement support for UEFI SecureBoot on future versions of Ubuntu Linux...

    http://www.phoronix.com/vr.php?view=MTEyNDY

  • #2
    This is getting stupider by the day

    Comment


    • #3
      FUCK you, Canonical!

      Comment


      • #4
        fuck ms, fuck uefi

        Comment


        • #5
          So let me get this straight, they want to boot a MS signed bootloader which has very strict rules, then they chainload their own bootloader which is very liberal about what it loads. Wasn't this whole signing thing supposed to make security better?

          Seems to prove that the whole idea from the start is flawed.

          Comment


          • #6
            Originally posted by pheldens View Post
            fuck ms, fuck uefi
            They too!

            But Canonical and Red Hat are now the Microsoft whores, paying the cost for staying alive even in a very bad environment.

            They are showing their real nature these days...

            Comment


            • #7
              I dont get why this Secured Boot and requiring Microsoft key doesn't bring an Anti-trust suit againt MS. I mean, they're basically locking out people from using other OS unless these OS have paid MS for the signing. That's a hell of case!

              Comment


              • #8
                It seems like a reasonable solution to go with. What else would you do?

                Not that Microsoft forcing this on everybody is a good thing...

                Comment


                • #9
                  I just wanted to say, fuck canonical for doing that, I just trying fedora... so thats the point where I beginn to switch here... but then I read something that the redhat guys go the same way... was I wrong about them complaining against it loudest, wasnt it them who are more free software guys than opensource or more serios opensource how you want to define that is subjective ^^

                  So where is the alternative, I dont want go back to gentoo or something like that... I dont want to use different software not because its better just because it is not gplv3, I want no tivoisation, I want gpl3, I use gpl3+ for my stuff...

                  It just sucks... I dont want to use a very old debian releases but I dont want a bleeding edge compile your stuff yourself distri... even arch linux what gets very much attention is not so complete... their AUR packages are often broken (see as example gnome-boxes)

                  Where is the alternative... we need a new maybe debian-based more free but closer to upstream versions linux alternative, that have much users, maybe it could be linux-mint debian edition or somthing like that, but there must work more people for that, or something like sidux for gnome-shell not for kde ^^

                  I hope something changes I dont want to use ubuntu anymore, because they made several desitions I do not agree to, and thats the point where it goes fo far for me, and then I read fedora does the same, unbelivable...

                  Comment


                  • #10
                    when i get some UEFI hardware I will put my own key on it. Then I can run whatever I want. And I can be sure it will only run stuff I signed. Sounds pretty handy for me. (Though as I am unlikely to audit all the code that I'd sign then i am probably not much more secure than currently)

                    Of course most folk don't want to mess around in their BIOS, so i am glad that the major distros work with the default keys.

                    (If someone makes some hardware where i cannot change the key then I would not buy it.)

                    Comment


                    • #11
                      Could Canonical be leading its Users slowly into the abyss?

                      Personally I think signed operating systems are putting all their eggs in one basket when considering boot layer attack. Get attacked and your whole system will be non-loadable and unlikely to be repaired without special(costly) certificate access.

                      Comment


                      • #12
                        One thing is sure is computer companies with an agenda, will try to push Users into cloud computer, so there could be a conspiracy to make personal local storage, prone to problems. If people start getting attacked at a boot layer, then people will be moving their data into storage providers, al a storage clouds, al a paid service and data mined.

                        Comment


                        • #13
                          Also on the subject of keys and the GPL3. it says

                          “Installation Information” for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.
                          https://www.gnu.org/licenses/gpl-3.0-standalone.html

                          so suppose, I sell you a device which will only run a binary signed by me. You can ask me for the code and everything necessary for you to install a modified version of the code. I can generate a personal key for you, and send you instructions for how to add that key to the device (equally i could tell you how to generate your own key). you can then run your modified version, and i have kept my key secure.

                          Surely that satisfies the GPL3.

                          Surely I would only have to give you my key if you were unable to modify the keys on the device.

                          There are 2 reasons to make hardware only run signed code. Lock down for the manufacturers benefit, and security for the users benefit. One is bad, one is good. Microsoft might have a strong interest in blurring the 2 issues. But the GPL only disallows the first.

                          Comment


                          • #14
                            Originally posted by ssam View Post
                            when i get some UEFI hardware I will put my own key on it. Then I can run whatever I want. And I can be sure it will only run stuff I signed. Sounds pretty handy for me. (Though as I am unlikely to audit all the code that I'd sign then i am probably not much more secure than currently)

                            Of course most folk don't want to mess around in their BIOS, so i am glad that the major distros work with the default keys.

                            (If someone makes some hardware where i cannot change the key then I would not buy it.)
                            Nobody can be forced to buy UEFI hardware with pre-installed MS or Ubuntu etc. I hope.

                            Comment


                            • #15
                              What? Why not implement a very simple bootloader that chainloads Grub2 from the partition? This loader can be very simple, all menus and FS support etc will still be done by Grub2. And the big advantage: Everybody can use it to launch their favorite *actual* bootmanagers or kernels. And its so damn simple it will never have to be modified.

                              Comment

                              Working...
                              X