UEFI On Linux Is Like A Pathogen
Posted by Michael Larabel on April 06, 2012
Red Hat's Matthew Garrett talked this week again about the troubles in supporting UEFI under Linux.
With Linux support for PCI Express ASPM having been corrected to address the notorious Linux kernel power regression of last year, Matthew Garrett's latest topic and focus of work has been on UEFI for Linux.
Matthew's commonly talking about the UEFI problems with Linux, especially when it comes to the Secure Boot functionality. Some past examples (and some reading for reference) include UEFI Secure Boot Still A Big Problem For Linux, Going Over The Good & Bad For UEFI On Linux, and Myths About Secure Boot: Security, Microsoft, Etc.
Matthew Garrett's talk this time about UEFI on Linux wasn't as negative, but went over how UEFI is a BSD-licensed PC BIOS replacement, is required for Microsoft Windows 8 certification, and has support for some useful features like handling disk drives greater than 2.2TB in size and IPv6 support. There's also some benefits like being able to boot at the native graphics mode, potential for a seamless boot experience, and offers persistent variable storage.
The negative items about UEFI on Linux that Garrett expressed include UEFI receiving little testing on consumer hardware, several significant bugs, the specification is quite complex at 2214 pages in length, kernel workarounds are needed for ensuring compatibility, and SecureBoot itself is a bitch for Linux. The significant UEFI bugs also have the potential of crippling hardware.
The key concerns with UEFI SecureBoot on Linux come down to being the Linux kernel needing to be heavily locked-down, no support for unsigned kernel modules (especially binary / out-of-tree modules), and no direct hardware access from user-space. Besides the obvious issues with UEFI SecureBoot on Linux, there's also license concerns about it with the GPLv3, lots of code to write, and getting anything wrong is a serious problem.
With Linux support for PCI Express ASPM having been corrected to address the notorious Linux kernel power regression of last year, Matthew Garrett's latest topic and focus of work has been on UEFI for Linux.
Matthew's commonly talking about the UEFI problems with Linux, especially when it comes to the Secure Boot functionality. Some past examples (and some reading for reference) include UEFI Secure Boot Still A Big Problem For Linux, Going Over The Good & Bad For UEFI On Linux, and Myths About Secure Boot: Security, Microsoft, Etc.
Matthew Garrett's talk this time about UEFI on Linux wasn't as negative, but went over how UEFI is a BSD-licensed PC BIOS replacement, is required for Microsoft Windows 8 certification, and has support for some useful features like handling disk drives greater than 2.2TB in size and IPv6 support. There's also some benefits like being able to boot at the native graphics mode, potential for a seamless boot experience, and offers persistent variable storage.
The negative items about UEFI on Linux that Garrett expressed include UEFI receiving little testing on consumer hardware, several significant bugs, the specification is quite complex at 2214 pages in length, kernel workarounds are needed for ensuring compatibility, and SecureBoot itself is a bitch for Linux. The significant UEFI bugs also have the potential of crippling hardware.
The key concerns with UEFI SecureBoot on Linux come down to being the Linux kernel needing to be heavily locked-down, no support for unsigned kernel modules (especially binary / out-of-tree modules), and no direct hardware access from user-space. Besides the obvious issues with UEFI SecureBoot on Linux, there's also license concerns about it with the GPLv3, lots of code to write, and getting anything wrong is a serious problem.
Discuss this article in our forums, IRC channel, or email the author. You can also follow our content via RSS and on social networks like Facebook, Identi.ca, and Twitter (@Phoronix and @MichaelLarabel). Subscribe to Phoronix Premium to view our content without advertisements, view entire articles on a single page, and experience other benefits.
Copyright © 2004 - 2013 by Phoronix Media.
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).