1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking Benchmarking Platform
Phoromatic Test Orchestration

Linux Foundation Comes Up With SecureBoot Plan

Hardware

Published on 10 October 2012 07:44 PM EDT
Written by Michael Larabel in Hardware
17 Comments

The Linux Foundation has shared their plan for how they intend to deal with UEFI SecureBoot for running Linux on PCs that have this Microsoft-pushed feature for trying to secure the system boot process.

James Bottomley has shared the LF UEFI SecureBoot plan on the behalf of the Linux Foundation and its Technical Advisory Board. The plans were shared via his blog and effectively comes down to: "The Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system). The pre-bootloader will employ a “present user” test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems. This pre-bootloader can be used either to boot a CD/DVD installer or LiveCD distribution or even boot an installed operating system in secure mode for any distribution that chooses to use it."

As soon as the Linux Foundation is able to obtain a SecureBoot key from Microsoft, they will release this new pre-bootloader on their web-site.

Bottomley adds, "The current pre-bootloader is designed as an enabler only in that, by breaking the security verification chain at the actual bootloader, it provides no security enhancements over booting linux with UEFI secure boot turned off. Its sole purpose is to allow Linux to continue to boot on platforms that come by default with secure boot enabled."

"It is designed to be as small as possible, leaving all the work to the real bootloader. The real bootloader must be installed on the same partition as the pre-bootloader with the known path loader.efi (although the binary may be any bootloader including Grub2). The pre-bootloader will attempt to execute this binary and, if that succeeds, the system will boot normally." The source to this UEFI SecureBoot pre-bootloader is currently available, but not exactly useful until the Linux Foundation receives its proper key.

Meanwhile, Ubuntu already has their own SecureBoot plans and other distributions have also been brewing their own plans.

About The Author
Michael Larabel is the principal author of Phoronix.com and founded the web-site in 2004 with a focus on enriching the Linux hardware experience and being the largest web-site devoted to Linux hardware reviews, particularly for products relevant to Linux gamers and enthusiasts but also commonly reviewing servers/workstations and embedded Linux devices. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics hardware drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated testing software. He can be followed via and or contacted via .
Latest Linux News
  1. Linux 4.1-rc5 Kernel Released
  2. Mesa 10.5.6 Brings Fixes All Over The Place
  3. NVIDIA's Proprietary Driver Is Moving Closer With Kernel Mode-Setting
  4. The Latest Linux Kernel Git Code Fixes The EXT4 RAID0 Corruption Problem
  5. Features Added To Mesa 10.6 For Open-Source GPU Drivers
  6. Ubuntu's LXD vs. KVM For The Linux Cloud
  7. Fedora Server 22 Benchmarks With XFS & The Linux 4.0 Kernel
  8. GCC 6 Gets Support For The IBM z13 Mainframe Server
  9. Fedora 22 Is Being Released Next Tuesday
  10. OpenWRT 15.05 Preparing Improved Security & Better Networking
Latest Articles & Reviews
  1. The Latest Features For Linux Performance Management + Benchmark Monitoring
  2. Noctua NH-U12DX i4 + NF-F12
  3. Btrfs RAID 0/1 Benchmarks On The Linux 4.1 Kernel
  4. The State Of Various Firefox Features
Most Viewed News This Week
  1. The Linux 4.0 Kernel Currently Has An EXT4 Corruption Issue
  2. The Linux 4.0 EXT4 RAID Corruption Bug Has Been Uncovered
  3. Microsoft Open-Sources The Windows Communication Foundation
  4. Systemd 220 Has Finally Been Released
  5. Another HTTPS Vulnerability Rattles The Internet
  6. LibreOffice 5.0 Open-Source Office Suite Has Been Branched
  7. LibreOffice 5.0 Beta 1 Released
  8. Will Ubuntu Linux Hit 200 Million Users This Year?