LF: There's Less Concern About ARM UEFI SecureBoot
Posted by Michael Larabel on November 27, 2012
James Bottomley wrote a new blog post this morning about why the Linux Foundation really isn't concerned about UEFI SecureBoot on ARM hardware (smart-phones, tablets, etc) compared to the work they are doing on x86 PCs with UEFI SecureBoot support for Linux.
Last month the Linux Foundation announced their UEFI SecureBoot plans for dealing with Microsoft Windows 8 PCs. Their plans basically equated to legally obtaining a Microsoft key and signing a small pre-bootloader that in turn could chain load a predesignated boot loader that would in turn boot Linux or any other operating system without having to deal with the SecureBoot mess. The signed pre-bootloader will be available from the Linux Foundation web-site for anyone to use along with the source-code, albeit not their private key. The foundation is still working to obtain a SecureBoot key and their SecureBoot focus has just been for x86 hardware.
With Linux users wondering why the Linux Foundation isn't diving into some SecureBoot solution for ARM, James Bottomley wrote a lengthy explanation. The reasons that ARM SecureBoot isn't being actively pursued include:
- Windows dominates on desktop PCs where as in the ARM space Apple and Android are dominating. Nearly all desktop PCs from major vendors are Windows 8 certified -- thus the SecureBoot mandate -- where as right now in the ARM mobile/embedded space there isn't the Redmond dominance.
- All Apple iPhones and iPads -- most of the devices out there -- are already locked down. If the Linux Foundation were to attack Microsoft in this space, they would also need to attack Apple and there's very little chance Apple would become more open with their devices.
- A lot of Android devices are locked down too. However, at least in recent times, more Android vendors have become more open about allowing their devices to be locked / rooted in order to create a thriving mod community.
- Regardless of how much the phone/tablet vendor tries to lock down and secure a device, generally within a few weeks of any new product launch, the modding community achieves success in rooting the device.
Bottomley ends today's blog post with "if the Surface (or Windows phone) hardware is really enticing, I’ve no doubt we’ll see a Linux variant running on it in the near future regardless of UEFI secure boot." His post can be read here.
Last month the Linux Foundation announced their UEFI SecureBoot plans for dealing with Microsoft Windows 8 PCs. Their plans basically equated to legally obtaining a Microsoft key and signing a small pre-bootloader that in turn could chain load a predesignated boot loader that would in turn boot Linux or any other operating system without having to deal with the SecureBoot mess. The signed pre-bootloader will be available from the Linux Foundation web-site for anyone to use along with the source-code, albeit not their private key. The foundation is still working to obtain a SecureBoot key and their SecureBoot focus has just been for x86 hardware.
With Linux users wondering why the Linux Foundation isn't diving into some SecureBoot solution for ARM, James Bottomley wrote a lengthy explanation. The reasons that ARM SecureBoot isn't being actively pursued include:
- Windows dominates on desktop PCs where as in the ARM space Apple and Android are dominating. Nearly all desktop PCs from major vendors are Windows 8 certified -- thus the SecureBoot mandate -- where as right now in the ARM mobile/embedded space there isn't the Redmond dominance.
- All Apple iPhones and iPads -- most of the devices out there -- are already locked down. If the Linux Foundation were to attack Microsoft in this space, they would also need to attack Apple and there's very little chance Apple would become more open with their devices.
- A lot of Android devices are locked down too. However, at least in recent times, more Android vendors have become more open about allowing their devices to be locked / rooted in order to create a thriving mod community.
- Regardless of how much the phone/tablet vendor tries to lock down and secure a device, generally within a few weeks of any new product launch, the modding community achieves success in rooting the device.
Bottomley ends today's blog post with "if the Surface (or Windows phone) hardware is really enticing, I’ve no doubt we’ll see a Linux variant running on it in the near future regardless of UEFI secure boot." His post can be read here.
Discuss this article in our forums, IRC channel, or email the author. You can also follow our content via RSS and on social networks like Facebook, Identi.ca, and Twitter (@Phoronix and @MichaelLarabel). Subscribe to Phoronix Premium to view our content without advertisements, view entire articles on a single page, and experience other benefits.
Copyright © 2004 - 2013 by Phoronix Media.
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).