Again, Secure Boot is a different topic and has nothing to do with the re-design of anaconda. Work on SB support is progressing pretty smoothly and not really holding up F18 development.

SB doesn't actually involve TPM in any way, they're separate technologies. There's no hardware element to SB, as Matt puts it, "No, Secure Boot has no chipset requirements. All trust is rooted in the firmware." In some ways it's a similar mechanism, but that's all. Not all SB machines have a TPM inside or anything.

When I am wrong I am wrong, and I admit it.


Hi Adam

In my view, secure boot mother boards consisted of the UEFI bios along with TPM support. The bios integrates the two. I believed that the boot loader and anaconda were one and the same module.

Thank you for clarifying the situation for me and the readers. I was wrong and I do thank you for the corrected information.

Leslie

So Microsoft had sucess they defined a useless feature, and created work for several months for opensource devs, and even worse, there will be hundrets of bug reports because of secureboot problems in future bug reports, like it was/is with acpi, on some even today 100 years after defining that crap pcs dont suspend... but now if something goes wrong they just dont boot linux, and thousends of people will blame "linux" therefor and will not try it out because of such bugs.

Nice.

well, the post didn't really do a good job of showing the design at all. It more just seemed to be a series of detail-based nitpicks. The broad design is much the same as you see there, but there have been all sorts of detail tweaks.

edit: oh hey, somehow when I clicked your link I got to page two. Page one has a lot more stuff. Still, my reply more or less stands: the broad design is the same, it's been refined a lot. I'd say just wait for the Beta to come out and try it.

I get the irony, but I was not sure if that was the design you had in mind or not.

No, we've just been sitting around and twiddling our thumbs for three months.

This is confused, in several ways.

For a start, you're confusing UEFI and Secure Boot. UEFI is a new firmware standard for PCs, replacing the old BIOS standard. It has been around for several years, and Fedora has supported it for several releases, since Fedora 12 at least.

You seem to be talking about Secure Boot, which is a single feature of recent versions of the UEFI specification. It is not mandatory under the UEFI spec, though it is required by Microsoft's Windows 8 certification program. Many systems have already shipped with UEFI firmwares in the last few years, with no Secure Boot. I'm typing this on one.

As far as Secure Boot goes, most of the necessary support is not in anaconda, it is in the bootloader and kernel layers. anaconda does not have to do anything special to support Secure Boot, really, beyond maybe installing an extra package.

And in terms of actually supporting Secure Boot - it is more correct to say that many parties, including RH and SUSE, have been working in collaboration to support SB. RH's Matthew Garrett came up with the broad design that Fedora, SUSE and Ubuntu will all use. SUSE suggested a neat revision to the design which Matt liked, and incorporated into his work; it's not correct to say that we started out with one codebase and then completely ditched it for a different one which SUSE designed, this is a misrepresentation. Since SUSE's plan was pretty much the same as Matt's plan plus the neat improvement, and Matt added their suggested improvement, they just decided to use the code Matt was working on. In the end it works out as a collaborative effort.

Fedora and SUSE will both use virtually the same code for SB support. Ubuntu will use a slightly older version of the same code initially, configured in a slightly different way. As Matthew wrote at http://mjg59.dreamwidth.org/18945.html:

"As far as I know, Suse and Fedora will be shipping the same code. Ubuntu is shipping an older version of Shim but should pick up the local key management code in the next release. The only significant difference is that Ubuntu doesn't require that kernel modules be signed."

I do recommend reading through Matt's blog archive on the topic. It's dense stuff, but you'll wind up better informed

I do hope some things have improved from this early look last August though in terms of design:

Anaconda is in the critical path

New hardware systems are uefi based. Anaconda was first coded with one solution, and then, following SUSE, whose solution was superior, they dropped that solution for one that is as compliant.
Anaconda will be used by other distributions such as CENTOS, SCIENTIFIC LINUX, RED Hat Linux and other Linuxes that are forks of Fedora.

Solving the problem for Fedora is solving it for others. It has to work on many platforms, uefi and non uefi, on the mac and on pentium 3 systems as well as the atom.

That is quite a feat. The UBUNTU solution as far as I know, is a temporary one, that UBUNTU started with a year ago. The solution that parallels Fedora and SUSE will probably be presented in a later UBUNTU version.

I am using Fedora 18 based an the Alpha release. Because it was alpha, some stuff needs tweaking, but all the applications I have downloaded and used, work flawlessly.

So yes, we understand that Anaconda is late, and that the programer(s) are under pressure, but we must also back off from criticism. The new anaconda looks very much better than the legacy version from which we are moving away. One cannot divide ones attention to multiple problems when the others require a solid reliable installer program.