Linux Foundation Releases Secure Boot System
The Linux Foundation has finally released its UEFI Secure Boot system that's intended for independent Linux distributions and software developers to more easily have access to a signed boot shim.
Last October, the Linux Foundation announced their Secure Boot plan that involved writing a pre-bootloader that would be signed with a Microsoft key and in turn chain-load any normal operating system boot-loader without mandating any signature checks. This would make it especially easy for smaller Linux distributions that don't have the time or resources to get their own Microsoft-verified key.
In November the foundation shared they were hitting obstacles with Microsoft and Verisign/Symantec for obtaining a valid signing key. A few days later James Bottomley on the behalf of the Linux Foundation said they are less concerned about Secure Boot for ARM hardware.
Last week it was shared the Linux Foundation was still working on their Secure Boot approach. Bottomley said they had to re-architect their pre-bootloader because it wouldn't work with the simple Gummiboot EFI boot-loader due to differences in how Gummiboot boots its kernels compared to shim and other alternatives.
Finally, today, James Bottomley has shared the Linux Foundation Secure Boot System has been released to the public. There's validated PreLoader.efi and HashTool.efi files. Bottomley also constructed a mini-USB image that is bootable and simply provides an EFI shell where the kernel should be and uses Gummiboot to boot.
Details on the Linux Foundation Secure Boot System release can be found via James Bottomley's blog.
Last October, the Linux Foundation announced their Secure Boot plan that involved writing a pre-bootloader that would be signed with a Microsoft key and in turn chain-load any normal operating system boot-loader without mandating any signature checks. This would make it especially easy for smaller Linux distributions that don't have the time or resources to get their own Microsoft-verified key.
In November the foundation shared they were hitting obstacles with Microsoft and Verisign/Symantec for obtaining a valid signing key. A few days later James Bottomley on the behalf of the Linux Foundation said they are less concerned about Secure Boot for ARM hardware.
Last week it was shared the Linux Foundation was still working on their Secure Boot approach. Bottomley said they had to re-architect their pre-bootloader because it wouldn't work with the simple Gummiboot EFI boot-loader due to differences in how Gummiboot boots its kernels compared to shim and other alternatives.
Finally, today, James Bottomley has shared the Linux Foundation Secure Boot System has been released to the public. There's validated PreLoader.efi and HashTool.efi files. Bottomley also constructed a mini-USB image that is bootable and simply provides an EFI shell where the kernel should be and uses Gummiboot to boot.
Details on the Linux Foundation Secure Boot System release can be found via James Bottomley's blog.
10 Comments