 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
> State of Secure Boot detailed > http://www.h-online.com/security/news/item/State-of-Secure-Boot-detailed-1741460.html > > Red Hat and Fedora developer Matthew Garrett has detailed the "range > of subtle changes" that have taken place since he began working on > Secure Boot support. > [...] > > Linux Foundation support for booting Linux on Windows 8 PCs delayed > http://www.zdnet.com/linux-foundation-support-for-booting-linux-on-windows-8-pcs-delayed-7000007673/ > > Bottomley...told me "We're all done and dusted with the signed > contract with Microsoft and the binary ready to release. However, > I've been having bizarre experiences with the Microsoft sysdev > centre." An update: All Linux Distributions Get the Secure Boot Bootloader http://news.softpedia.com/news/All-Linux-Distributions-Get-the-Secure-Boot-Bootloader-311259.shtml Matthew Garrett, ex-power management and mobile Linux developer at Red Hat, proudly announced last evening, November 30, that a usable release of the Secure Boot bootloader is now available for download. Dubbed shim, this software is designed for all Linux-based operating system that want to support secure boot and that do not want to get in cahoots with the greedy Microsoft Corporation. "As of 17:00 EST today, I am officially (rather than merely effectively) no longer employed by Red Hat, and this binary is being provided by me rather than them, so don't ask them questions about it." "Special thanks to everyone at Suse who came up with the MOK concept and did most of the implementation work - without them, this would have been impossible." said Matthew Garrett in the blog announcement. [...] "On boot, the end-user will be prompted with a 10-second countdown and a menu. Choose "Enroll key from disk" and then browse the filesystem to select the key and follow the enrolment prompts." "Any bootloader signed with that key will then be trusted by shim, so you probably want to make sure that your grubx64.efi image is signed with it." continued Matthew Garrett in the announcement. also: Shimming your way to Linux on Windows 8 PCs http://www.zdnet.com/shimming-your-way-to-linux-on-windows-8-pcs-7000008246/ This approach is not the same as the one that Garrett devised for use with Fedora Linux. That approach uses a Fedora-specific key that's based on a Microsoft/Verisign-supplied Secure Boot key. While that meant dealing with Microsoft, it was as Garrett had written earlier, "Easy enough for us [Red Hat] to do, but not necessarily practical for smaller distributions." It's also, as The Linux Foundation has found, in its so-far failed attempts to obtain a universal Secure Boot key for Linux distributions, really not that easy at all. What Garrett has done with his shim approach is to create a signed boot-loader that can add keys to its own database. This is built on SUSE's bootloader design. In the SUSE design, the boot-loader has its own key database, besides the UEFI specification's key database. I'm confused. This last article implies the shim being made available is independent of the solution the Linux Foundation was working on (if the Foundation has failed to obtain a key, then it can't be their solution being released), even though it sounds like the same people and the same design. -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
