BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] UEFI secure boot pre-loader security considered further Re: Fwd: [linux_forensics] Did you see this ? - Linux Foundation Announces Secure Boot Solution ....

Subject: [Discuss] UEFI secure boot pre-loader security considered further Re: Fwd: [linux_forensics] Did you see this ? - Linux Foundation Announces Secure Boot Solution ....
From: richard.pieri at gmail.com (Rich Pieri)
Date: Mon, 5 Nov 2012 13:00:29 -0500
In-reply-to: <5097F0C8.1000100@gmail.com>
References: <CAAbKA3UwGaTbVUWPyMmDO7krZEKbjXHNT5w5y0VyLxx1Gt_sug@mail.gmail.com> <5093D5F1.9060903@blu.org> <20121102152631.0000193e@unknown> <5097F0C8.1000100@gmail.com>

On Mon, 05 Nov 2012 13:00:56 -0400
Tom Metro <tmetro+blu at gmail.com> wrote:

> I haven't seen any recent articles that have made this claim. What I

The Linux Foundation article that sparked this thread repeatedly made
precisely this claim.

> have seen expressed is a concern that non-technical users that aren't
> comfortable changing BIOS settings will find the requirement to turn
> off secure boot too high of a barrier to trying out a Linux CD.

This is a legitimate concern, true, but it has nothing to do with UEFI
Secure Boot per se. BIOS and EFI changes were required in the early
days of SATA disks due to lack of driver support in the Linux kernel.
These changes sometimes still are required, notably on computers using
soft RAID drivers and Intel RST.

> The dual-boot issue Jerry mentioned I hadn't heard of before. I agree
> that further confirmation is required before that is declared a
> problem.

Agreed, and this is a thing that requires verifiable testing. "Some web
site I read said..." doesn't cut it. This is something I intend to do
but I need time to do it right and materials to ensure that I have a
viable backout plan.

> I don't understand what you mean by "lack of hardware support." Have
> you seen the wide range of ARM-based devices that Linux has been
> ported to? Do you really believe it would take more than a few weeks

I've seen more ARM devices that don't have Linux ports (Newton, the
entire line of Windows Phone devices for examples) along with plenty of
incomplete ports (like the iPAQ and Palm Tungsten lines). Given that it
took a team of clever folks several years to get Familiar into a usable
state on iPAQ, and that's only a portion of the devices sold under that
brand, I genuinely do not expect anyone will get a working Linux
deployment on ARM Surface with just a few weeks worth of effort.

-- 
Rich P.

References:
- [Discuss] UEFI secure boot pre-loader security considered further Re: Fwd: [linux_forensics] Did you see this ? - Linux Foundation Announces Secure Boot Solution ....
  - From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] UEFI secure boot pre-loader security considered further Re: Fwd: [linux_forensics] Did you see this ? - Linux Foundation Announces Secure Boot Solution ....
  - From: gaf at blu.org (Jerry Feldman)
- [Discuss] UEFI secure boot pre-loader security considered further Re: Fwd: [linux_forensics] Did you see this ? - Linux Foundation Announces Secure Boot Solution ....
  - From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] UEFI secure boot pre-loader security considered further Re: Fwd: [linux_forensics] Did you see this ? - Linux Foundation Announces Secure Boot Solution ....
  - From: tmetro+blu at gmail.com (Tom Metro)

Prev by Date: [Discuss] UEFI secure boot pre-loader security considered further Re: Fwd: [linux_forensics] Did you see this ? - Linux Foundation Announces Secure Boot Solution ....
Next by Date: [Discuss] Getting OS/HW details?
Previous by thread: [Discuss] UEFI secure boot pre-loader security considered further Re: Fwd: [linux_forensics] Did you see this ? - Linux Foundation Announces Secure Boot Solution ....
Next by thread: [Discuss] Getting OS/HW details?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org