[coreboot] Feedback On Coreboot: the Solution to the Secure Boot Fiasco
Andrew Goodbody
ajg4tadpole at gmail.com
Wed Jan 2 18:58:27 CET 2013
On 02/01/13 17:08, ron minnich wrote:
> On Mon, Dec 31, 2012 at 11:23 AM, David Hubbard
> <david.c.hubbard+coreboot at gmail.com> wrote:
>
>> Andrew has good points. Technically there's nothing about Secure Boot that
>> can be proven to exclude alternative OS's such as Linux.
>
> While that is technically true, I am starting to see reports of
> systems that, at the very least, are making it hard to boot anything
> but Windows. Also. Microsoft has exercised its power to limit the
> types of binaries that will be signed, e.g. anything built with GPL V3
> will not be signed. Now, while they may have valid reasons, this does
> demonstrate the extent of Microsoft's power over platforms with Secure
> Boot. I find it worrisome.
Hmm the GPL v3 thing is indeed troublesome. However shim is being signed
which does at least give us one way to boot GNU/Linux without turning
Secure Boot off. You can then of course use GPL v3 code in the bootpath
after shim.
> Given what a mess the vendors have made of $PIR/_MP/ACPI over the
> years, I don't see the UEFI Secure Boot situation being much better.
> So, get ready for desktops/laptops that "should" boot non-Windows
> OSes, but don't.
I am sure that it is the old story, most testing will be done against
Windows. Anything more will be the exception. This is where the pressure
needs to be put on the platform vendors as this is the part that they
are responsible for. When you find motherboards that will only boot
Windows then make a noise about it, complain and send them back. When
you find motherboards that work correctly then also make a noise but do
it complimenting the vendor.
> Garret's blog is well worth reading on this whole issue.
Yes.
> ron
>
Andrew
More information about the coreboot
mailing list