Home opinion-and-analysis Open Sauce Secure boot: technical types spreading half-baked information

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Linux distributions are making slow progress on implementing measures to ensure that their images available for download are bootable on hardware that has secure boot turned on.

Secure boot is a feature of the UEFI, the Unified Extensible Firmware Interface, a replacement for the BIOS.

Microsoft has implemented this feature on hardware certified for Windows 8 in a way that requires the exchange of cryptographic keys; since the company controls the key-signing authority, anyone who wants to create a bootable medium has to necessarily obtain a key from Redmond.

Misinformation is rife about secure boot, simply because people confuse UEFI with secure boot and think that support for the former means support for the latter. Many so-called technical types are as guilty as others of spreading wrong information.

And misinformation is present in places where one does not expect to find it.

Linux kernel developer Matthew Garrett had a post on his personal blog a few days ago where this was the case. Garrett, it must be noted, has been involved in contributing code towards a solution for secure boot.

This post began gratuitously: "It's after Christmas, and some number of people doubtless ended up with Windows 8 PCs and may want to install Linux on them. If you'd like to do that without fiddling with firmware settings, here are your options."

All the information in this post was either old, or else gleaned from third parties. No verification was done before posting.

Garrett mentioned that Sabayon Linux, a distribution based on Gentoo, would now support booting out of the box on machines that have secure boot enabled. He said he could not speak for the current CD images - but then how would someone who wants to install Linux operate, except via these images?

Unfortunately, given his role in the response from Linux developers to secure boot, this half-baked information is spreading around the web.

I tested out a recent Sabayon image yesterday and while it does offer a menu that leads one to believe that it will boot after a key is installed, none of the keys provided work.

Garrett mentioned that Ubuntu 64-bit will boot on secure boot-enabled devices; this is well-known, but he did not make it clear whether his statement was not based on any personal testing. He now claims he has tested this version on a secure boot-enabled machine. I tested it out sometime back and verified it; I also pointed out that it would not install on the same disk as Windows 8. One had to use a second disk.

Garrett also mentioned that the recent test builds of Fedora 18 would support secure boot; while this is correct, the distribution cannot yet be installed on such systems, no matter if one has a single disk or two. Once again, this is from my own testing. The fact that Garrett provided is worthless in the light of his statement "...some number of people doubtless ended up with Windows 8 PCs and may want to install Linux on them".

There was some speculation about SUSE too, with Garrett saying, "Suse will be using a version of Shim signed by Microsoft, but I don't think it's in any pre-release versions yet." I tested out an openSUSE 12.3 Milestone 2 release a few days back. It does not support secure boot yet - no ifs, or buts or shoulds.

The latest Debian test releases cannot boot on secure boot-enabled hardware either. Garrett's statement that these releases support UEFI is correct but this is misleading because many people will take it to mean that secure boot is supported as well. Linux has been able to boot on machines with UEFI for a long time. It is only the secure boot hurdle that has to be overcome.

FREE CLOUD BACKUPS MANAGEMENT WEBINAR

Are your technicians spending too much time just managing your clients cloud backups?

Backups are an important part of any IT business but they should not consume more than their fair share of time and money.

Discover how to reduce the amount of time & money spent managing your Cloud Backups during this Free Webinar.

REGISTER FOR FREE WEBINAR!

FREE NETWORKING SERVICES CASE STUDY

As one of the world’s largest social networking services, Facebook handles a lot of user information, and requires input from an astounding range of stakeholders 24 hours a day, 7 days a week — from both inside and outside the business.

Discover how Facebook was helped to connect remote employees, vendors, consultants, and partners to applications and web services quickly and reliably - without risking sensitive data.

GET CASE STUDY!

GET THE IT BUDGET YOU WANT

Explore your Network Treasure Trove to get the IT Budget you want

With Australian businesses projected to spend over $78.7 Billion why does it feel like you can never get the budget you need?.

In most cases your budget will get approved because the proposals are not only technically correct, but also provide good, credible evidence on how the spend aligns with key business objectives.

Did you know that your Network Monitoring tool can help you build a comprehensive business case without an MBA?

HERE ARE 8 TIPS TO GET THE IT BUDGET YOU WANT.

CLICK HERE!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

Connect

 

 

 

 

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities