Monday, 01 July 2013 10:34

FreeBSD begins process to support secure boot Featured


The FreeBSD project has begun the process of making it possible for the operating system to run alongside Windows 8 on a computer which has secure boot enabled.

Secure boot is a feature of the Unified Extensible Firmware Interface or UEFI, the replacement for the BIOS on the motherboard.

Microsoft has implemented secure boot for Windows 8, using cryptographic keys for authenticating the kernel that is being loaded. This means that any other operating system looking to load itself on a secure boot-enabled Windows 8 system has to also be able to authenticate itself.

Some GNU/Linux distributions have developed their own methods of booting on such hardware. However, installing such distributions alongside Windows 8 is still not an easy task for the average user.

Veteran FreeBSD developer Marshall McKusick (pictured) told iTWire, in response to queries, "We looked to see how the Linux distros had handled secure boot. They had approached Microsoft who agreed to sign their boot loader so that the distros would be able to boot Linux.

"To avoid having to go back and re-certify and sign their boot loader every time they needed to make any change to it, the Linux folks created a very minimal "loader" that does nothing more than load their real loader which then works as before. And since the handoff is from their shim loader, for which they know the key being used, they can sign their real loader any time they need to change it.

McKusick said FreeBSD planned to do the same thing. "Indeed we will likely take the Linux shim loader, put our own key in it, and then ask Microsoft to sign it. Since Microsoft will have already vetted the shim loader code, we hope that there will be little trouble getting them to sign our version for us."

Asked about a timeline for the implementation of secure boot support, McKusick replied: "We just started pursing this after a UEFI strategy meeting at BSDCan in May, so we have not yet gotten far enough through the process to have any idea when we will be able to have something that we can use.

"Microsoft could be very responsive or not. My feeling from having talked to others is that Microsoft is only willing to go along with other operating systems at all just so that they could get the program in place. Now that they can point to at least one other example that uses secure boot they may not be in a big hurry to add more. Or they may get off the dime. We shall see."

McKusick said the goal was to have at least FreeBSD able to dual-boot on a PC running Windows 8 with secure boot.

"I don't yet know what legal limitations Microsoft will put on us signing for other folks' boot loaders. Based on past examples, we will likely only be permitted to sign our own releases," he said when asked this would also apply to forks of FreeBSD.

FreeBSD is one of three operating systems derived from the BSD which was developed at the University of California in Berkeley. All three - the others are OpenBSD and NetBSD - enjoy a very good reputation for security and run some of the internet servers with the longest uptimes.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments