Linked by Howard Fosdick on Thu 6th Dec 2012 05:26 UTC
OSNews, Generic OSes With computers now shipping with UEFI Secure Boot enabled, users of any OS other than Windows 8 will want to know how to circumvent it. Jesse Smith of DistroWatch tells how he did it here. The Linux Foundation describes its approach here. If you want to boot an OS other than Windows 8, you'll want to figure this out before you buy that new computer.
Permalink for comment 544413
To read all comments associated with this story, please click here.
RE: Fedora Shim
by Alfman on Thu 6th Dec 2012 15:20 UTC in reply to "Fedora Shim"
Alfman
Member since:
2011-01-28

Brendan,

"I think Fedora are also planning to create a 'shim'. The basic idea is that it's signed with Microsoft's key, and boots other boot loaders."

It's not exactly that simple. Because of the way secure boot was designed (for 3rd party control rather than security), it cannot pass control back to users without compromising security.

Consider that malware could exploit this and install the unrestricted bootloader (signed by microsoft's key) and then install a backdoor through the unrestricted bootloader. This would break secure boot's security on every secure boot desktop in the world and not just your desktop. Now MS would be forced to admit that secure boot is permanently broken, or it would revoke Fedora's key and break legitimate linux installs everywhere.


This is another reason I hate microsoft's secure boot design. Even if they had the best of intentions, it creates a single point of failure. One bug or leak breaks everybody's secure boot security worldwide. It just reaffirms how secure boot has been designed for 3rd party control rather than security.


The shim you referred to can only run locked down versions of linux running signed components. It's probably ok for normal users, but it's not the same free/open linux kernel that we're fond of. We'll become dependent upon Fedora provided kernels, and they'll become dependent upon MS, all so that home users can dual boot a restricted linux on their own machines.

Reply Parent Score: 8