Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Linux Foundation releases secure boot loader

The UEFI boot loader can allow independent Linux distributions to run on Windows 8 machines

Article comments

The Linux Foundation has opened the way for independent Linux distributions to be installed on Windows 8 computers, with the release of software that will allow the open source operating system to work with machines running the UEFI (Unified Extensible Firmware Interface) firmware.

The Linux Foundation Secure Boot System solves a fundamental problem for many Linux distributions, by providing a way for a Linux-based OS to run on new hardware controlled by UEFI firmware, also known as "secure boot" technology.

"The Linux Foundation wishes not only to enable Linux to keep booting in the face of the new wave of secure boot systems, but also to enable those technically savvy users who wish to do so to actually take control of the secure boot process by installing their own platform key," wrote Linux Foundation technical advisory board member James Bottomley, who led the development of the bootloader, in a statement.

As a potential replacement to the long-used BIOS firmware, UEFI is an industry initiative to secure computers against malware by designing the computer's firmware to require a trusted key before booting the operating system, or any hardware inside the computer, such as a graphics card. UEFI would provide a foundation for a chain of trust that would connect all the way up to the software layer, which could thwart attempts to install illicit, and harmful, software on computers.

Microsoft is requiring UEFI on all machines running Windows 8. While OEMs (original equipment manufacturers) have the option of providing a way to turn off UEFI so other OSes can run on the machine, many in the Linux community fear that OEMs will not provide a UEFI off-switch, thereby not allowing other OSes without a key to run on these machines. A generic Linux distribution will not run on a Windows 8 computer without keys.

"In secure mode ... the platform will only execute EFI binaries signed with a key that is whitelisted in the UEFI secure boot signature database," Bottomley explained.

The latest releases of many major Linux distributions now include a bootloader or a shim of some sort to work with UEFI, including Ubuntu 12.10 and Fedora 18. This UEFI requirement, however, has been seen as a roadblock for those who like to create their own distributions of Linux. The Linux Foundation bootloader provides a hash code, certified by Microsoft, and support infrastructure to boot a generic Linux kernel.

"We have in place a protocol where Microsoft is happy for us to hand off from the initial Microsoft signed EFI binary load to a separately verified EFI binary chain, which the individual distributions control," Bottomley wrote.

This is not the first approach someone in the Linux camp has devised for working with UEFI. Security developer Matthew Garrett released his own shim last year. A shim is different from a bootloader even though both override the UEFI security system to load Linux. Garrett's shim is hardcoded to work with a specific generic bootloader, called elilo, that boots the Linux kernel. The Linux Foundation bootloader, which Bottomley said technically is more of "a preloader," can work with any generic Linux bootloader. "We did this because our mission is to enable any bootloader in the Linux ecosystem to work with secure boot," Bottomley said.

Garrett and Bottomley are discussing the possibility of merging Garrett's shim with the Linux Foundation's bootloader. Garrett helped Bottomley create the bootloader, as did other developers from the Linux Foundation, Red Hat and Canonical.

UEFI has proved to be a challenge to implement even for Microsoft Windows. Garrett also reported that certain Samsung laptops running Windows 8 could permanently stop working due to a bug in how the Samsung firmware stores system crash data in the UEFI storage space.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *