UEFI On Linux Is Like A Pathogen
Red Hat's Matthew Garrett talked this week again about the troubles in supporting UEFI under Linux.
With Linux support for PCI Express ASPM having been corrected to address the notorious Linux kernel power regression of last year, Matthew Garrett's latest topic and focus of work has been on UEFI for Linux.
Matthew's commonly talking about the UEFI problems with Linux, especially when it comes to the Secure Boot functionality. Some past examples (and some reading for reference) include UEFI Secure Boot Still A Big Problem For Linux, Going Over The Good & Bad For UEFI On Linux, and Myths About Secure Boot: Security, Microsoft, Etc.
Matthew Garrett's talk this time about UEFI on Linux wasn't as negative, but went over how UEFI is a BSD-licensed PC BIOS replacement, is required for Microsoft Windows 8 certification, and has support for some useful features like handling disk drives greater than 2.2TB in size and IPv6 support. There's also some benefits like being able to boot at the native graphics mode, potential for a seamless boot experience, and offers persistent variable storage.
The negative items about UEFI on Linux that Garrett expressed include UEFI receiving little testing on consumer hardware, several significant bugs, the specification is quite complex at 2214 pages in length, kernel workarounds are needed for ensuring compatibility, and SecureBoot itself is a bitch for Linux. The significant UEFI bugs also have the potential of crippling hardware.
The key concerns with UEFI SecureBoot on Linux come down to being the Linux kernel needing to be heavily locked-down, no support for unsigned kernel modules (especially binary / out-of-tree modules), and no direct hardware access from user-space. Besides the obvious issues with UEFI SecureBoot on Linux, there's also license concerns about it with the GPLv3, lots of code to write, and getting anything wrong is a serious problem.
Matthew Garrett this week at the summit also classified Linux as a pathogen (Phoronix Poll) in terms of adoption. Dong Wei of Hewlett-Packard also did a session on UEFI for Linux, but his presentation was much more optimistic towards this BIOS replacement, Dong's slides are here.
With Linux support for PCI Express ASPM having been corrected to address the notorious Linux kernel power regression of last year, Matthew Garrett's latest topic and focus of work has been on UEFI for Linux.
Matthew's commonly talking about the UEFI problems with Linux, especially when it comes to the Secure Boot functionality. Some past examples (and some reading for reference) include UEFI Secure Boot Still A Big Problem For Linux, Going Over The Good & Bad For UEFI On Linux, and Myths About Secure Boot: Security, Microsoft, Etc.
Matthew Garrett's talk this time about UEFI on Linux wasn't as negative, but went over how UEFI is a BSD-licensed PC BIOS replacement, is required for Microsoft Windows 8 certification, and has support for some useful features like handling disk drives greater than 2.2TB in size and IPv6 support. There's also some benefits like being able to boot at the native graphics mode, potential for a seamless boot experience, and offers persistent variable storage.
The negative items about UEFI on Linux that Garrett expressed include UEFI receiving little testing on consumer hardware, several significant bugs, the specification is quite complex at 2214 pages in length, kernel workarounds are needed for ensuring compatibility, and SecureBoot itself is a bitch for Linux. The significant UEFI bugs also have the potential of crippling hardware.
The key concerns with UEFI SecureBoot on Linux come down to being the Linux kernel needing to be heavily locked-down, no support for unsigned kernel modules (especially binary / out-of-tree modules), and no direct hardware access from user-space. Besides the obvious issues with UEFI SecureBoot on Linux, there's also license concerns about it with the GPLv3, lots of code to write, and getting anything wrong is a serious problem.
Matthew Garrett this week at the summit also classified Linux as a pathogen (Phoronix Poll) in terms of adoption. Dong Wei of Hewlett-Packard also did a session on UEFI for Linux, but his presentation was much more optimistic towards this BIOS replacement, Dong's slides are here.
36 Comments