Linux Foundation Comes Up With SecureBoot Plan

Written by Michael Larabel in Hardware on 10 October 2012 at 07:44 PM EDT. 17 Comments
HARDWARE
The Linux Foundation has shared their plan for how they intend to deal with UEFI SecureBoot for running Linux on PCs that have this Microsoft-pushed feature for trying to secure the system boot process.

James Bottomley has shared the LF UEFI SecureBoot plan on the behalf of the Linux Foundation and its Technical Advisory Board. The plans were shared via his blog and effectively comes down to: "The Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system). The pre-bootloader will employ a “present user” test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems. This pre-bootloader can be used either to boot a CD/DVD installer or LiveCD distribution or even boot an installed operating system in secure mode for any distribution that chooses to use it."

As soon as the Linux Foundation is able to obtain a SecureBoot key from Microsoft, they will release this new pre-bootloader on their web-site.

Bottomley adds, "The current pre-bootloader is designed as an enabler only in that, by breaking the security verification chain at the actual bootloader, it provides no security enhancements over booting linux with UEFI secure boot turned off. Its sole purpose is to allow Linux to continue to boot on platforms that come by default with secure boot enabled."

"It is designed to be as small as possible, leaving all the work to the real bootloader. The real bootloader must be installed on the same partition as the pre-bootloader with the known path loader.efi (although the binary may be any bootloader including Grub2). The pre-bootloader will attempt to execute this binary and, if that succeeds, the system will boot normally." The source to this UEFI SecureBoot pre-bootloader is currently available, but not exactly useful until the Linux Foundation receives its proper key.

Meanwhile, Ubuntu already has their own SecureBoot plans and other distributions have also been brewing their own plans.
17 Comments
Related News
Linux 6.15 Preparing Support For The XP-Pen Artist Pro 19, A Big 4K Drawing Tablet
Intel Preps Linux For eUSB2V2 To Enhance USB 2.0 For Higher Resolution Laptop Webcams
Framework Announces Ryzen AI Max Powered Desktop, Framework Laptop 12
Linux's libinput Input Library Finally Supports 3-Finger Dragging
OpenRazer 3.10 Delivers New Razer Hardware Support For Linux Users
Linux 6.15 To Ensure PlayStation 5 Controllers Use The Correct Driver
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
EA Open-Sources Command & Conquer Red Alert
Intel Core 2 CPUs Have Been Affected By An Annoying Linux Kernel Bug For 5+ Years
AMD Announces "Instella" Fully Open-Source 3B Language Models
NVIDIA Is Finding Great Success With Vulkan Machine Learning - Competitive With CUDA
DeepSeek Develops Linux File-System For Better AI Training & Inference Performance
There Will Not Be Official ROCm Support For The Radeon RX 9070 Series On Launch Day
Steam Survey For February 2025 Shows A Big Drop To Linux Use
x86 32-bit Changes Look To Be Ready For Linux 6.15 - Drops Support For More Than 4GB RAM