[sf-lug] UEFI motherboard available SUSE UEFI plans

Rick Moen rick at linuxmafia.com
Mon Aug 13 15:13:47 PDT 2012


Quoting Andrew Udvare (audvare at gmail.com):

> But the fact remains that manufacturers (including those that sell
> motherboards retail to those amongst us who build our systems ourselves)
> are under *no* obligation to add this option.

Not quite true.  See below.

> So far we have three betraying distros (who decided to sign the deal with
> the devil AKA Microsoft), and anyone using these should stop using them
> immediately and let them know:
> Ubuntu
> Fedora
> SUSE/Novell (why am I not surprised?)
> 
> We should be extremely concerned. There is no option in place like 'buy
> your own certificate' and even if there was, it is ludicrous to pay to run
> different software on hardware you own.

Having to use a signed shim to boot GRUB2 (approach
projected to be used by Fedora and Novell) or a specific signed copy of
efilinux (approach projected to be used by Ubuntu) is annoying but you
should not overstate the degree of annoyance.  Neither of these
approaches prevents you from running any arbitrary kernel, init, and
userspace software of your choosing, even when fully under the UEFI
SecureBoot regime.

So, except for the bootloader shim (Fedora, Novell) or bootloader
(Ubuntu), your ability to 'build your system nearly entirely' is
unimpaired even under this worst-case scenario.

Moreover, (1) Quoting Steve Langasek, 'Microsoft's Windows 8 logo
requirements do say that there must be a way for users to disable secure
boot or to install their own keys'[1], and (2) You _should_ in any event 
be able to toggle the firmware back to legacy BIOS mode (unless the
firmware manufacturer is stupid or evil and omits that feature).


[1] http://blog.canonical.com/2012/06/22/an-update-on-ubuntu-and-secure-boot/,
as found via LWN.net coverage.  LWN is your best source if you want
non-sensationalistic news coverage of these issues.






More information about the sf-lug mailing list