We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Linux Developers Step Up to the Secure Boot Challenge

Based on Intel's Tianocore, a new virtual platform could give Linux distributions a better way to experiment with possible solutions.

The prospect of Windows 8's planned Secure Boot restrictions has caused no end of controversy in the Linux world, where distributors and users of the free and open source operating system have been struggling to figure out just what it's all going to mean for those who don't embrace Windows.

It wasn't long ago that the Free Software Foundation spoke out for a second time on the topic, but recently there have been signs that a broader effort is in the works in the Linux community.

"The purpose of this email is to widen the pool of people who are playing with UEFI Secure boot," began a message late last month from James Bottomley, chair of the Linux Foundation's Technical Advisory Board.

Based on Intel's Tianocore

It turns out Bottomley has created a platform Linux developers can use to get around Secure Boot--specifically, a boot system based on Intel's Tianocore, which is an open source implementation of the Unified Extensible Firmware Interface (UEFI).

The Intel Tianocore project just recently added the Secure Boot facility to its UEFI ROM images, he noted.

Also posted in a repository by Bottomley are a set of tools that can be used to sign EFI binaries, he said.

"The current state is that I've managed to lock down the Secure Boot virtual platform with my own PK and KEK and verified that I can generate signed EFI binaries that will run on it (and that it will refuse to run unsigned efi binaries)," Bottomley explained. "Finally I've demonstrated that I can sign elilo.efi ... and have it boot an unsigned Linux kernel when the platform is in secure mode (I've booted up to an initrd root prompt)."

'Far From Rock Solid'

The Linux Foundation Technical Advisory Board began looking into the situation "because it turns out to be rather difficult to lay your hands on real UEFI Secure Boot enabled hardware," Bottomley pointed out.

This new contribution, however, is still "very alpha," he warned. "The Tianocore firmware that does Secure Boot is only a few weeks old, and the sbsigning tools weren't really working up until yesterday, so this is very far from rock solid."

Still, after two distributions each made an early--and controversial--attempt at proposing a solution, it's exciting to see this new, higher-level effort.

As Bottomley notes, this new virtual platform could give the various Linux distributions a new basis for experimentation that will help them come up with innovative solutions of their own.

IDG UK Sites

Nexus 6 vs Sony Xperia Z3 comparison: Lollipop phablet takes on KitKat flagship smartphone

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...