On 02/01/13 17:08, ron minnich wrote:
On Mon, Dec 31, 2012 at 11:23 AM, David Hubbard
<[email protected]> wrote:
Andrew has good points. Technically there's nothing about Secure Boot that
can be proven to exclude alternative OS's such as Linux.
While that is technically true, I am starting to see reports of
systems that, at the very least, are making it hard to boot anything
but Windows. Also. Microsoft has exercised its power to limit the
types of binaries that will be signed, e.g. anything built with GPL V3
will not be signed. Now, while they may have valid reasons, this does
demonstrate the extent of Microsoft's power over platforms with Secure
Boot. I find it worrisome.
Hmm the GPL v3 thing is indeed troublesome. However shim is being signed
which does at least give us one way to boot GNU/Linux without turning
Secure Boot off. You can then of course use GPL v3 code in the bootpath
after shim.
Given what a mess the vendors have made of $PIR/_MP/ACPI over the
years, I don't see the UEFI Secure Boot situation being much better.
So, get ready for desktops/laptops that "should" boot non-Windows
OSes, but don't.
I am sure that it is the old story, most testing will be done against
Windows. Anything more will be the exception. This is where the pressure
needs to be put on the platform vendors as this is the part that they
are responsible for. When you find motherboards that will only boot
Windows then make a noise about it, complain and send them back. When
you find motherboards that work correctly then also make a noise but do
it complimenting the vendor.
Garret's blog is well worth reading on this whole issue.
Yes.
ron
Andrew
--
coreboot mailing list: [email protected]
http://www.coreboot.org/mailman/listinfo/coreboot
