Down, boy. Scientific Linux is behind the times on available tools, because our favorite upstream vendor has not yet released tools. Tools to work with have been tested, effectively, with Fedora, and I expect our favorite upstream vendor will include tools with release 7.x, which is not yet in alpha or beta release. Check out http://docs.fedoraproject.org/en-US/Fedora/18/html-single/UEFI_Secure_Boot_Guide/index.htmlfor a good breakdown of the issues and trade-offs.
UEFI is part of the old "Palladium" project from Microsoft, relabeled as "Trusted Computing". It is aimed squarely at DRM and vendor lock-in, not security, for reasons that I could spend a whole day discussing.In the meantime, yes, you can disalbe it for SL booting if needed, and reasonably expect our favorite upstream vendor to have shims available when version 7 is publishedL they're already working well with recent Fedora releases. I'd also *expect* those shims to be workable for SL 7, but someone may have to plunk down some cash to get some keys signed, and spend some extra effort to maintain the security needed for the relevant shims to work well with SL kernels and environments. On Tue, Sep 24, 2013 at 11:53 AM, Yasha Karant <[email protected]> wrote: > Secure boot is enabled. Evidently, the only means to disable secure boot > requires that a secure boot loader/configuration program be running -- > e.g., the MS proprietary boot loader (typically, supplied as part of MS > Windows 8) must be used to disable secure boat if the UEFI actually permits > this to be disabled (I have heard of some UEFI implementations that do not > permit secure boot truly to be disabled). > > If Linux cannot handle this issue, then Linux is finished on all generic > (e.g., not Apple that supplies both the hardware and operating environment > software under a restrictive proprietary for-profit intellectual property > license) X86-64 hardware, as (almost?) all current such hardware is MS 8 > (UEFI secure boot) compliant. > > Yasha Karant > > On 09/23/2013 10:29 PM, Connie Sieh wrote: > >> On Mon, 23 Sep 2013, Yasha Karant wrote: >> >> A colleague who uses SuSE non-enterprise for his professional >>> (enterprise) workstations has now attempted to load the latest SuSE on a >>> machine with a new generic (aftermarket) "gamer" UEFI X86-64 >>> motherboard. It does not properly boot. I do not have any UEFI >>> motherboards, and thus no experience with SL6x on such motherboards. >>> >> >> Is "secure boot" enabled in the UEFI ? >> >> >>> Does anyone? Does SL6x boot correctly (and easily) on a UEFI >>> motherboard? If so, he may switch to SL. >>> >> >> Yes as long as "secure boot" is disabled . >> >> >>> Yasha Karant >>> >>> >> -connie sieh >> >
