In short: all the bootloaders are signed by Microsoft. At least in
“mainstream” distributions.
UEFI is definitely a cool thing. But there are decisions to be made before
implementing its support in a distribution. So, yeah, I hope the discussion
will be started.
As a first step, NixOS can probably assume that it is used by power-users,
who own their Platform Keys.
--
Кирилл Елагин
On Tue, May 27, 2014 at 9:26 AM, Wout Mertens wout.mert...@gmail.comwrote:
So grub doesn’t work? I thought it did?
I saw that the Surface Pro 3 is a Secure Booting UEFI device... It would
make a nice NixOS laptop :-)
Also, the Ubuntu boot loader is apparently signed by Microsoft.
Just random thoughts sorry.
Wout.
On May 26, 2014 2:44 PM, Third3ye tredje...@gmail.com wrote:
Personally I had to disable UEFI secure boot by using the other OS
option... something which can cause severe problems for then again gaining
access to the operating system, if the UEFI software completely dumps the
KEKs. I was lucky and somehow got back in without having to resort to using
a recovery USB stick. But I'm assuming this maybe a problem for other users
and seeing that more and more machines are released using UEFI and Secure
Boot I feel this needs to be addressed.
Since, however, it's out of my league I can only request that it be taken
into consideration that shim should take over as the default UEFI solution.
If not there is another solution called rf boot... rl boot? I can't
remember. But here are a few articles that explain that it is not only
possible but also necessary. How we approach such a problem... well, like I
said: out of my league.
Here is a rather large article about the issue of implementing UEFI
Secure Boot in Linux.
*The Growing Role of UEFI Secure Boot in Linux Distributions*
http://www.linuxjournal.com/content/growing-role-uefi-secure-boot-linux-distributionshttp://?view=attth=146388fa8de8cb56attid=0.0.1.1disp=embzwatsh=0
For those of you who maybe conscerned that UEFI secure boot is
challanging the presence of FOSS operating systems the Linux Foundation
released a document stating why these fears are not accurate.
*Making UEFI Secure Boot Work With Open Platforms*
https://www.linuxfoundation.org/sites/main/files/lf_uefi_secure_boot_open_platforms.pdfhttp://?view=attth=146388fa8de8cb56attid=0.0.1.2disp=embzwatsh=0
Conclusion of the article from The Linux Foundation:
*The UEFI secure boot facility is designed to be readily usable by both
proprietary and open operating systems to improve the security of the
bootstrap process. Some observers have expressed concerns that secure boot
could be used to exclude open systems from the market, but, as we have
shown above, there is no need for things to be that way. If vendors ship
their systems in the setup mode and provide a means to add new KEKs to the
firmware, those systems will fully support open operating systems while
maintaining compliance with the Windows 8 logo requirements. The
establishment of an independent certificate authority for the creation of
KEKs would make interoperation easier, but is not necessary for these
platforms to support open** systems**.*
Thank you for your concern, now back to the Wiki work...
Cheers!
Signed Third3ye
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev