UEFI Developments
Windows secure boot controversy gets uglier.
In previous news items, we’ve described the possibility of a Linux lock-out under the new UEFI secure boot feature. Briefly, the new UEFI specification, which will be part of Windows 8, associates the firmware with a signing key, which prohibits users from installing a new operating system. Because the majority of Linux desktop systems are installed over a previous OEM version of Windows, this is cause for concern.
In a couple of recent posts, Red Hat engineer Matthew Garrett explains the UEFI situation further. He also gave a talk about it at Linux.conf.au 2012. Basically, it’s ugly and getting uglier. For example, although Microsoft’s certification requirements state that all systems must support a custom mode, implying that users could install their own keys, Garrett says this solution is not good enough. He says: “People have spent incredible amounts of time and effort making it easy to install Linux by doing little more than putting a CD in a drive. Asking them to go into the firmware and reconfigure things adds an extra barrier that restricts the ability to install Linux to more technically skilled users.”
To add fuel to the fire, in December, Microsoft published the “Windows Hardware Certification Requirements,” which details the requirements for Windows 8 Certified Systems. Page 116 says:
“MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems.”
This mandate would specifically prevent non-Windows operating systems from being installed on ARM-based devices shipping with Windows 8. Still, it’s up to OEMs to decide whether they want to comply with Windows 8 Certification Requirements to the letter. We’ll have to wait and see.
Issue 253/2021
Buy this issue as a PDF
News
-
KDE Plasma 5.24 Introduces Fingerprint Reader Support
The next release of the KDE Plasma desktop environment will include support for fingerprint readers for session authentication and more.
-
Ubuntu 21.10 Released and Finally Includes GNOME 40
The most anticipated update to Ubuntu is finally here and the workflow couldn't be better.
-
Linux Can Now Run on Apple’s M1 Chipset
Linux users looking to take advantage of Apple Silicon are about to get their wish with the M1 chipset.
-
MX Linux 21 RC Candidate Available For Testing
The MX Linux development team has released the RC images for MX Linux 21 for testing purposes.
-
Fedora 35 is Shaping Up to Be an Impressive Release
Although the beta version of Fedora’s upcoming release is behind schedule, the Linux distribution is still slotted for October and will include numerous bug fixes and some exciting new features.
-
Canonical Extends Support For Ubuntu 14.04 and 16.04
The company behind Ubuntu offered a much-needed lifeline to those who still depend on older versions of the open-source operating system.
-
GNOME 41 Has Arrived
The latest version of the GNOME desktop environment has been released with new functionality and plenty of improvements.
-
System76 Updates the 15" Pangolin with Ryzen
System76 announced they’re updating the Ryzen-powered Pangolin laptop to meet today’s need for more power.
-
KDE Plasma 5.23 Promises Plenty of Subtle Improvements
The next release of the KDE Plasma desktop includes new features, numerous improvements, and plenty of bug fixes.
-
GNOME 41 Beta is Now Available
The most popular open-source desktop environment is on the cusp of yet another new release, but don’t expect the massive changes found in the previous iteration.