Trying out UEFI boot security on a recent Linux system

State of the Boot

Author(s): Hendrik Schwartke , Author(s): Ralf Spenneberg

Opinions differ on the UEFI boot security system, but one thing is certain: Secure Boot is here to stay. We thought it was time to ask, "How hard is it to boot a popular Linux distribution in a UEFI Secure Boot environment?"

The Unified Extensible Firmware Interface (UEFI) swept into the headlines a couple years ago as a comprehensive replacement for the BIOS system used to boot millions of personal computers around the world. UEFI, which is essentially "a specification that defines a software interface between an operating system and platform firmware," [1] is a vast project, with features that affect device drivers, time services, and many other aspects of computer operation. However, the feature that has captured the most attention is a controversial component known as Secure Boot.

UEFI Secure Boot was billed as a feature for making sure an "unauthorized" operating system doesn't take over the system, and the Linux community quickly realized that "unauthorized" means something more like "non-Microsoft."

Since then, open source coders have developed some techniques for co-existing with UEFI Secure Boot, and some Linux projects have even made their peace with Microsoft to become officially "authorized" through Microsoft's certificate authority.

[...]