Linux Foundation recommends making a simple menu to disable UEFI Secure Boot
Leading programmers Canonical and Red Hat have compiled a document detailing how Linux will be affected by the new secure boot mechanism UEFI Secure Boot, which will be mandatory put on Windows 8 personal computers, that is, from the first quarter of 2012, UEFI Secure Boot will become practically standard for all new computers in the world.
The document contains technical recommendations for OEM builders on how to implement support for UEFI in order not to block the installation of Linux and other free software on your computer.
The developers of Canonical and Red Hat point out that the transition to the UEFI specifications is a "good step forward" in the area of improving the interfaces between the hardware firmware and the OS. Canonical is a member of the UEFI Forum and has helped develop UEFI specifications . Thanks to the new interfaces, Ubuntu will load faster, be easier to configure, and less discharged in a laptop battery.
One of the features in the latest version of the UEFI specifications is the option called Secure Boot, described in section 27 of version 2.3.1. This option is designed to prevent the installation of malware at the level between the BIOS and the operating system. However, Microsoft, with the help of UEFI, is going to solve another problem: to make installation of a pirated version of Windows difficult, that is why they so insist on tying the operating system to hardware.
')
Although the UEFI specifications do not recommend rigidly using a specific implementation of the standard, Microsot, represented by Stephen Sinofsky, stated that the Secure Boot feature will become “ mandatory for Windows 8 clients. ” Moreover, Microsoft has made it clear that it does not consider it necessary for users to be able to fully control the hardware and software.
According to Microsoft logic, every new Windows 8 computer should be sold with the Secure Boot feature enabled by default. To install another operating system, the user will have to disable this feature.
Linux Foundation recommends OEM builders
1) develop a mechanism so that the user can independently configure the list of permitted software for Secure Boot, so that Linux can be booted without disabling this feature ;
Realizing that paragraph 1 will be difficult anyway for most ordinary users, the Linux Foundation also recommends
2) install an interface on new computers to easily enable / disable Secure Boot so that users do not have any problems with changing the operating system .
via Canonical Blog
The document contains technical recommendations for OEM builders on how to implement support for UEFI in order not to block the installation of Linux and other free software on your computer.
The developers of Canonical and Red Hat point out that the transition to the UEFI specifications is a "good step forward" in the area of improving the interfaces between the hardware firmware and the OS. Canonical is a member of the UEFI Forum and has helped develop UEFI specifications . Thanks to the new interfaces, Ubuntu will load faster, be easier to configure, and less discharged in a laptop battery.
One of the features in the latest version of the UEFI specifications is the option called Secure Boot, described in section 27 of version 2.3.1. This option is designed to prevent the installation of malware at the level between the BIOS and the operating system. However, Microsoft, with the help of UEFI, is going to solve another problem: to make installation of a pirated version of Windows difficult, that is why they so insist on tying the operating system to hardware.
')
Although the UEFI specifications do not recommend rigidly using a specific implementation of the standard, Microsot, represented by Stephen Sinofsky, stated that the Secure Boot feature will become “ mandatory for Windows 8 clients. ” Moreover, Microsoft has made it clear that it does not consider it necessary for users to be able to fully control the hardware and software.
According to Microsoft logic, every new Windows 8 computer should be sold with the Secure Boot feature enabled by default. To install another operating system, the user will have to disable this feature.
Linux Foundation recommends OEM builders
1) develop a mechanism so that the user can independently configure the list of permitted software for Secure Boot, so that Linux can be booted without disabling this feature ;
Realizing that paragraph 1 will be difficult anyway for most ordinary users, the Linux Foundation also recommends
2) install an interface on new computers to easily enable / disable Secure Boot so that users do not have any problems with changing the operating system .
via Canonical Blog
Source: https://habr.com/ru/post/131484/
All Articles