Linux Foundation unveils a workaround for Win 8 Secure Boot - goodmanprietry

Scarcely a week goes past these days without the emergence of some new approach to the vexing "Secure Flush" problem facing Linux users along Windows 8 hardware, and this week is atomic number 102 elision.

Not reasonable one simply 2 recently discussions of the topic have popped heavenward this week, in fact, beginning with a Su blog post from Red Hat developer Matthew Garrett, who first brought the problem to light.

Garrett has been involved in crafting Fedora's attack, which involves "building a multiple which has the Fedora key embedded, so acquiring that binary autographed by Microsoft," he celebrated on Sunday. "Easy enough for U.S. to practice, but not necessarily practical for smaller distributions."

Accordingly, the rest on of Garrett's Charles William Post then goes on to detail three possible solutions for so much smaller projects.

Now, the very latest news is that the Linux Foundation and its Technical Advisory Circuit card have spoken out with a newborn plan designed to enable Linux to continue operating on Secure Boot-enabled machines.

'A small pre-bootloader'

At the heart of the job, of course, is that Windows 8 hardware will go with Secure Boot enabled in the Unified Extensible Firmware Interface (UEFI), meaning that only operating systems with an appropriate integer signature tune will be able to boot.

Distributions including Ubuntu, Fedora, and SUSE Linux have all delineate their own plans for working roughly the problem, which has been the focus of much aid from the Free Software package Founding As well. In July, meanwhile, James Bottomley, chair of the Linux Fundament's Technical Consultive Board, kicked off an attempt among Linux developers to brainstorm solutions to the problem.

Now, it appears we'Ra seeing the fruit of their labors.

"In a nutshell, the Linux Foundation leave find a Microsoft Key and sign a small pre-bootloader which leave, in turn, chain consignment (without any form of signature check) a predesignated thrill dockhand which volition, in turn away, boot Linux (or any other operating scheme)," explained Bottomley in yesterday's official announcement.

'A stop-gap measure'

For security system, the new pre-bootloader will employ a "present user" test "to control that it cannot be used as a vector for any type of UEFI malware to target secure systems," Bottomley renowned.

Source inscribe for the pre-bootloader is now available online.

Once the Linux Foundation gets a Microsoft signature–something that "bequeath yield a while," Bottomley admits–the pre-bootloader will be placed on the Linux Foundation website, where anyone can download and practice IT to boot a Compact disk/DVD installer or LiveCD Linux dispersion, or in addition an installed operating system in secure mode for any distribution.

In theory, the new pre-bootloader will be "a stop-gap measure that bequeath give totally distributions time to come up with plans that take advantage of UEFI sound boot," Bottomley concluded.

Silent, information technology's worth noting that Red Hat's Garrett published his ain reaction to the news show following the Linux Fundament's announcement: "It's little useful than shim," he wrote, referring to the method used in Trilby's approach. "Just use shim instead."

Source: https://www.pcworld.com/article/461619/linux-foundation-unveils-a-new-solution-for-win-8-secure-boot.html

Posted by: goodmanprietry.blogspot.com