SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#1 2012-11-22 07:56:41

servingwater
#! Junkie
Registered: 2009-02-28
Posts: 443

Linux Foundation struggles with Microsofts Secure Boot signing service

Link


Despite several attempts, the Linux Foundation's James Bottomley has not managed to get Microsoft to sign the mini bootloader for starting Linux on systems with UEFI Secure Boot. In a blog post, the Linux Foundation Technical Advisory Board (TAB) member says that he successfully managed to use a Linux system for various preparatory bootloader signing tasks, although Microsoft stipulates that a specific Windows platform must be used. However, Bottomley said that to upload the CAB file containing the bootloader, he had to use a virtual machine with Windows 7 because this step requires Silverlight, and the open source Moonlight implementation of Silverlight didn't work.

The developer wrote that, after being uploaded, the archive was supposed to complete a seven-step process. However, Bottomley said that the process got stuck at stage six, and that he enquired about the reasons for this six days later. Apparently, Microsoft's support team replied that the file is not a valid Win32 application, to which Bottomley responded by noting that obviously it isn't a Win32 application because it is a 64-bit UEFI binary – and says that he didn't receive any further reply. He reports that he then started a new signing process, managed to get further this time and eventually received an email with a signed bootloader – but that the email stated that the signing process had failed. When asked about this, Microsoft's support team reportedly told Bottomley that he shouldn't use the delivered file because it was incorrectly signed.

The developer concludes by saying that he is "still waiting for Microsoft to give the Linux Foundation a validly signed pre-bootloader," adding that, "when that happens, it will get uploaded to the Linux Foundation website for all to use."

Two weeks ago at the LinuxCon Europe 2012 conference, Bottomley explained in a presentation (slides) why neither the UEFI Consortium nor the Linux Foundation, the hardware manufacturers or any of the Linux distributions have created their own certificate to sign the bootloader in the same way Microsoft does with VeriSign: Apparently, it's simply too expensive. According to Bottomley, the Foundation had negotiated with VeriSign to create a joint signature service – but that VeriSign had wanted several million dollars for such a service. The developer added that the Linux Foundation had also considered starting its own certification authority but had abandoned this plan because it would have required a huge effort and incurred high costs

Last edited by servingwater (2012-11-22 07:57:53)

Offline

Be excellent to each other!

#2 2012-11-22 08:51:25

brontosaurusrex
#! Red Menace
Registered: 2012-06-15
Posts: 1,124

Re: Linux Foundation struggles with Microsofts Secure Boot signing service

edit: nm

Last edited by brontosaurusrex (2012-11-22 09:00:50)

Offline

#3 2012-11-22 09:27:44

pvsage
Internal Affairs
From: North Carolina
Registered: 2009-10-18
Posts: 11,975

Re: Linux Foundation struggles with Microsofts Secure Boot signing service


I'm a moderator here.  How are we doing?  Feedback is encouraged.

Offline

#4 2012-11-22 10:12:19

fatmac
#! Die Hard
Registered: 2012-11-14
Posts: 1,948

Re: Linux Foundation struggles with Microsofts Secure Boot signing service

Does not surprise me.
Microsoft have tried all means to maintain dominance of the desktop.

However, if all the people that use Linux/BSD inform the manufacturers that they will not buy their machines unless they have a legal guarantee that they can use it with their OS of choice, we may get a solution.

I think we the community need to let it be known to the manufacturers that we want machines to fully work with our OS of choice.


Linux since 1999
Currently:  AntiX, & Crunchbang.
A good general beginners book for Linux :- http://rute.2038bug.com/index.html.gz
A good Debian read :- http://debian-handbook.info/get/now/

Offline

#5 2012-11-22 10:29:03

el_koraco
#!/loony/bun
From: inside Ed
Registered: 2011-07-25
Posts: 4,749

Re: Linux Foundation struggles with Microsofts Secure Boot signing service

fatmac wrote:

Does not surprise me.
Microsoft have tried all means to maintain dominance of the desktop.

However, if all the people that use Linux/BSD inform the manufacturers that they will not buy their machines unless they have a legal guarantee that they can use it with their OS of choice, we may get a solution.

I think we the community need to let it be known to the manufacturers that we want machines to fully work with our OS of choice.

Bullcrap. There is absolutely no reason why Microsoft should be held accountable for a developer not following the guidlines on how to get the pre-bootloader signed. Neither Fedora, nor openSUSE, nor Canonical have a problem with their implementations.

Offline

#6 2012-11-23 08:11:30

intoCB
Scatweasel
Registered: 2012-10-25
Posts: 1,905

Re: Linux Foundation struggles with Microsofts Secure Boot signing service

♫ Freedom isn't free. No, there's a hefty f***in' fee. ♫


$ cat */*

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.

Debian Logo