Summary: At long last, the Linux Foundation fix to Windows 8 Secure Boot lock-in is out, but it’s not ready for ordinary users yet and not all Linux desktop fans are happy about it.
Steven J. Vaughan-Nichols
By Steven J. Vaughan-Nichols for Linux and Open Source
It took longer than anyone expected but the Linux Foundation fix for Windows 8 PC’s UEFI (Unified Extensible Firmware Interface) Secure Boot lockout of other operating systems has finally arrived.
Linux Foundation LogoThe Linux Foundation has set the foundation for Linux distros to easily boot on Windows 8 PCs. (Credit: The Linux Foundation)
James Bottomley, Parallels’ CTO of server virtualization, well-known Linux kernel maintainer, and the man behind the Linux Foundation’s efforts to create an easy way to install and boot Linux on Windows 8 PCs, announced on February 8th that the Linux Foundation UEFI secure boot system was finally out. To finish this, required security keys from Microsoft so that the Linux Foundation UEFI bootloader would work. These have now been included and these universal Linux bootloaders are ready to go. With these files you should be able to boot and install Linux on almost any Windows 8 PC.
I say “should” because this is the first release. As Bottomley himself wrote, “Let me know how this goes because I’m very interested to gather feedback about what works and what doesn’t work. In particular, there’s a worry that the security protocol override might not work on some platforms, so I particularly want to know if it doesn’t work for you.”
You must also be an expert Linux user to even try to get this to work at this point. Today, all Bottomley has provided the two key bootloading files: PreLoader.efi and HashTool.efi. These EFI files are Extensible Firmware Interface Firmware files. By themselves they just set up a pre-boot environment that can then be used to boot Linux.
Bottomley has also “put together a mini-USB image that is bootable (just dd it on to any USB key; the image is gpt partitioned, so use the whole disk device). It has an EFI shell where the kernel should be and uses gummiboot, [a simple UEFI boot manger] to load” a Linux distribution.
If you couldn’t follow those instructions, don’t even try using this method yet. As P?teris Krišj?nis, an Ubuntu Linux tester wrote on Bottomley’s blog, “These instructions is for advanced users only. Users who want to install Linux distro on UEFI/Secure Boot computer will have to wait for distribution releases on April/May (Fedora/Ubuntu and related distros).” Krišj?nis’s right. Ordinary users should stay well away from this solution for now. It’s really meant more for distribution developers. Their job will be to turn these esoteric instructions into something that requires little more than a user hitting an “OK” button.
In short, by May, it should be easy to boot and install the most popular Linux distributions on Windows 8 PCs. Today, we’re still not there, but the developers now have the tools they need to get us there.
Others object to the Linux Foundation’s attempt to work with Microsoft to get around Secure Boot’s restrictions. One accused Bottomley of folding “to Microsoft UEFI and microsofts monopolistic decision to have OEMs use UEFI whether a consumer wants this or not under the guise of security when in fact its an effort to maintain control on MS part.” Others used far harsher terms.
Unfortunately, these people are ignoring the simple fact that the vast majority of new PCs are being sold with Windows 8. This, in turn, means they’re locked into that Windows 8 with UEFI Secure Boot Short of cracking UEFI security, something no one really wants to do in Linux development circles, the only viable choice has been to work within Secure Boot to get Linux to work. It’s what Fedora, Ubuntu, openSUSE, and now the Linux Foundation, has chosen to do.
Is this ideal? No. As far as I’m concerned Secure Boot is far more about locking people into Windows than it is about security. For how, though, fixes like these are Linux’s only viable options.
Click here for full Story