On 02/01/13 17:08, ron minnich wrote:
On Mon, Dec 31, 2012 at 11:23 AM, David Hubbard david.c.hubbard+coreboot@gmail.com wrote:
Andrew has good points. Technically there's nothing about Secure Boot that can be proven to exclude alternative OS's such as Linux.
While that is technically true, I am starting to see reports of systems that, at the very least, are making it hard to boot anything but Windows. Also. Microsoft has exercised its power to limit the types of binaries that will be signed, e.g. anything built with GPL V3 will not be signed. Now, while they may have valid reasons, this does demonstrate the extent of Microsoft's power over platforms with Secure Boot. I find it worrisome.
Hmm the GPL v3 thing is indeed troublesome. However shim is being signed which does at least give us one way to boot GNU/Linux without turning Secure Boot off. You can then of course use GPL v3 code in the bootpath after shim.
Given what a mess the vendors have made of $PIR/_MP/ACPI over the years, I don't see the UEFI Secure Boot situation being much better. So, get ready for desktops/laptops that "should" boot non-Windows OSes, but don't.
I am sure that it is the old story, most testing will be done against Windows. Anything more will be the exception. This is where the pressure needs to be put on the platform vendors as this is the part that they are responsible for. When you find motherboards that will only boot Windows then make a noise about it, complain and send them back. When you find motherboards that work correctly then also make a noise but do it complimenting the vendor.
Garret's blog is well worth reading on this whole issue.
Yes.
ron
Andrew