[coreboot] Feedback On Coreboot: the Solution to the Secure Boot Fiasco

Andrew Goodbody ajg4tadpole at gmail.com
Wed Jan 2 18:58:27 CET 2013

On 02/01/13 17:08, ron minnich wrote:
> On Mon, Dec 31, 2012 at 11:23 AM, David Hubbard
> <david.c.hubbard+coreboot at gmail.com> wrote:
>> Andrew has good points. Technically there's nothing about Secure Boot that
>> can be proven to exclude alternative OS's such as Linux.
> While that is technically true, I am starting to see reports of
> systems that, at the very least, are making it hard to boot anything
> but Windows. Also. Microsoft has exercised its power to limit the
> types of binaries that will be signed, e.g. anything built with GPL V3
> will not be signed. Now, while they may have valid reasons, this does
> demonstrate the extent of Microsoft's power over platforms with Secure
> Boot. I find it worrisome.

Hmm the GPL v3 thing is indeed troublesome. However shim is being signed 
which does at least give us one way to boot GNU/Linux without turning 
Secure Boot off. You can then of course use GPL v3 code in the bootpath 
after shim.

> Given what a mess the vendors have made of $PIR/_MP/ACPI over the
> years, I don't see the UEFI Secure Boot situation being much better.
> So, get ready for desktops/laptops that "should" boot non-Windows
> OSes, but don't.

I am sure that it is the old story, most testing will be done against 
Windows. Anything more will be the exception. This is where the pressure 
needs to be put on the platform vendors as this is the part that they 
are responsible for. When you find motherboards that will only boot 
Windows then make a noise about it, complain and send them back. When 
you find motherboards that work correctly then also make a noise but do 
it complimenting the vendor.

> Garret's blog is well worth reading on this whole issue.


> ron


More information about the coreboot mailing list