Forgot your password?
typodupeerror
Microsoft Operating Systems Security Unix Windows BSD

FreeBSD Team Begins Work On Booting On UEFI-Enabled Systems 248

Posted by timothy
from the is-a-shim-a-shame? dept.
An anonymous reader writes "The FreeBSD project has begun the process of making it possible for the operating system to run alongside Windows 8 on a computer which has secure boot enabled." Linux distros have taken to using a minimal loader, signed by Microsoft, to enable booting on UEFI systems with secure boot. "Indeed we will likely take the Linux shim loader, put our own key in it, and then ask Microsoft to sign it," says developer Marshall McKusick in the linked IT Wire article. "Since Microsoft will have already vetted the shim loader code, we hope that there will be little trouble getting them to sign our version for us."
This discussion has been archived. No new comments can be posted.

FreeBSD Team Begins Work On Booting On UEFI-Enabled Systems

Comments Filter:
  • Well I'll be... (Score:3, Informative)

    by fustakrakich (1673220) on Monday July 01, 2013 @01:59AM (#44151299) Journal

    I did not know Microsoft won that battle.

  • Re:Well I'll be... (Score:5, Informative)

    by icebike (68054) on Monday July 01, 2013 @02:26AM (#44151383)

    No it defeats no point, and Microsoft is free to accept or deny just about anything. Properly implemented secure boot increases your security by letting you decide what the machine should boot and prevent it from booting unknown or potentially malware infected operating system. That is a good feature. It has nothing to do with preventing competition.

    Deciding that one, and only one company can sign shims, can't be considered anything but anticompetitive.

    Then, forcing that company to sign boot shims from Linux and FreeBsd to avoid illegal restraint of trade charges, pretty well eliminates any benefit the plan might have had. Is Microsoft going to sign every backroom version of Linux and every clone of FreeBsd, ot did the just pare down the competition teo a few major distros?

  • Re:Hmm... (Score:5, Informative)

    by rmdashrf (1338183) on Monday July 01, 2013 @03:13AM (#44151521)
    And that attack vector can completely be negated by having the BIOS read-only by default, while only enabling updates when the user toggles a physical switch when the BIOS needs an update.
  • Try all the F# Keys. It might take a while, as they might have set the pause for FKeys to be something braindead stupid like 1/3rd of a second or some bullshit like that. so try all of them: F1 Through F12. If none of them work, and neither Delete nor Escape, nor the Space Bar works, then I gotta say you've wasted your money.

    Although, there might be a jumper on the mobo (literally a couple of prongs bridged with a piece of plastic holding some foil) that you can break and refit that can reset your bios so it'll tell you what buttons to push.

    Also, try unplugging your HDD and see what the error screen says. It may tell you what to hit on startup in order to get to your UEFI/BIOS.

  • by SuricouRaven (1897204) on Monday July 01, 2013 @05:25AM (#44151939)

    Just to clarify: UEFI is not the problem. It's just a replacement for the old BIOS system which addresses the decades of accumulated legacy bodging that is the PC. Secure Boot is a feature that UEFI enables. You can have UEFI without Secure Boot.

  • Re:Well I'll be... (Score:4, Informative)

    by moronoxyd (1000371) on Monday July 01, 2013 @08:27AM (#44152581)

    Too bad the user can't manage his own hardware now. We're at the mercy of the mobo manufacturers, as they decide who's keys are trusted by default (ie microsoft ONLY). If I have to go to microsoft in order to be allowed to boot BSD on my own motherboard, then my property rights are being violated.

    You can deactivate secure boot.
    You can add other signing keys to the list used by the UEFI firmware.
    You can remove the Microsoft key.

    So what's your problem?
    Actually, Microsoft DEMANDS all these things from an OEM before they can put the niftly little 'designed for Windows 8' stickers on their machines.

  • Re:Well I'll be... (Score:4, Informative)

    by Gadget_Guy (627405) on Monday July 01, 2013 @09:04AM (#44152843)

    Why do the different Linux distributions need to get MS to accept those shims again ?

    To make it easier to install the OS without having to require that people install keys. Since there would be a variety of interfaces in the different motherboards, it would make it difficult to write generic documentation to tell lay people what to do. That hardly makes for a plug-n-play experience, and brings us back to the good-old-days of overly complicated operating system installations.

  • There is no reason that a traditional PC BIOS can't boot a 3TB drive. The bios just reads the first sector of the drive and runs the code, it doesn't need to care what type of partition table is used. So the 2TB limit of the DOS style partition table is irrelevent to the first stage of booting a PC. AIUI grub2 has no problems being booted by a traditional PC bios and then going on to read a GPT partition table and load linux from it.

    The inability to boot windows on a 3TB GPT drive with a traditional PC bios is entirely microsoft's fault.

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis

Working...