[Linux-aus] UEFI Secure Boot - Precis of List Comments and proposals
Brent Wallis
brent.wallis at gmail.com
Fri Aug 10 13:46:51 EST 2012
Hi to All n Sundry,
On 07/08/12 10:00, John Ferlito wrote:
> > On Mon, Aug 06, 2012 at 09:33:05PM +1000, Brent Wallis wrote:
> >> IMHO, the first step in what will probably be a very long road is to
> find
> >> out what Hardware Manufacturers are going to do with UEFI.
> >> Specifically, we need to find out about how they plan to implement key
> >> control
> >> and
> >> How easy it will be for authorised users to implement options 2 and 3.
> >
> > I think this is actually the key issue and what we should be
> > concentrating on.
>
John,
Since your post, have had to handle some ESX upgrades on our IBM hosts.
These systems boot from flash and via IPMI have noticed that they use UEFI!
A quick surf through the menus display ugliness beyond anything I could
possibly describe.
The key chain menus on PCI devices is ...well.... poo.
In the limited time I had, nowhere could I find an item to turn off (or
even establish whether it had it or not we actually had) secure boot.
In short, UEFI is here and in prod....already implemented.
I was very surprised to see it in current gen IBM servers!
(I dont "get out much" for those that have!)
Tim said:
>
> As another reference, please see
> http://www.suse.com/blogs/uefi-secure-boot-overview/ - not that it says
> exactly what SUSE is doing yet, but it's a pretty good high level
> writeup of WTF this thing is, and what the main problem/s is/are.
>
> Great link.
More detail here:
http://www.itworld.com/it-managementstrategy/289054/suse-slowly-shows-uefi-secure-boot-plan
and a followup to your link is here. Suses' plans for UEFI secure boot:
http://www.suse.com/blogs/uefi-secure-boot-plan/
....and then we can all read the FSF take on the matter:
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/whitepaper-web
and a FSF competition that clearly demonstrates their stance:
http://www.fsf.org/news/fsf-announces-winner-of-restricted-boot-webcomic-contest
Colleagues!
A press release at this stage would not bode well.
This whole issue is a work in progress, like grabbing at soap bubbles.
But we can not leave things be.
I think LA Australia can service the community by helping with education on
the matter.
Once education (and hopefully understanding) can be established, press
releases can/should follow.
LA Council:
My thinking has changed.
A press release in any form at this point would fall on deaf ears, or
worse, make us look foolish given the fluid nature of the issue.
Instead:
Could we please establish a page via the LA website with these specific
goals?
- A non emotive (as un bias as possible) pre-amble on the whole UEFI / UEFI
secure boot issue with simple descriptions(that may change over time) of
the UEFI implementation process.
- Links to blogs/releases/info on UEFI for as many distros as possible
(sample being Fedora/RH, Suse, Debian, Mint ,... ..<add your preference
here>)
- A link to the FSF releases on the matter.
- Links to any releases/blogs/info from manufacturers.
- Links to any blogs from individuals that do kernel work and have to deal
with this.
In short, a nexus for information on UEFI and how it will affect Linux in
general.
Once established....then press releases would follow, and, would be far
more likely to be noticed.
Comment welcome.
BW
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/linux-aus/attachments/20120810/702949d0/attachment.htm
More information about the linux-aus
mailing list