Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-dev@g.o
From: Rich Freeman <rich0@g.o>
Subject: Re: Killing UEFI Secure Boot
Date: Tue, 19 Jun 2012 20:22:55 -0400
On Tue, Jun 19, 2012 at 6:11 PM, Richard Yao <ryao@g.o> wrote:
> I know that the Core Boot project also tries to accomplish this, but their development process is slow and their approach seems to make the boot process more complicated than it needs to be. Since Secure Boot will force us to flash our BIOS chips (or stick to old hardware), I think it would be worthwhile to develop our own solution by extending genkernel. This should have the benefit of making our systems boot faster.

So, replacing a BIOS is a fairly tall order - I'm not convinced that
Core Boot is slow simply because they're doing it wrong.  They're also
looking to add value (like booting a diskless server off of a random
website or whatever - not just simple disk/PXE like most BIOS).  My
understanding is that clusters are one of their big use cases.

I also don't get the claim that we need to flash our BIOS chips to get
around secure boot.  If you don't want to use secure boot just disable
it - it is no harder than changing your boot device order, system
time, or any of a myriad of other firmware settings.  It gets more
complicated if you want to keep secure boot but boot your own OS,
since you have to manage the keys/signing/etc.

Nothing is keeping anybody from creating their own firmware.  However,
I doubt we'll see 25 devs take this on as a full-time job, which is
probably what it would take to support the bazillions of boards out
there.  Keep in mind that many motherboard vendors require signed
firmware so you'll need to find an exploit for every make/model out
there to even load your firmware.  That seems a bit much compared to
just disabling secure boot...


Re: Killing UEFI Secure Boot
-- Richard Yao
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
New global USE flag "id3tag"
Next by thread:
Re: Killing UEFI Secure Boot
Previous by date:
Re: ebuild laziness and binpkg overhead
Next by date:
Re: Killing UEFI Secure Boot

Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.