![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
There's been a few links to this story of someone buying a system that turned out to have UEFI firmware and also turned out not to boot. Given all the press, it's unsurprising that people would assume that problems they have with UEFI booting are related to Secure Boot, but it's very unlikely that this is the actual problem here. First, nobody's shipping an appropriately signed operating system yet. A hardware vendor that enabled secure boot out of the box would be selling a machine that wouldn't boot any OS you could buy. That's a poor way to make money. Second, the system booted a Fedora 17 CD. Fedora 17 isn't signed, so if the firmware booted it then the firmware isn't enforcing Secure Boot. Third, it didn't boot the installed OS. That's really at the point of it sounding like a hardware problem - selling systems that don't run the OS you sold them with is a guaranteed way of getting enough support calls that you wouldn't make any money on them, ever.
To be fair, Linux compatibility with UEFI systems is still not as good as it is with BIOS systems. Fedora 18 will be using a new UEFI boot process and so far in our testing it's been significantly more reliable than Fedora 17. There's still some remaining issues that we're aware of and working on, but right now it's hugely more likely that failures to boot Fedora 17 on UEFI systems are down to our bugs rather than Secure Boot.
To be fair, Linux compatibility with UEFI systems is still not as good as it is with BIOS systems. Fedora 18 will be using a new UEFI boot process and so far in our testing it's been significantly more reliable than Fedora 17. There's still some remaining issues that we're aware of and working on, but right now it's hugely more likely that failures to boot Fedora 17 on UEFI systems are down to our bugs rather than Secure Boot.
Couldn't Comment, Site's Gone Missing
Date: 2012-08-16 10:32 pm (UTC)Now, I'm getting 404's on both the link to the post and to the site itself.
Re: Couldn't Comment, Site's Gone Missing
Date: 2012-08-17 04:11 pm (UTC)no subject
Date: 2012-08-18 03:55 am (UTC)I am happy about I could install Linux with Secure Boot feature machine.
I didn't see my grub/Linux was compromised. I am a lazy guy, therefore I disable the feature.
I had this problem
Date: 2012-08-20 06:03 pm (UTC)We have here a Gigabyte (I can get the actual model number if anyone cares) motherboard that you can not boot without a UEFI partition on your drive. And we could not turn this off.
This isn't exactly a Secure Boot issue, but it's close (imho). And I think -like many new things- people have terminology/conceptual problems differentiating them.
Oh, and it took us like 4 hours to figure out how to install Linux with this motherboard because of Ubuntu's installer and confusion as to how the partition table needs to be. The mobo manual, lot's of googling, and reading this blog did not help :(. I'd like to give more info, but I've blocked most of it from my mind because it really, really ... sucked.
Re: I had this problem
Date: 2012-09-25 06:54 pm (UTC)I can't imagine this is rare, either, so most firmware is probably still capable of booting off a master boot record, and will be for some time.
NIST SP 800-147?
Date: 2012-08-22 06:31 pm (UTC)Look in particular at the draft 800-147B, "BIOS Protection Guidelines for Servers". Once this goes through, most US government computers (and many others) will be required to comply. I *think* it'll be okay, but I'm not sure.
Re: NIST SP 800-147?
Date: 2012-08-22 06:48 pm (UTC)RedHat should produce its own hardware
Date: 2012-08-23 09:30 am (UTC)no subject
Date: 2012-09-06 12:25 pm (UTC)And all those to fix a misrouted interrupt problem that the mobo has and the update was supposed to fix (it didn't and gave me more trouble).
Fun times. (NOT)