[personal profile] mjg59
The Microsoft Surface is a fairly attractive bit of tablet hardware, and as a result people have shown interest in running Linux on it. The immediate problem is that (like many ARM devices) it has a locked-down firmware that will only run signed binaries - unlike many other ARM devices, this is implemented using an existing standard (UEFI Secure Boot). Microsoft provide a signing service for UEFI binaries, so it's tempting to think that getting around this restriction would be as simple as taking an existing Linux bootloader, signing it and then booting. Unfortunately Microsoft's signing service signs binaries using a different key (the "Microsoft Windows UEFI Driver Publisher" key) to the one used to sign Windows, and the Surface doesn't carry that key. Booting Linux on these devices would involve finding a flaw in the firmware and using that to run arbitrary code.

Could this also be a problem on x86? In theory - Microsoft don't require that vendors carry the driver publisher key, and so a system could be Windows 8 certified and still not carry it. It's unlikely to occur in practice, though, since any third party expansion hardware will then fail on that device. As a result, anything with PCIe or Expresscard slots is effectively certain to have this key. If anyone finds any counterexamples, please let me know.

Fujitsu's laptop

Date: 2012-12-30 01:16 am (UTC)
From: (Anonymous)
I failed to boot any kind of EFI binary on a Fujitsu's secure boot-enabled x86 laptop.
The only binary that EFI will start is Windows Boot Manager.

Re: Fujitsu's laptop

Date: 2012-12-30 08:15 am (UTC)
From: (Anonymous)

Date: 2012-12-30 09:56 am (UTC)
From: (Anonymous)
who the fuck cares about linux?

Date: 2012-12-30 10:40 am (UTC)
From: (Anonymous)
calm down, Steve

Date: 2012-12-30 03:58 pm (UTC)
From: (Anonymous)
Just about everyone should. Most non-desktop electronics needing an OS go with some flavor of linux and the vast majority of the web runs on it as well.

Date: 2013-01-01 04:02 am (UTC)
From: (Anonymous)

Date: 2013-01-09 10:46 am (UTC)
From: (Anonymous)
who the fuck cares about wintel and another shit of this kind? ARM is the future. MIPS... There are many embedded platforms, so let's dig it! Intel & M$ - rest in hell with your hot, dirty, wet and resource-hungry hard&soft! I'll never buy its shit anymore and don't recommend anyone to spend money on this.

Date: 2012-12-30 05:33 pm (UTC)
From: (Anonymous)
This is one of the reason why I won't buy a MS surface tablet. UEFI, like DRM, cripples the product. Why support such trash?

Quite irrelevant

Date: 2012-12-31 12:05 am (UTC)
From: (Anonymous)
Unless you count Android, we don't have any Linux environment to run on tablet computers.

And please don't say GNOME runs on tablets, it is utter crap and there's not the slightest light at the end of the tunnel. Really.

Re: Quite irrelevant

Date: 2012-12-31 12:09 pm (UTC)
From: (Anonymous)
Meego, Mer, Jolla, Meaomo, E17, plasma active, tizen.

Re: Quite irrelevant

Date: 2012-12-31 01:05 pm (UTC)
From: (Anonymous)
And five out of these seven are really just the same thing at different times in development (or subsystems of others, such as Mer).

Re: Quite irrelevant

Date: 2013-01-01 01:11 pm (UTC)
From: (Anonymous)
Of the non-android Linuxes for tablets I've seen these are the only feasible ones.

Gram's (HP) WebOS
Jolla's Sailfish

I haven't had the privilege of using e17 or plasma active so can't really comment on those. e17 definitely would provide a solid foundation but I haven't seen a specific tablet focused implementation.

Gnome and Unity thoughrally disappointed me on tablets. Considering how many users they abandoned I n pursuit of the tablet, they have done a very poor job.

Re: Quite irrelevant

Date: 2012-12-31 12:36 pm (UTC)
From: (Anonymous)
Pengpod, runs Andriod AND Debian (thus Libreoffice)

OEM laptops - not yet, but probably soon

Date: 2013-01-03 11:53 pm (UTC)
From: (Anonymous)
lenovo and HP currently use a PCI ID whitelist in their firmwares to prevent WiFi and 3G cards they didn't rebrand and sell at a markup from working in laptops they make.

I will be very surprised if they do not omit the UEFI driver signing key on some laptops and servers to force you to use only supported, authorized and conveniently marked up hardware for disk/RAID controllers, hardware iSCSI initiators, PXE-capable NICs, remote management cards (VGA+USB host interface to Ethernet and VNC), etc. The temptation of lock-in and high margins is likely to be too strong, as we've already seen with various OEM's periodic attempts to lock server hardware support to their own storage controllers.

Re: OEM laptops - not yet, but probably soon

Date: 2013-01-09 01:45 am (UTC)
From: (Anonymous)
I don't know if this is being brought up deliberately, but in case it's not, have a look here (http://web.archive.org/web/20060720082959/http://www.srcf.ucam.org/~mjg59/thinkpad/wireless.html). Note the user name in the URL ;)


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Page Summary

Expand Cut Tags

No cut tags