[personal profile] mjg59
The Microsoft Surface is a fairly attractive bit of tablet hardware, and as a result people have shown interest in running Linux on it. The immediate problem is that (like many ARM devices) it has a locked-down firmware that will only run signed binaries - unlike many other ARM devices, this is implemented using an existing standard (UEFI Secure Boot). Microsoft provide a signing service for UEFI binaries, so it's tempting to think that getting around this restriction would be as simple as taking an existing Linux bootloader, signing it and then booting. Unfortunately Microsoft's signing service signs binaries using a different key (the "Microsoft Windows UEFI Driver Publisher" key) to the one used to sign Windows, and the Surface doesn't carry that key. Booting Linux on these devices would involve finding a flaw in the firmware and using that to run arbitrary code.

Could this also be a problem on x86? In theory - Microsoft don't require that vendors carry the driver publisher key, and so a system could be Windows 8 certified and still not carry it. It's unlikely to occur in practice, though, since any third party expansion hardware will then fail on that device. As a result, anything with PCIe or Expresscard slots is effectively certain to have this key. If anyone finds any counterexamples, please let me know.

Date: 2012-12-30 09:56 am (UTC)
From: (Anonymous)
who the fuck cares about linux?

Date: 2012-12-30 10:40 am (UTC)
From: (Anonymous)
calm down, Steve

Date: 2012-12-30 03:58 pm (UTC)
From: (Anonymous)
Just about everyone should. Most non-desktop electronics needing an OS go with some flavor of linux and the vast majority of the web runs on it as well.

Date: 2013-01-01 04:02 am (UTC)
From: (Anonymous)

Date: 2013-01-09 10:46 am (UTC)
From: (Anonymous)
who the fuck cares about wintel and another shit of this kind? ARM is the future. MIPS... There are many embedded platforms, so let's dig it! Intel & M$ - rest in hell with your hot, dirty, wet and resource-hungry hard&soft! I'll never buy its shit anymore and don't recommend anyone to spend money on this.


Date: 2017-09-27 01:44 pm (UTC)
From: (Anonymous)
Don't think Intel is involved in this kind of shit. In fact, Intel is one of the second largest contributor of code to Linux kernel.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Page Summary

Expand Cut Tags

No cut tags