Microsoft is demanding that systems with the "Designed for Windows 8" badge include a UEFI firmware feature called "Secure Boot" that will only boot software that has been signed with a particular cryptographic certificate. Although Microsoft's stipulations require also that x86/x64 systems provide an option to disable Secure Boot, Linux users are concerned that this will make it harder for them to boot non-Microsoft operating systems.
The Linux Foundation has announced plans to provide a general purpose solution suitable for use by Linux and other non-Microsoft operating systems. The group has produced a minimal bootloader that won't boot any operating system directly. Instead, it will transfer control to any other bootloader—signed or unsigned—so that that can boot an operating system.
On the face of it, this bootloader could be used to circumvent the security of Secure Boot. The entire point of Secure Boot is that it doesn't allow unsigned (and potentially malicious) code to be run before the operating system is started. To address this, the Linux Foundation bootloader will present its own splash screen and require user input before it actually boots. In this way, it can't be silently installed and used to hand control to a rootkit without the user's knowledge.
The Linux Foundation's bootloader is not the only solution for the Secure Boot conundrum. Technically skilled users will be able to add their own trusted certificates to the computer's firmware, and some major Linux distributions including Fedora, SUSE, and Ubuntu intend to provide their own solution to the problem.
However, the Linux Foundation's work is still useful, as it provides a solution that will be suitable for minor distributions, those unable or unwilling to acquire a signature for their bootloader, and anyone developing their own boot system.
0 件のコメント:
コメントを投稿