Microsoft is demanding that systems with the “Designed for Windows 8” badge include a UEFI firmware feature called “Secure Boot” that will only boot software that has been signed with a particular cryptographic certificate. Although Microsoft’s stipulations require also that x86/x64 systems provide an option to disable Secure Boot, Linux users are concerned that this will make it harder for them to boot non-Microsoft operating systems.

The Linux Foundation has announced plans to provide a general purpose solution suitable for use by Linux and other non-Microsoft operating systems. The group has produced a minimal bootloader that won’t boot any operating system directly. Instead, it will transfer to control to any other bootloader—signed or unsigned—so that that can boot an operating system.

On the face of it, this bootloader could be used to circumvent the security of Secure Boot. The entire point of Secure Boot is that it doesn’t allow unsigned (and potentially malicious) code to be run before the operating system is started. To address this, the Linux Foundation bootloader will present its own splash screen and require user input before it actually boots. In this way, it can’t be silently installed and used to hand control to a rootkit without the user’s knowledge.

Read 2 remaining paragraphs | Comments

via Ars Technica » Technology Lab