Linux Foundation releases Windows Secure Boot fix

Summary:At long last, the Linux Foundation fix to Windows 8 Secure Boot lock-in is out, but it's not ready for ordinary users yet and not all Linux desktop fans are happy about it.

It took longer than anyone expected but the Linux Foundation fix for Windows 8 PC's UEFI (Unified Extensible Firmware Interface) Secure Boot lockout of other operating systems has finally arrived.

Linux Foundation Logo
The Linux Foundation has set the foundation for Linux distros to easily boot on Windows 8 PCs. (Credit: The Linux Foundation)

James Bottomley --  Parallels' CTO of server virtualization, well-known Linux kernel maintainer, and the man behind the Linux Foundation's efforts to create an easy way to install and boot Linux on Windows 8 PCs -- announced on February 8 that the Linux Foundation UEFI secure boot system was finally out.

To finish this required security keys from Microsoft so that the Linux Foundation UEFI bootloader would work . These keys have now been included and these universal Linux bootloaders are ready to go. With these files you should be able to boot and install Linux on almost any Windows 8 PC.

I say "should" because this is the first release. As Bottomley himself wrote, "Let me know how this goes because I’m very interested to gather feedback about what works and what doesn’t work.  In particular, there’s a worry that the security protocol override might not work on some platforms, so I particularly want to know if it doesn’t work for you."

You must also be an expert Linux user to even try to get this to work at this point. Today, all Bottomley has provided are the two key bootloading files: PreLoader.efi and HashTool.efi. These EFI files are Extensible Firmware Interface Firmware files. By themselves, they just set up a pre-boot environment that can then be used to boot Linux.

Bottomley has also "put together a mini-USB image that is bootable (just did it on to any USB key; the image is gpt partitioned, so use the whole disk device). It has an EFI shell where the kernel should be and uses gummiboot [a simple UEFI boot manger] to load" a Linux distribution.

If you couldn't follow those instructions, don't even try using this method yet. As Pēteris Krišjānis, an Ubuntu Linux tester, wrote on Bottomley's blog, "These instructions are for advanced users only. Users who want to install Linux distro on UEFI/Secure Boot computer will have to wait for distribution releases in April/May (Fedora/Ubuntu and related distros)." Krišjānis is right. Ordinary users should stay well away from this solution for now. It's really meant more for distribution developers. Their job will be to turn these esoteric instructions into something that requires little more than a user hitting an "OK" button. 

In short, by May, it should be easy to boot and install the most popular Linux distributions on Windows 8 PCs. Today, we're still not there, but the developers now have the tools they need to get us there.

Others object to the Linux Foundation's attempt to work with Microsoft to get around Secure Boot's restrictions. One accused Bottomley of folding "to Microsoft UEFI and microsofts monopolistic decision to have OEMs use UEFI whether a consumer wants this or not under the guise of security when in fact its an effort to maintain control on MS part." Others used far harsher terms.

Unfortunately, these people are ignoring the simple fact that the vast majority of new PCs are being sold with Windows 8. This, in turn, means they're locked into that Windows 8 with UEFI Secure Boot Short of cracking UEFI security, something no one really wants to do in Linux development circles; the only viable choice has been to work within Secure Boot to get Linux to work. It's what Fedora , Ubuntu , openSUSE, and now the Linux Foundation, has chosen to do.

Is this ideal? No. As far as I'm concerned Secure Boot is far more about locking people into Windows than it is about security. For now though fixes like these are Linux's only viable options.

Related Stories:

Topics: Linux, Hardware, Microsoft, Open Source, Operating Systems, PCs, Security, Software Development, Ubuntu, Windows 8

About

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system; 300bps was a fast Internet connection; WordStar was the state of the art word processor; and we liked it.His work has been published in everything from highly technical publications... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.