The pre-bootloader for booting Linux distros with Secure Boot is now ready

Alejandro (a.k.a KZKG^Gaara)

2 minutes

 The Linux Foundation has released a version of the Secure Boot System, delivered by Microsoft into two files (PreLoader.efi and HashTool.efi) and that allows independent developers to create their Linux distribution with support for this safe mode and tear without problems in equipment with UEFI and Windows 8 installed.


Colleague Diazepan went to the trouble of translating James Bottomley's blog post, which explains the announcement in detail:

As promised, here is the Linux Foundation Secure Boot System. It was actually released to us by Microsoft on February 6, but with the travels, conferences, and meetings I didn't have time to validate everything until today. The files are:

PreLoader.efi (md5sum 4f7a4f566781869d252a09dc84923a82)
HashTool.efi (md5sum 45639d23aa5f2a394b03a65fc732acf2)
I also created a bootable mini-USB image; (You have to install it on the USB using dd; the image has GPT partitions, so it uses the whole disk). It has an EFI shell where the kernel should be and uses gummiboot to load it. May find it here (md5sum 7971231d133e41dd667a184c255b599f).

To use the mini-USB image, you have to enter the hashes for the loader.efi (in the EFIBOOT folder) and the shell.efi (in the root folder). It also includes a copy of KeyTool.efi, you have to enter the hash to run.

What happened to the KeyTool.efi? It was originally going to be part of our signed kit. However, during testing Microsoft discovered that due to a bug in one of the UEFI platforms, it could be used to remove the platform key programmatically, which would ruin the UEFI security system. Until we can solve this (we have the private vendor in the loop), they refused to sign the KeyTool.efi although you can authorize it by adding MOK variables if you want to run it.

Let me know how this goes because I'm interested in gathering feedback on what works and what doesn't. In particular, I am concerned that the security protocol override will not work on some platforms, so I particularly want to know if it does not work for them.

What do you think? Is this good news? Is it functional to Microsoft's interests? The debate is open.

Source: James Bottomley's blog


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Linux news said
    ago 11 years

    Take a look at this page, it's just getting started. newslinux.wordpress.com

    Respond to Linux News
  2.   Eduardo said
    ago 11 years

    Make it Simple ???

    Reply to Eduardo
  3.   fraternal said
    ago 11 years

    Excellent blog this. I always follow. Please be careful and correct the first paragraph that says "The Free Software Foundation ..." when it really should say Linux Foundation. It is not the same and this confusion could lead to problems, since the first thing that is read is what is left in mind.

    Reply to fraternal
  4.   Enrique a. said
    ago 9 years

    Hello Let's use Linux,
    I just installed, partitioning the hard drive "linuxmint-17-cinnamon-64bit-v2", on my laptop that has Windows 8.1 pre-installed.
    I would appreciate it if you could tell me how I can get it started, and be able to decide the boot mode in one of the two operating systems.
    I am totally new to both operating systems.
    Thanking you for your help, I look forward to your news,
    Kind regards.
    Henry A.

    Reply to enrique a.
    1.    let's use linux said
      ago 9 years

      Hello, Enrique!

      We recommend that you ask this question in our question and answer service called Ask DesdeLinux so that the whole community can help you with your problem.

      A hug, Pablo.

      Reply to usemoslinux