Lokhu kungukuhumusha kokuthunyelwe okubili okuthathwe nguJames Bottomley kubhulogi lakhe. Okuthunyelwe kokuqala kwenziwa ngoFebhuwari 1 futhi kubizwa nge- "LCA2013 kanye noKwakha kabusha iBoot Ephephile"
Bengithule kancane, ngakho-ke sekuyisikhathi sokunikeza isibuyekezo kulokho okwenzekayo ngeLinux Foundation's Secure Boot Loader (ikakhulukazi ukuthi ivezwe ku-LCA2013). (Xhuma kumasilayidi)
Ingqikithi yenkinga ukuthi uGregKH (umakhi we-kernel uGreg Kroah-Hartman) wathola ekuqaleni kukaDisemba ukuthi iPre-BootLoader ehlongozwayo ngeke isebenze ngendlela yayo yamanje neGummiboot. Lokho bekusabisa ngoba bekusho ukuthi bekungagcwalisi inhloso yeLinux Foundation yokusebenzisa wonke ama-bootloaders. Ocwaningweni, isizathu sasilula: IGummiboot yadalelwa ukukhombisa ukuthi ungenza i-bootloader encane, elula ezosebenzisa lonke usizo olutholakala kwipulatifomu ye-UEFI esikhundleni sokuba ilayishi enkulu yokuxhumanisa njengeGRUB. Ngeshwa kusho ukuthi uqala ama-kernels usebenzisa umsebenzi we-BootServices-> LoadImage (), okusho ukuthi i-kernel ezofakwa ebhuthini kufanele ihlole ukuhlolwa okuphephile kwe-boot kungxenyekazi ye-UEFI. Ekuqaleni i-Pre-BootLoader, efana ne- Shim (I-bootloader kaMathew Garrett), yabhalwa ukusebenzisa ukulayishwa kwesixhumanisi se-PE / Coff ukunqoba ukuhlolwa okuphephile kwe-boot. Ngeshwa, kusho ukuthi okuthile okuphethwe yi-Pre-BootLoader kufanele futhi kusebenzise ukulayishwa kwesixhumanisi ukushaya ukuhlolwa okuphephile kwe-boot kunoma yini efuna ukuyilayisha ngakho-ke iGummiboot, okungeyona eyokulayisha isixhumanisi ngamabomu, ngeke isebenze ngaphansi kwalolu hlelo.
Ngakho-ke bekufanele ngiphinde ngihlele kabusha futhi ngibhale kabusha: Inkinga manje isuke kokuthi "ungakha kanjani i-link loader esayinwe yiMicrosoft elalela izinqubomgomo zayo" iye "ekutheni ungazisebenzisa kanjani zonke izingane ze-boot loader ukuze zisebenzise umsebenzi weBootServices-> LoadImage () yokulalela izinqubomgomo zabo. ' Ngenhlanhla, kunendlela yokunqanda ingqalasizinda yokusayina yesikhulumi se-UEFI ngokufaka eyakho inqubo yokuphepha yokwakha. Ngeshwa, ukucaciswa kokuqalwa kwepulatifomu akuyona ingxenye yesicaciso se-UEFI, kepha ngokuthokozisayo kwenziwa yilo lonke uhlelo lweWindows 8 ongaluthola. Ubungcweti obusha bunqamula leyo protocol futhi bengeza ukuhlolwa kwayo kokuphepha. Kodwa-ke, kunenkinga yesibili: Ngenkathi sisekuphindaphindelweni kokubuyiswa kweprothokholi yokwakha, akusho ukuthi sinabanikazi besikrini sohlelo lwe-UEFI, okwenza kube nzima ukwenza isivivinyo somsebenzisi sokugunyaza ukwenziwa kanambambili. Ngenhlanhla, kunendlela engasebenzi yokwenza lokhu futhi leyo yindlela ye-SUSE Machine Owner Key (MOK). Ngakho-ke, iLinux Foundation Pre-BootLoader manje iguqukile ukusebenzisa ukuguquguquka okujwayelekile kwe-MOK ukugcina ama-hashes agunyaziwe kanambambili.
Okuqhamuka kukho konke lokhu ukuthi manje usungasebenzisa i-Pre-BootLoader nge-Gummiboot (njengoba nje yenziwa kudemo ku-LCA2013). Ukuqalisa, kufanele ungeze ama-hashes ama-2: elilodwa leGummiboot uqobo kanye nelinye le-kernel ofuna ukuyivula, kepha empeleni kuyinto enhle ngoba manje unenqubomgomo eyodwa yokuphepha elawula konke ukulandelana kwama-boot. IGummiboot uqobo lwayo ibinamaphepha okubona ukuphahlazeka ngenxa yebhuthi ephephile futhi ibonisa umyalezo okutshela ukuthi iyiphi i-hash ongayibhalisa.
Ngizokwenza okuthunyelwe okuhlukile ngichaze ukuthi izakhiwo ezintsha zisebenza kanjani, kepha ngicabange ukuthi kungcono ngichaze ngokwenzeka ngenyanga edlule.
Futhi lokhu okuthunyelwe kwesibili ukwenze izolo futhi ubizwa "Kuthulwe i-Linux Foundation Secure Boot System"
Njengoba kuthenjisiwe, nansi i-Linux Foundation Secure Boot System. Empeleni sikhishwe yiMicrosoft ngoFebhuwari 6, kepha ngohambo, izingqungquthela nemihlangano angibanga nesikhathi sokuqinisekisa konke kuze kube namuhla. Amafayela lawa:
I-PreLoader.efi (md5sum 4f7a4f566781869d252a09dc84923a82)
I-HashTool.efi (md5sum 45639d23aa5f2a394b03a65fc732acf2)
Futhi dala isithombe esincane se-miniable USB; (Kuzofanela usifake ku-USB usebenzisa i-dd; isithombe sinezingxenye ze-GPT, ngakho-ke sisebenzisa i-disk yonke). Inegobolondo le-EFI lapho i-kernel kufanele ibe khona futhi isebenzisa i-gummiboot ukuyilayisha. Ungayithola lapha (md5sum 7971231d133e41dd667a184c255b599f).Ukuze usebenzise isithombe esincane se-USB, kufanele ufake ama-hashes we-loader.efi (kufolda ye- \ EFI \ BOOT) kanye ne- shell.efi (kufolda yezimpande). Iphinde ifake ikhophi yeKeyTool.efi okufanele ufake i-hash ukuze usebenze.
Kwenzekeni kuKeyTool.efi? Ekuqaleni bekuzoba yingxenye yekithi yethu esayiniwe. Kodwa-ke, ngesikhathi sokuhlola iMicrosoft ithole ukuthi ngenxa yesiphazamiso kwelinye lamapulatifomu e-UEFI, ingasetshenziswa ukukhipha ngokhiye ukhiye endaweni yesikhulumi, okungonakalisa uhlelo lokuphepha lwe-UEFI. Kuze kube yilapho sikwazi ukukuxazulula lokhu (sinomthengisi wangasese ku-loop), benqabile ukusayina i-KeyTool.efi yize ungayigunyaza ngokungeza okuguquguqukayo kwe-MOK uma ufuna ukukusebenzisa.
Ngazise ukuthi lokhu kuhamba kanjani ngoba nginentshisekelo yokuqoqa impendulo kulokho okusebenzayo nokuthi yini okungasebenzi. Ikakhulu, ngikhathazekile ngokuthi ukubhala ngaphezulu kweprotocol yezokuphepha ngeke kusebenze kwamanye amapulatifomu, ngakho-ke ngifuna ikakhulukazi ukwazi ukuthi akubasebenzeli yini.
Fuentes:
http://blog.hansenpartnership.com/lca2013-and-rearchitecting-secure-boot/
http://blog.hansenpartnership.com/linux-foundation-secure-boot-system-released/
Nquma ukuthi izindaba ezinhle noma ezimbi yini.
Hhayi, angiwuboni umthelela wesikhathi eside, kepha kimi kuzoba umgomo wami ukuthola eyodwa yalezi http://blog.linuxmint.com/?p=2055
Ziyabiza kakhulu, ngicabanga.
Kunezinkampani ezidayisa amakhompyutha ngaphandle kohlelo lokusebenza olufakwe ngaphambilini. Abanye bakuvumela ukuthi ukhethe phakathi kuka-Ubuntu noma abanye bese uyithumela ekhaya lakho ilungile. Ungathenga futhi izingxenye bese uzihlanganisa ngokwakho bese ubeka isistimu yokusebenza oyifunayo.
Edolobheni lakho (i-GDL) kunoxhaxha lwezitolo zamakhompiyutha ezithengisa amakhompyutha ngaphandle kohlelo lokusebenza olufakwe kuqala. Ungafaka i-Linux kuzo.
Kukhona njalo izinketho. Kulokhu, zikude futhi "zifihlwe" kakhulu kumsebenzisi ojwayelekile. Kepha okwethu abafuna iLinux, kukhona, kukhona.
Azikho izinketho eziningi zabasebenzisi eLatin America ngoba lezo zinkampani "ezikhethekile" azivamisile ukufika lapha
awwnnn edabukisayo, edabukisayo…. lelo doti i-UEFI liyinkinga yangempela
Bika Iphutha…. kwenzenjani? Kungani ngithole uphawu lwe-apula kumazwana ami? Ngisebenzisa midori, kepha kusuka kubuntu, hhayi kusuka ku-mac: /
Kulula kakhulu, kufanele ushintshe i-ejenti yomsebenzisi.
Lawa ma-plugins asuselwe ekufuneni intambo (intambo yombhalo) kuleli cala abheka isistimu yakho kumenzeli womsebenzisi futhi umenzeli wasemidori womsebenzisi unentambo yombhalo nayo eneMacOS X, angikhumbuli ukuthi i-intel noma i-Mac OSX noma laba bobabili, kepha qala uthole le ntambo bese uyihlobisa kube sengathi yi-Mac. Esikhathini esithile esedlule ngahlela iskripthi esifanayo ku-php nakwezinye i-javascript futhi lokhu kuyaxazululwa kusuka kuskripthi, ngibona ukuthi akuthathi lutho ngemuva kweMac OS X nokuthumela lowo mphumela kokuguquguqukayo kwe-midori, ngoba ukuphela kwento ehlukanisa i-ejenti yomsebenzisi esetshenziswe yi-midori naleyo ye-Mac, noma nathi singayiguqula.
Bheka leli sayithi nge-midori
http://whatsmyuseragent.com/
Futhi i-ejenti yomsebenzisi ayihlanganise lutho neLinux
Phendula ngokucaphuna
«UCarlos-Xfce
Edolobheni lakho (i-GDL) kunoxhaxha lwezitolo zamakhompiyutha ezithengisa amakhompyutha ngaphandle kohlelo lokusebenza olufakwe kuqala. Ungafaka i-Linux kuzo. "
Ngaleso sikhathi bengibheka angitholi, ngithenge kuphela umthengisi ongithengisa ngama-netbook ngaphandle kwe-OS, kodwa kuphela lokho, akukho PC noma ilaptop, kuphela i-netbook.
Ungasho igama leketanga?
Uma ukuthumela igama leketanga kungachazwa ngokungeyikho, futhi kubhekwe njengogaxekile, kungakuhle ukulinda abaphathi ukuthi banikeze umbono wabo ngalo.