Microsoft & UEFI Secure Boot

A technical solution has finally been proposed to avoid locking out Linux and other OS vendors from UEFI shipped motherboards.  A couple of months ago Microsoft made waves by announcing their Windows 8 support for UEFI.  Open source supports took notice that this security mechanism could prevent other operating systems from booting on UEFI compatible hardware.

The Linux Foundation has released a paper with a possible solution:

papers suggest that all platforms which enable Secure Boot should ship in “setup mode” which would give the system owner control of the Secure Boot system. Initial startup of an operating system should then detect that setup mode and install a KEK (key-exchange-key) and PK to enable Secure Boot. The system would then securely boot that operating system. When a user needed to take control of their system’s secure boot, a “reset” option for UEFI’s keys would allow those keys to be cleared and a different operating system installed. Microsoft’s Windows 8 could also be pre-installed in the same way; the UEFI reset would then unlock the machine for other operating systems.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s