Implementing UEFI Secure Boot in Fedora

So it is back to paying the Microsoft tax.

The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.
Is it time to go and buy your next rig before it is too late?

That is stupid. Just stupid.

Am I right in assuming this part of that article:

What about grub? We've already switched Fedora 18 over to using grub 2 by default on EFI systems, but it still needs some work before it's ready for secure boot. The first thing is that we'll be disabling the module loading. Right now you can load arbitrary code into grub 2 at runtime, and that defeats the point of secure boot. So that'll be disabled.

means that kernel boot parameters are out of the question ?

Not sure that will be helpful … I’d just disable secure boot in the BIOS :o

I’m also assuming the $99 is a one off payment by Fedora … so not a tax for Fedora users, but a tax non the less >:(

There is a little humour in this … Mark Shuttleworth sold Thawte to Verisign back in 1999 … now he may have to give $99 back to them :wink: … the $99 goes to Verisign, not Micro$oft.

Bet he’s wondering whether he should have sold Thawte now :slight_smile:

means that kernel boot parameters are out of the question ?
That is what I read into it too :(
Not sure that will be helpful .. I'd just disable secure boot in the BIOS :o
You might not get the choice. It depends on the manufacturers decision on how to implement it. I would be tempted to shorten out the bios chip in question. If the MB still works after that then I would feel 8)

I have confidence in the Linux community … they’ll find a way round this … nothing is undefeatable :slight_smile:

Oh … and you’re mad, but you’d be cool in my eyes just for trying that :slight_smile:

What is so wrong with booting normally? :frowning: Why can’t MS keep their nose out of the s**t for at least one thing, instead of breaking it.

If you read the article linked by Mathew Garrett then you would see that it is really a threat to a PC running MS Operating systems.

So instead of MS fixing the locks on their Windows they just hire bigger bouncers at the gate ;D

I gathered that… I’d best hurry up and go buy a new laptop soon otherwise it looks like I’ll be landed with UEFI. Which I do not want. EVER.

Great article slagging off the Red Hat/Fedora decision:

Now THAT was a good read. I’m sitting here with a big grin on my face.