Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

Sam Varshavchik mrsam at courier-mta.com
Fri Jun 1 02:18:25 UTC 2012 

Chris Adams writes:

> Once upon a time, jdow <jdow at earthlink.net> said:
> > What does this do to those who must recompile the kernel to include say
> > special unusual file systems? If this is disallowed it can render access to
> > historical data on obscure filesystems inaccessible.
>
> You can turn off Secure Boot.  The Fedora boot loader getting signed
> just makes it easier for users to install/run Fedora; it does not
> prevent you from running whatever you want.

I'm starting a betting pool.

I don't know when this whole certification process is scheduled to go out  
the door, but I'm going to start things off by betting 1,000 quatloos that a  
year after this entire dog-n-pony show gets running, Fedora's bootloader  
will still not be signed.

I can't even find the words to express how obvious of a train-wreck this is  
going to be.

Now, even though I have absolutely zero knowledge of the technical details,  
I'm pretty sure that I do know enough to be absolutely positive and  
confident that this entire kit-and-kaboodle has no choice but require a  
closed, hood-welded-shut OS, booted up with a signed chain, in order for it  
to work.

If you allow a signed bootloader to load an open operating system – any  
operating system, not just Linux – that makes the entire purpose of a  
signed bootloader absolutely and totally moot. This is really very  
fundamental. This is a joke. It's a laughing stock. It doesn't take long to  
boot a kernel – only a few seconds. Most of the time we spend staring at  
the Fedora logo is taken up by all the userspace stuff waking up.

So, this laughable signed bootloader protection can now be trivially  
bypassed by a virus, simply by loading a bare-bones Linux kernel, taking  
over, getting its hooks in, than simply winding things back, and booting the  
Microsoft OS, with the luser hardly noticing that anything's wrong.

Splat.

Really, Microsoft can't simply be /that/ dumb. They've got smart people over  
there. They understand this. And if they don't right, they will pretty soon;  
as soon as the gory details sink in, and they start thinking what the  
consequences are going to be.

This whole blather about the certification process being just a formality is  
just a phony facade. It's not going to happen. It's just PR. An open OS  
defeats the entire purpose of a signed bootloader.

Now, I welcome for anyone to prove me wrong. Please, there just has to be  
someone on the list, who has more details, and can answer a simple question  
for me: if the Fedora boot-loader is signed, is it possible to get a Linux  
kernel loaded, then simply boot back into Windows?

Bueller?

Bueller?

What a joke.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120531/4378c2aa/attachment-0001.sig>

More information about the users mailing list