How UEFI Secure Boot can kill a good Linux distro

Story: Fedora 18 To Include UEFI Secure Boot By Default Total Replies: 15
Author Content
caitlyn

Jul 26, 2012
3:52 PM EDT
This article reveals the real cost to Fedora and Red Hat of UEFI Secure Boot. The cost is very, very high:

1. The system won't boot with proprietary video drivers installed. While some FSF purists might cheer the rest of the Linux community should be concerned. We've getting Valve and Steam and gaming on Linux is becoming competitive, right? Not if you're stuck with FOSS drivers that don't support the very latest cards or which offer much poorer performance (think Nouveau here). It's not just gaming that's impacted: scientific visualization and any real time 3D rendering software won't fly. That will impact RHEL and clones rather severely. Unless Red Hat finds a workaround that enterprise customers will accept they have a real problem on their hands.

2. KMS mode setting is required for video. There is a lot of older hardware that just won't work with a current X.org implementation unless you can pass nokms to the kernel at boot. A lot of users of older hardware won't be running Fedora 18.

The article mentions that some other kernel parameters won't be able to be passed at boot. I wonder how much other hardware just won't work with Fedora 18 as a result.

Now we know the real cost of the Fedora/Red Hat solution and their deal with Microsoft: a large dose of hardware incompatibility. This definitely hurts those distros and, by extension, Linux as a whole.

Scott_Ruecker

Jul 26, 2012
3:54 PM EDT
Guess I'll just stick to Linux Mint for the foreseeable future then..:-)
caitlyn

Jul 26, 2012
4:00 PM EDT
Mint is downstream from Ubuntu and Canonical is doing a UEFI Secure Boot implementation as well. Unless Mint strips that out things may not be any better.
BernardSwiss

Jul 26, 2012
5:19 PM EDT
But will Fedora insist you install/use Secure Boot, or just include the option?

(I got the impression that it's the latter)
JaseP

Jul 26, 2012
7:37 PM EDT
I suspect Mint will implement a solution similar to Ubuntu, where only the bootloader is required to be signed (as far as I understand it). I don't believe that Ubuntu will have the kernel and kernel space drivers signed. Maybe I misread that, though.
caitlyn

Jul 26, 2012
8:11 PM EDT
I think a lot just isn't known yet and we'll have to wait and see just how bad the various implementations are. With Fedora, UEFI Secure Boot and the shim bootloader will be installed by default. If there is an option to bypass this in the installer (and it's not at all clear there will be) then a user has to know enough to make that choice and has to know enough to know that's the reason his or her hardware won't work. For a lot of users it will simply translate as Linux = crap. Also, for those who want to dual boot Windows8 and Linux disabling UEFI Secure Boot will not be an option.

I'm quite certain this is a really bad thing. The questions raised simply make clear that we don't know how really bad it is.
jdixon

Jul 27, 2012
9:23 AM EDT
> Also, for those who want to dual boot Windows8 and Linux disabling UEFI Secure Boot will not be an option.

I doubt Windows 8 is going to disenfranchise all the older non-UEFI users by requiring that secure boot be enabled on x86 machines. ARM is another matter, as there aren't any older users to affect.
caitlyn

Jul 27, 2012
11:25 AM EDT
Quoting: I doubt Windows 8 is going to disenfranchise all the older non-UEFI users by requiring that secure boot be enabled on x86 machines.
Actually, you'd be wrong on that count. Microsoft has announced there will be no retail versions of Windows 8. It will be OEM only.
helios

Jul 27, 2012
11:50 AM EDT
That's what has confused me for a while....and probably because I haven't read deeply enough into it. ARM isn't going to replace the X86 architecture anytime soon, at least from what I understand, and I'm not sure what the adaptation rate of ARM will be. Those of us that know better will avoid ARM if it remains as restrictive as it is planned to be, but Caitlyn has a point. To those that wander into best buy and let the salesman make their decisions for them, they as it seems, would be screwed.

jdixon

Jul 27, 2012
12:33 PM EDT
> Actually, you'd be wrong on that count. Microsoft has announced there will be no retail versions of Windows 8. It will be OEM only.

I did some searching on that and couldn't find any official Microsoft announcement, only third party reports. They all indicated that both OEM and upgrade versions will be available. Which means you'll almost certainly still be able to buy the OEM version from NewEgg and the like with any hardware purchase. The OEM version may or may not require UEFI to install, there's no indication.

I did find Microsoft announcements detailing a $40 upgrade package which you'll be able to download from Microsoft, and a $70 upgrade package you'll be able to buy retail. I don't think there's any way the upgrade versions are going to require UEFI to install, especially since they allow for upgrades from Windows XP.
Fettoosh

Jul 27, 2012
12:44 PM EDT
Quoting:I think a lot just isn't known yet and we'll have to wait and see just how bad the various implementations are.


That is what I said a while ago and I wasn't going to comment on the subject until we know more. But what I am concerned about is, all this work being done on the Linux side will eventually encourage OEMs to not implement an optional setting in the BIOS to bypass the Stupid UEFI Secure Boot

MS is creating a lot of FUD about this issue purposely to create commotion and disturbance. it is the psyche before an attack or a new release, which all account to much needed "publicity".

Quoting:Microsoft has announced there will be no retail versions of Windows 8. It will be OEM only.


If that is the case, then I am bit foggy (am I not always!) about how MS is going to cater to users who want to upgrade to Windows 8 on their existing non-UEFI computers?

I believe MS will go back on its own word, and it won't be the first time.

gus3

Jul 27, 2012
4:02 PM EDT
UEFI = Users Engaging a Furious Interface.

@Fettoosh, Microsoft needs to rejuvinate the merchandise revenue stream for Intel. The pressure from ARM architectures is gaining on them both.
helios

Jul 28, 2012
8:36 AM EDT
Gus, I like your new acronym. Personally, I would have replaced your choice for the letter "f: with a well-known two word hyphenated expletive, but Scott's absence isn't the time to break TOS...I mean, not that it's stopped me before. Just being considerate to those with more a delicate verbal tolerance.

But then again, there would be those that argue it changes the acronym to UEFUI.

;-)
lsatenstein

Aug 01, 2012
12:22 PM EDT
When you buy a TV set, do you buy it to change the electronics or logic of the tuner and software? The pc is becoming an appliance, and that means that you will buy a pc without an operating system, or one where Ubuntu or Windows is installed.

MS wants to make it an appliance, and that means that they will also be the owners of the Microsoft Store, where all vendors of software for Windows will have to submit their product in order for it to be purchased

Hope the rules in Europe disallow what MS is doing -- copying Apple.
BernardSwiss

Aug 01, 2012
12:30 PM EDT
A "personal computer" isn't an "appliance" -- it's the whole d*mn kitchen.
caitlyn

Aug 01, 2012
1:30 PM EDT
I agree with BernardSwiss. Also, at least here in the U.S., where do you buy one with Ubuntu? Dell has one offering now and one with Red Hat, special order only. Otherwise it's specialty vendors who tend to be very expensive. It won't be Windows or Ubuntu, lsatenstein, it will be Windows or Mac with Linux shut out.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!