Ceci est une ancienne révision du document !
I hope this is the first of a new column. I’d like to use this space to show articles that take a single subject and explain (briefly, and simply) the history, some behind-the-scenes information, and how the software we use interacts with the chosen subject. Send your articles to articles@fullcirclemagazine.org
Here are some ideas to help get you creative: newsgroups, IRC, BitTorrent, email, the web, video codecs, PGP encryption, the kernel, graphics tablets…
Before we delve into what UEFI (Unified Extensible Firmware Interface) is, let’s take a step back and review what we have at the moment.
When your computer is powered up, your BIOS (Basic Input Output System) kicks in and does a quick check of your hardware to ensure everything that is required is plugged and in good working order. Should anything be out of place, you will hear beeps from the computer’s built-in speaker. These beeps, similar to morse code, tell you what is wrong. The BIOS does have a user interface to allow configuration. This is usually seen by pressing Del, F1, or something similar.
Once your BIOS is happy that the system is OK, it will begin loading the operating system.
Since the BIOS system has been around (in one form or another) since the mid-70s, it’s definitely time for it to be replaced. UEFI will be that replacement. Well, sort of.
UEFI
Many tout UEFI as a replacement, but really it works with the BIOS in booting the computer. The idea behind it is that UEFI is a mini-OS which will be mouse driven (with a GUI), and even have its own command-line prompt. Being a mini-OS in storage somewhere means that this new look BIOS will be multi-language, and potentially remove the need for the old morse code beeps. It all sounds great so far, so why the outrage?
Secure Boot
UEFI has a feature called ‘secure boot’ that will disable hardware, drivers and other loaders that do not have a digital signature. Think of a digital signature as being a certificate from the manufacturer to say that this is genuine hardware/software. Booting is a bit complicated, but simply put: when secure boot is enabled, it requires that hardware/software show some form of ID, and if the ID matches known legitimate ID’s in a database, then everything moves along swiftly. But this is where the potential arguments arise.
Finger Pointing
Before blaming Microsoft, which everyone seems to do, remember that secure boot is part of UEFI, it just happens that Windows 8 will use it. The problem is that Microsoft has demanded that all hardware marked as being for Windows 8 should have secure boot enabled by default. This means that Linux would not be able to boot, or dual-boot, since it doesn’t have a valid form of ID. Hardware vendors who aren’t aligned with Microsoft will have the ability to tweak UEFI and secure boot as they see fit, but, as I’m sure you can imagine, they’ll be few and far between.
Microsoft has specified that on X86 (Intel or AMD) machines with the Windows 8 logo, you will be able to disable secure boot (i.e.: enter custom mode) which will allow Linux to boot. The problem is that most users really won’t want to make their shiny new Windows 8 machine potentially vulnerable. And for good reason.
Credentials
So wait, what if Linux was to get a valid ID. Well, that might conflict with the GPL (GNU Public License) that Linux conforms to. The valid ID would need to be kept a closely guarded secret which would cause problems when releasing source code, as doing so would reveal that distro’s unique digital signature. Initially the same was thought of GRUB 2 (the Ubuntu boot loader), but this has now been resolved and Ubuntu 12.10+ will continue using GRUB 2.
Another way is: if you can’t beat them, join them. Fedora has forged an alliance with Microsoft and paid the $99 (€77) to obtain a secure boot key.
Summation
In summing up: • UEFI is not Microsoft • Windows 8 logo machines must have secure boot enabled • Users can, if they wish, disable secure boot • Disabling secure boot leaves Windows 8 vulnerable • Secure boot keys must be kept secure • UEFI does not replace the BIOS, but works with it
Oh, and I should mention that there is one other company enforcing secure boot on machines pre-loaded with their OS. Canonical. Oh, the irony…