[Mageia-dev] [council] *ping* Media query: secure boot support

Colin Guthrie mageia at colin.guthr.ie
Tue Jan 29 12:58:40 CET 2013


'Twas brillig, and Thomas Backlund at 29/01/13 11:50 did gyre and gimble:
> Colin Guthrie skrev 29.1.2013 11:30:
>> 'Twas brillig, and Thomas Backlund at 29/01/13 09:11 did gyre and gimble:
>>> Olav Vitters skrev 29.1.2013 10:43:
>>>> On Sun, Jan 27, 2013 at 01:43:25PM +0100, Marja van Waes wrote:
>>>>>> From: Sam Varghese<sam at gnubies.com>
>>>> [..]
>>>>>> I would like to know what Mageia plans to do about secure boot - when
>>>>>> you will have a release that supports booting on hardware on which
>>>>>> this
>>>>>> feature is enabled.
>>>>
>>>> I'm wondering as well. I've been thinking to upgrade my system
>>>> somewhere
>>>> this year. This means secure boot, UEFI, etc. It would be nice if
>>>> Mageia
>>>> supports that nicely.
>>>>
>>>
>>> Supporting (U)EFI does not require SecureBoot support...
>>>
>>> we wont support SecureBoot for Mga3, and there is no rush considering
>>> a lot of changes is still happening on several fronts...
>>>
>>> I will try to see if I can fix the UEFI part for ~beta3, but no promises
>>> yet....
>>>
>>> And for people thinking of Windows 8 dual boot... Win8 does not
>>> _require_ SecureBoot either... (only the overprized RT does)
>>>
>>>
>>> And personally, I dont think we should ever bother with the SecureBoot
>>> crap as its flawed in so many ways...
>>
>> On a semi-related note, it would be nice to package gummiboot although I
>> have no h/w to test it on.
>>
> 
> Yep, that is one of the things I'm looking at...

Cool :)

>> For mga4 it might make sense to integrate it (assuming it's still a good
>> solution) properly into our tools.
>>
>> Personally, I'm going to avoid grub2. It seems insane to me to implement
>> all kinds of exotic filesystem supoort and even md stuff in a
>> bootloader...
> 
> 
> Well, I think for next 3.8 kernel build I think I will make ahci, ext4
> and btrfs builtin so you can boot without initrd on new hw, and if you
> install the kernel in correct place on the "efi" partition, you can
> boot the kernel directly without bootloader... :)

Yup, with newer systemds (not yet in mga - think it's probably best to
wait for mga4, but I could backport those bits if there is sufficient
interest), if you have an EFI partition and you have an empty /boot
folder with no other /boot mounts defined, it'll automatically mount the
efi partition there.

This is where I think our tools would need updating to realise this was
the case and use the correct vendor subdir for kernel (and optional
initrd) installation. Will likely take a bit of fiddling to get right,
hence why I think this is really an mga4 thing for the most part.

Col

-- 

Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/


More information about the Mageia-dev mailing list