[opensuse-project] UEFI situation
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation? Regards -- Chris Jones @ kernel.devproject@gmail.com and oracle.kerneldev@gmail.com OpenSUSE Linux x86_64 (PC)|Android (Smartphone)|Windows 7 (Laptop)|Windows XP (Gaming) Linux kernel developer|Solaris kernel developer|Lead Developer of SDL|Lead Developer of Nest Linux Gamer and Emulator nut|Web Services|Digital Imaging Services Controllers: Rapier V2 Gaming mouse|Logitech Precision|PS3 controller|XB360 controller|Logitech Attack 3 j/stick Emulators: Fusion|Gens|ZSNES|Project64|PCSX-R|Stella|WinVICE|WinUAE|DOSBox -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Monday, June 25, 2012 14:43:41 Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Btw. it's openSUSE - always with a small "o". There's no decision yet from openSUSE. A couple of guys are looking into the whole situation - not only from an openSUSE perspective but also looking what to do for SUSE Linux Enterprise. They seem to like the Fedora approach but nothing is decided yet, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
2012/6/25 Andreas Jaeger
On Monday, June 25, 2012 14:43:41 Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Btw. it's openSUSE - always with a small "o".
There's no decision yet from openSUSE.
A couple of guys are looking into the whole situation - not only from an openSUSE perspective but also looking what to do for SUSE Linux Enterprise. They seem to like the Fedora approach but nothing is decided yet,
As one of the guys AJ mentioned who is working on the issue, I could tell that two basic principles for openSUSE 1. We will not enroll KEKs to firmware (for openSUSE) The reason is that openSUSE is an open and free distribution and hosted by community. It's not an commercial distribution that sell on market on OEM products. Enrolling KEK really conflicts the nature of openSUSE, which should encourage distribute of the distribution, not restrict it or even lock down the to the systems with on SUSE keys installed. Also enrolling the keys requires some degree of partnership with OEM and working with IBV for the solution, which is not open and not possible for communities to participate. 2. Be equal or friendly with other distribution That means the solution has to align with what most other distribution be able to choose and would allow co-operate with them. This implies the windows signing service would be used as it's an fair offer for all with a universal key installed. Until there's another signing authority recommended by uefi forum, this is the only possible way to go. I think the decision would be Fedroa's proposed solution, that is we have a first stage bootloader signed by Microsoft signing service and a second stage bootloader signed by us, thus we can avoid to integrate Ms signing process to our infrastructure (OBS or whatever) as it's painful (a *real living person* is involved to authenticate) and we still have flexibilities for signing our bootlo. About the kernel and kernel modules signing, it's still in discussing, at least in the summit 2012. We have to watch it closely as it could be a complementary technology to secure boot, However my **personal** opinion is that the authentication happens after ExitBootService() should be considered mandate and should be up to the OSV to decide (as we already leave the pre-boot environment which UEFI secure boot tends to protect) . Beside, ** I ** am thinking to provide better flexibilities to Redhat's solutions. We based on it and made some changes that we|communities think we should add, by means of a layer (1.5 stage bootloader) between 1st and 2nd stage. Not sure it's feasible or doable so far. bootloader 1 (signed by MS) -> bootloader 1.5 (developed and signed by SUSE) -> bootloader 2 (allow signed by user, whatever any bootloader is allowed) 2. distro default loader choice, grub2 or other bsd loaders which would impose little license issue 3. more freedom to user, for example they could sign their own bootloader (if their certificate could placed in ESP or in UEFI variable to feed to 1.5 loader) 3. other *measure boot* technology like TPM be integrate to replace the auth happens in 1.5. 4. multiboot with other distribution's efi, if they are signed and certs are in place. Above are stayed as a thoughts of myself and I'd like to know anyone's thinking about it .. I will continue in investigating it and hope that it makes sense to work on such direction. Thanks, Michael
Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
As one of the guys AJ mentioned who is working on the issue, I could tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution That means the solution has to align with what most other distribution be able to choose and would allow co-operate with them. This implies the windows signing service would be used as it's an fair offer for all with a universal key installed. Until there's another signing authority recommended by uefi forum, this is the only possible way to go.
The Fedora proposal, presumably blessed by Red Hat, seems radically different from the Ubuntu proposal, presumably blessed by Canonical. So is there a "middle ground" between the two that would be friendly to both?
I think the decision would be Fedroa's proposed solution, that is we have a first stage bootloader signed by Microsoft signing service and a second stage bootloader signed by us, thus we can avoid to integrate Ms signing process to our infrastructure (OBS or whatever) as it's painful (a *real living person* is involved to authenticate) and we still have flexibilities for signing our bootlo.
I'm a big fan of simplicity - as in "do the simplest thing that will work". There are an awful lot of "moving parts" here. There's the firmware, the boot-sector-resident code, the rest of the bootloader, the initrd and the kernel just to get to the point where all the other miscellaneous code running as a privileged user gets into RAM. After *that* is all accomplished, *then* all the userspace stuff can happen. [snip] Is there a way to eliminate a few layers of complexity? Operating systems are supposed to be *simple*. Linus has complained about "bloat", I know, but the hardware keeps getting better and things like a provably secure microkernel running Linux as a guest aren't as farfetched on a 2012-vintage quad-core x86_64 as they were on a 386. -- Twitter: http://twitter.com/znmeb Computational Journalism Server http://j.mp/compjournoserver Data is the new coal - abundant, dirty and difficult to mine. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
2012/6/26 M. Edward (Ed) Borasky
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
wrote: As one of the guys AJ mentioned who is working on the issue, I could tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution That means the solution has to align with what most other distribution be able to choose and would allow co-operate with them. This implies the windows signing service would be used as it's an fair offer for all with a universal key installed. Until there's another signing authority recommended by uefi forum, this is the only possible way to go.
The Fedora proposal, presumably blessed by Red Hat, seems radically different from the Ubuntu proposal, presumably blessed by Canonical. So is there a "middle ground" between the two that would be friendly to both?
By reading ubuntu's plan for download version I believe it's similar with fedora's, except these difference: 1. Kenerl and kernel module signing is not required 2. They choose efilinx (bsd licensed) as default boot loader as gplv2 licensed would have potential law infringement if not publish private key and it's certificate would be revoked by MS For preload or Ubuntu certificated machines it would require firmware to enroll their KEKS, but this should not compared with Fedora as it's vertically integrated product with OEM selling for profit and not the case for openSUSE as well. So I think for open & free download distributions, use microsoft signed first stage tiny bootloader to load self signed distribution's bootloader could be a consent.
[snip]
I'm a big fan of simplicity - as in "do the simplest thing that will work". There are an awful lot of "moving parts" here. There's the firmware, the boot-sector-resident code, the rest of the bootloader, the initrd and the kernel just to get to the point where all the other miscellaneous code running as a privileged user gets into RAM. After *that* is all accomplished, *then* all the userspace stuff can happen.
To me the most simplicity is do nothing, yeah this could be an option if you ask me for it. Ask user who want to run free distribution to disable secure boot is not entirely a bad idea, if you agree they should suffer from the decision made by the monopoly company and go protest it. :/ I think what the distribution is thinking and doing is a way to circumvent the situation, it's not an regular procedure who really wants secure boot technology but who wants to have the system "just work". So it looks pretty ugly and redundancy and whatever. Frankly there's not so many moving parts IMHO, we don't care about the initrd and kernel at this moment because when they are loaded and executed, the UEFI Boot Service ended (aka they are not running in pre-boot contect) also there's no boot sector as UEFI boot protocol not requires it. :)
[snip]
Is there a way to eliminate a few layers of complexity? Operating systems are supposed to be *simple*. Linus has complained about "bloat", I know, but the hardware keeps getting better and things like a provably secure microkernel running Linux as a guest aren't as farfetched on a 2012-vintage quad-core x86_64 as they were on a 386.
I could understand and don't want to introduce the extra layers to mess things further, this is why I think that's my personal idea and not decided. The complexity is because we want support on secure boot and not restrict the bootloader to be SUSE-blessed. We can't make the change on the first stage because it should be simple and bug free, neither is the second stage as it's distribution specific so only introducing a 1.5 layer is possible. But I think *not running blessed bootloader" itself will have problem as it contradict the *chian-of-trust* design of secure boot (sign).
-- Twitter: http://twitter.com/znmeb Computational Journalism Server http://j.mp/compjournoserver
Data is the new coal - abundant, dirty and difficult to mine.
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
wrote: As one of the guys AJ mentioned who is working on the issue, I could tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution That means the solution has to align with what most other distribution be able to choose and would allow co-operate with them. This implies the windows signing service would be used as it's an fair offer for all with a universal key installed. Until there's another signing authority recommended by uefi forum, this is the only possible way to go. The Fedora proposal, presumably blessed by Red Hat, seems radically different from the Ubuntu proposal, presumably blessed by Canonical. So is there a "middle ground" between the two that would be friendly to both?
I am now wondering if this whole thing may be just an unnecessary PITA caused by yet another MS stumble. Like all "empires" which must come to an end at some point, I wonder if this is the beginning of the end for one certain behemoth?: http://www.zdnet.com/blog/open-source/has-microsoft-opened-the-door-to-the-l... [......] BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 and kernel 3.4.3 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 06/26/2012 04:43 PM, Basil Chupin wrote:
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
wrote: As one of the guys AJ mentioned who is working on the issue, I could tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution That means the solution has to align with what most other distribution be able to choose and would allow co-operate with them. This implies the windows signing service would be used as it's an fair offer for all with a universal key installed. Until there's another signing authority recommended by uefi forum, this is the only possible way to go. The Fedora proposal, presumably blessed by Red Hat, seems radically different from the Ubuntu proposal, presumably blessed by Canonical. So is there a "middle ground" between the two that would be friendly to both?
I am now wondering if this whole thing may be just an unnecessary PITA caused by yet another MS stumble.
It probably is a PITA, but boot process attacks do exist - see for example http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats - so this is not just security theatre. It's also worth having a read of couple more of mjg's posts: "No, really, secure boot does add security" http://mjg59.dreamwidth.org/2012/06/14/ "The security of Secure Boot" http://mjg59.dreamwidth.org/12897.html Regards, Tim -- Tim Serong Senior Clustering Engineer SUSE tserong@suse.com -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Tim Serong wrote:
On 06/26/2012 04:43 PM, Basil Chupin wrote:
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
wrote: As one of the guys AJ mentioned who is working on the issue, I could tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution That means the solution has to align with what most other distribution be able to choose and would allow co-operate with them. This implies the windows signing service would be used as it's an fair offer for all with a universal key installed. Until there's another signing authority recommended by uefi forum, this is the only possible way to go. The Fedora proposal, presumably blessed by Red Hat, seems radically different from the Ubuntu proposal, presumably blessed by Canonical. So is there a "middle ground" between the two that would be friendly to both?
I am now wondering if this whole thing may be just an unnecessary PITA caused by yet another MS stumble.
It probably is a PITA, but boot process attacks do exist - see for example
http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats
- so this is not just security theatre.
We're probably going OT, but one can't help wondering if the risk of the above is severe enough to warrant the combined UEFI effort - inventing it, spec'ing it and the Linux communities' effort in working with or around it. I tend to side with Basil here - this is not just about security. Follow-ups to opensuse-offtopic please. -- Per Jessen, Zürich (19.8°C) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
2012/6/26 Tim Serong
It probably is a PITA, but boot process attacks do exist - see for example
I agree with matthew and UEFI secure boot could provide protect at preboot. The question is it really a need for consumer product? assuming we all working in Nation Defense Department and will really appreciate this functionality? I think it would be fine for all of us if it's a default disabled feature, and SUSE could focus on the solution who really want this feature enabled on the products like server or preload machines .. the ms signing, first and second stage bootloader are aiming to get the distro boot up from this default shipped status in sake of better user experience, which is a bit twisted to the real purpose of secure boot IMHO. Regards, Michael
http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats - so this is not just security theatre. It's also worth having a read of couple more of mjg's posts:
"No, really, secure boot does add security" http://mjg59.dreamwidth.org/2012/06/14/
"The security of Secure Boot" http://mjg59.dreamwidth.org/12897.html
Regards,
Tim -- Tim Serong Senior Clustering Engineer SUSE tserong@suse.com -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 06/26/2012 08:03 PM, Michael Chang wrote:
2012/6/26 Tim Serong
: It probably is a PITA, but boot process attacks do exist - see for example
I agree with matthew and UEFI secure boot could provide protect at preboot. The question is it really a need for consumer product? assuming we all working in Nation Defense Department and will really appreciate this functionality?
I think it would be fine for all of us if it's a default disabled feature, and SUSE could focus on the solution who really want this feature enabled on the products like server or preload machines .. the ms signing, first and second stage bootloader are aiming to get the distro boot up from this default shipped status in sake of better user experience, which is a bit twisted to the real purpose of secure boot IMHO.
I agree that it would be most straightforward if this were disabled by default and those who want it could turn it on. If most hardware comes like that, maybe we can forget about the whole thing :) But I worry about new hardware with Win8 pre-installed and this thing enabled, so, my personal opinion is as follows (sorry Per, I still think this is on topic, at least to frame some thoughts). 1) Speaking very generally: * UEFI secure boot helps security "somehow" (I think this has been described well enough elsewhere). * There will be some people who actually care and/or want it, and some who don't care and/or don't want it. 2) Speaking more specifically: * On x86 hardware (with the ability to disable secure boot), some people will want it turned on, some people will want it turned off, and some people won't know what to do with it at all and/or won't know it exists until it bites them. * On Win8 logo ARM hardware, it will always be on, so it doesn't matter what anybody wants, we're stuck with it. 3) Speaking even more specifically, it seems to me that the users we (openSUSE) have to care about are: * x86 hardware, for users who: * know what it is, and want it. * don't know what it is, and/or don't want it, and don't know how to turn it off (think: new users, who without secure boot support may not even be able to *try* openSUSE on new win8 hardware). * ARM hardware, if we support ARM (I'd guess the people working on the openSUSE ARM port will want this at some point, if secure boot can't be disabled by the user). The only users we don't need to worry about are the ones who don't want it, and who know how to turn it off. That's probably most of the people participating in this thread :) Disclaimer: I'm not actually involved in writing any code to support this thing. Please accept my apologies for that - it's been a long time since I hacked on anything even remotely resembling a boot loader... Regards, Tim -- Tim Serong Senior Clustering Engineer SUSE tserong@suse.com -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2012-06-26 at 23:17 +1000, Tim Serong wrote: ...
The only users we don't need to worry about are the ones who don't want it, and who know how to turn it off. That's probably most of the people participating in this thread :)
There is one detail you forget: double booting with Win 8, which has been said will not boot if the feature is disabled⁽¹⁾. This would require to enable/disable the feature in Bios, then choosing one or another system in grub. Tedious. (1) Not verified. - -- Cheers, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk/qTzMACgkQtTMYHG2NR9XSvgCdEUyYuP1p2j50Mk//fVfMeVRa zqMAn3wNZWh0usCjJOdanxcqfWK5Ex2h =uQRp -----END PGP SIGNATURE-----
On Wed, 27 Jun 2012 02:09:23 +0200 (CEST)
"Carlos E. R."
On Tuesday, 2012-06-26 at 23:17 +1000, Tim Serong wrote:
...
The only users we don't need to worry about are the ones who don't want it, and who know how to turn it off. That's probably most of the people participating in this thread :)
There is one detail you forget: double booting with Win 8, which has been said will not boot if the feature is disabled⁽¹⁾. This would require to enable/disable the feature in Bios, then choosing one or another system in grub. Tedious.
(1) Not verified.
- -- Cheers, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar)
Hi AFAIK you can boot windows 8 in 'untrusted' mode, which is what I assume would be a user who uses older hardware without secure boot present but UEFI capabilities. -- Cheers Malcolm °¿° (Linux Counter #276890) SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 3.0.34-0.7-default up 5:12, 2 users, load average: 0.40, 0.63, 0.58 CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
2012/6/26 Tim Serong
On 06/26/2012 08:03 PM, Michael Chang wrote:
2012/6/26 Tim Serong
: [snip]
I agree that it would be most straightforward if this were disabled by default and those who want it could turn it on. If most hardware comes like that, maybe we can forget about the whole thing :) But I worry about new hardware with Win8 pre-installed and this thing enabled, so, my personal opinion is as follows (sorry Per, I still think this is on topic, at least to frame some thoughts).
1) Speaking very generally:
* UEFI secure boot helps security "somehow" (I think this has been described well enough elsewhere).
* There will be some people who actually care and/or want it, and some who don't care and/or don't want it.
2) Speaking more specifically:
* On x86 hardware (with the ability to disable secure boot), some people will want it turned on, some people will want it turned off, and some people won't know what to do with it at all and/or won't know it exists until it bites them.
* On Win8 logo ARM hardware, it will always be on, so it doesn't matter what anybody wants, we're stuck with it.
3) Speaking even more specifically, it seems to me that the users we (openSUSE) have to care about are:
* x86 hardware, for users who: * know what it is, and want it.
Probably such user have to wait a while, considering they want a key in firmware to have the full secure boot feature, and enjoy same experience on Windows, something may have to be done or happen. Note some case is for free download distribution. IMHO they are. 1. The complementary technology on linux boot path is implemented, that is bootloader authenticate with kernel and initrd, and kernel authenticate with loaded kernel module. The entire security mechanism is disabled when secure boot disable. Otherwise it may not a real secure "system" solution because the entire boot path is untrusted after bootloader finishes. (think Window has Winqual which only load trusted module). Matthew's blog has good explanation for this topic. 2. The UEFI tools for signing driver and key management (for ex, manipulating authenticated variable to write signature database) are mature and up-streamed. All distributions could leverage and support secure boot on their own (and on their will). Otherwise the system is still consider locked by those who is able to work with OEM on providing the solution and most free distribution is not suppose able to do that. 3. OEM welcome keys from free distribution, even they couldn't provide any warranty to them. And would like to put efforts on communicating ,or even more, test and verify the key could work. If above condition could satisfied, I think it's time to enroll key for openSUSE. :) Or any good timing we could consider as feasible?
* don't know what it is, and/or don't want it, and don't know how to turn it off (think: new users, who without secure boot support may not even be able to *try* openSUSE on new win8 hardware).
The currently discussion solution is aiming for such category of user I think, they may even be scared by the warning message pops when disabling secure boot. :) Thanks, Michael -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Tue, Jun 26, 2012 at 6:03 AM, Michael Chang
2012/6/26 Tim Serong
: It probably is a PITA, but boot process attacks do exist - see for example
I agree with matthew and UEFI secure boot could provide protect at preboot. The question is it really a need for consumer product? assuming we all working in Nation Defense Department and will really appreciate this functionality?
The REAL reason why this is implemented is because currently Windows 7 can be pirated with a hacked bootloader. Therefore this UEFI secure boot will in theory render that "attack" impossible. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Andrew Joakimsen wrote:
The REAL reason why this is implemented is because currently Windows 7 can be pirated with a hacked bootloader. Therefore this UEFI secure boot will in theory render that "attack" impossible.
In theory, impossible. Technically, not. Just thought I should clear that up. Cheers -- Chris Jones @ kernel.devproject@gmail.com also on oracle.kerneldev@gmail.com and netbsd.kerneldev@gmail.com OpenSUSE Linux x86_64 (PC)|Android (Smartphone)|Windows 7 (Laptop)|Windows XP (Gaming) Linux kernel developer|Solaris kernel developer|BSD kernel developer Lead Developer of SDL|Lead Developer of Nest Linux|Gamer and Emulator nut|Web Services|Digital Imaging Services Controllers: Rapier V2 Gaming mouse|Logitech Precision|PS3 controller|XB360 controller|Logitech Attack 3 j/stick Emulators: Fusion|Gens|ZSNES|Project64|PCSX-R|Stella|WinVICE|WinUAE|DOSBox -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
There is an interesting thread started by James Bottomley at http://lkml.indiana.edu/hypermail/linux/kernel/1206.3/01710.html for those interested in exploring secure UEFI booting but have no suitable hardware. Larry -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 06/28/2012 05:06 PM, Larry Finger wrote:
There is an interesting thread started by James Bottomley at http://lkml.indiana.edu/hypermail/linux/kernel/1206.3/01710.html for those interested in exploring secure UEFI booting but have no suitable hardware.
Larry
There's a wiki page about this now: http://en.opensuse.org/KVM/UEFI_Secure_boot_using_qemu-kvm Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 26/06/12 16:56, Tim Serong wrote: > On 06/26/2012 04:43 PM, Basil Chupin wrote: >> On 26/06/12 15:13, M. Edward (Ed) Borasky wrote: >>> On Mon, Jun 25, 2012 at 9:01 PM, Michael Changwrote: >>> >>>> As one of the guys AJ mentioned who is working on the issue, I could >>>> tell that two basic principles for openSUSE >>>> >>> [snip] >>> >>>> 2. Be equal or friendly with other distribution >>>> That means the solution has to align with what most other distribution >>>> be able to choose and would allow co-operate with them. This implies >>>> the windows signing service would be used as it's an fair offer for >>>> all with a universal key installed. Until there's another signing >>>> authority recommended by uefi forum, this is the only possible way to >>>> go. >>> The Fedora proposal, presumably blessed by Red Hat, seems radically >>> different from the Ubuntu proposal, presumably blessed by Canonical. >>> So is there a "middle ground" between the two that would be friendly >>> to both? >> I am now wondering if this whole thing may be just an unnecessary PITA >> caused by yet another MS stumble. > It probably is a PITA, but boot process attacks do exist - see for > example > http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats > - so this is not just security theatre. It's also worth having a read > of couple more of mjg's posts: > > "No, really, secure boot does add security" > http://mjg59.dreamwidth.org/2012/06/14/ > > "The security of Secure Boot" > http://mjg59.dreamwidth.org/12897.html > > Regards, > > Tim As I earlier stated in another post, we have been booting our operating systems, say openSUSE, for many years without any problems. Yes, there is/was a setting in the BIOS which checks/checked for malware in the boot sector. But if there was one, which operating system/systems could suffer as a result of such malware? Not a Linux system is my understanding. But now an operating system which caused a multi-million secondary industry to evolve to try and protect it from malware has suddenly come up with a PITA procedure to try and protect itself from malware because it hasn't the ability to write software which is immune to malware. So, instead it comes up with this "uefi" crap which apparently affects EVERY operating in the world. And this is supposed to be "beneficial" to all computer systems/users!? I think the bottom line here is that- 1. re those closed-source/proprietary operating systems, they don't have bright enough programmers who are capable of putting together a system which is secure; and 2. re the opensource systems, like openSUSE, are too reliant on the efforts of "community" members to write code and then there is no procedure in place which thoroughly examines the code before it is included in a distro/s. The claim that Linux is secure because it is opensource and can be examined by anyone is but a lame claim when something is included as an update or upgrade but only examined at some future date after the horse has bolted and has caused a meltdown (you know what I mean). I must be missing something here, and I readily admit that I do not have the technical knowledge re this matter, but what is the good of booting a system with all this "uefi" rubbish when there is then no real security to install some file which has been written by some "community" member and which has not gone thru a security check to see what exactly it is trying to do? Proprietary software like that produced by MS and Apple have well paid programmers writing code and yet they come up with crap which is open to hacking. But openSUSE uses "community" members, and as Henne stated only days ago, /quote You do realize that we are an open source project and not your usual software-sweat-shop right? We as distro channel and integrate what all the FOSS projects and our own contributors do out there. We don't direct resources, we feed of what happens because an individual, a group or a company has an itch to scratch. /unquote Is this "uefi" thingie mean that *EVERY* piece of software which is to be installed on a system will require to be '"uefi"-compliant' before it will be installable so that the OS can be booted/rebooted with this piece of software installed? If not, then what is the good of going thru this "uefi" saga just to be able to boot the *operating* *system* - but then allow later/subsequent upgrades/updates to be installed without them being "uefi-compliant"? Or is every piece of software going to be thoroughly examined as a separate exercise to ensure that it contains no malware before it gets included as part of, say, openSUSE update/upgrade? BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 and kernel 3.4.3 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Wed, Jun 27, 2012 at 07:13:22PM +1000, Basil Chupin wrote:
On 26/06/12 16:56, Tim Serong wrote:
On 06/26/2012 04:43 PM, Basil Chupin wrote:
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
wrote:
[snip]
Is this "uefi" thingie mean that *EVERY* piece of software which is to be installed on a system will require to be '"uefi"-compliant' before it will be installable so that the OS can be booted/rebooted with this piece of software installed?
It's not uefi, but microsoft windows 8 logo requirement program. The technology itself is neutral and if used properly, it could benefit people who really wants it. However Microsoft renders it to "restricted boot" is not a problem of uefi, I would consider it as victim since many peopler mis-understand it. :) Basil, you would be interested in looking this "Free Software Foundation recommendations for free operating system distributions considering Secure Boot " https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/whitepaper-web The recommanded solution for operation system in terms of supporting uefi secureboot. == 1) fully supporting user-generated keys, including providing tools and full documentation for booting and installing both modified and official versions of the distribution using this method; 2) using a GPLv3-covered bootloader to help protect users against the dangers of Restricted Boot; 3) avoiding requiring or encouraging users to trust Microsoft or any company which makes proprietary software; and 4) joining the FSF and the broader free software movement in pressuring computer distributors to facilitate easy and independent installation of free software operating systems on any computer. == Apparently the recommendations did not encourage free distribution to adopt neither Fedora nor Ubuntu's process, each has it's own defect in FSF's point of view. I could say the real situration is much *worse* than what FSF's comprehend. And that's why free distribution are struggling in figurint out solution that could circumvent the situration. We can't change it and we see no light. :( 1) is simply not possible for now. As user-generated key means the chain-of-trust rooted on user (otherwise it's exploitable) but not OEM manufacturer. OEM support it means it can't satisfy microsoft logo requirement. And I also don't think for consumer product OEM would like to ship this feature because it's real need is few, and it's really big burden for them, for example, in terms of support user and in inventing their new factory|production process. (As I know the platform key is enrolled during production process ( to make sure it's secure .. lol) and it's one-way-only to turn from setup mode to user mode, it can turn back to setup mode unless you refresh your rom entirely 2) Per FSF's suggestion free distribution did not have to be in charge of the responsibilty of gplv3, it's hardware manufacturer as they are the distributer of software. Even though this is true, we still can't use grub2 because *OEM manufacturer will request to not to use gplv3 loader, as they don't want to expose on potential law suit either". Otherwise they will not accept your key .. quite irony fate to us. 3) Not possible, in current situration Microsoft Key is common in all firmware and that's the major reason why OEM are working to support secure boot => To get a Windows key in their machine that could run Win 8. 4) yes. :) Regards, Michael
If not, then what is the good of going thru this "uefi" saga just to be able to boot the *operating* *system* - but then allow later/subsequent upgrades/updates to be installed without them being "uefi-compliant"? Or is every piece of software going to be thoroughly examined as a separate exercise to ensure that it contains no malware before it gets included as part of, say, openSUSE update/upgrade?
BC
-- Using openSUSE 12.2 x86_64 KDE 4.8.4 and kernel 3.4.3 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Tue, Jul 3, 2012 at 12:17 AM, Michael Chang
2) using a GPLv3-covered bootloader to help protect users against the dangers of Restricted Boot
Some may argue then the operating system must be licensed through a GPL copyleft license? Or is there a consensus the GPL v3 bootloader can load any operating system without an issue? -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Tue, 03 Jul 2012 00:48:36 -0400, Andrew Joakimsen wrote:
On Tue, Jul 3, 2012 at 12:17 AM, Michael Chang
wrote: 2) using a GPLv3-covered bootloader to help protect users against the dangers of Restricted Boot
Some may argue then the operating system must be licensed through a GPL copyleft license? Or is there a consensus the GPL v3 bootloader can load any operating system without an issue?
I don't think that could be a requirement, otherwise Windows would have to be GPL licensed as well (or GRUB would have to be made intentionally incompatible with chainloading), wouldn't it? Seems it would be extremely unlikely (and unreasonable) for the GRUB authors to try to push the GPL3 to any OS that might be booted with GRUB. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
The Free Software Foundation has very little leverage here. Only actual customers spending or not spending actual currency have any leverage. For example, if the US Federal Government would cancel major hardware purchases because the machines could not run Linux, there would be change. -- Twitter: http://twitter.com/znmeb Computational Journalism Server http://j.mp/compjournoserver Data is the new coal - abundant, dirty and difficult to mine. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jul 02, 2012 at 10:54:21PM -0700, M. Edward (Ed) Borasky wrote:
The Free Software Foundation has very little leverage here. Only actual customers spending or not spending actual currency have any leverage. For example, if the US Federal Government would cancel major hardware purchases because the machines could not run Linux, there would be change.
Or the other way round, they would cancel linux purchase as they can't support secure boot as such Government deal the security is a major concern. I know this sounds pathetic as they are blinded by the marketing term which not really reflect the dark, but that's possible to happen so we'll still need FSF here to get more people understand. Like the term "restricted boot" they use be recognized by the public. Thanks, Michael
-- Twitter: http://twitter.com/znmeb Computational Journalism Server http://j.mp/compjournoserver
Data is the new coal - abundant, dirty and difficult to mine. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Tue, Jul 03, 2012 at 12:48:36AM -0400, Andrew Joakimsen wrote:
On Tue, Jul 3, 2012 at 12:17 AM, Michael Chang
wrote: 2) using a GPLv3-covered bootloader to help protect users against the dangers of Restricted Boot
Some may argue then the operating system must be licensed through a GPL copyleft license? Or is there a consensus the GPL v3 bootloader can load any operating system without an issue?
I think later is correct, my opinion is GPL should not exert on loaded operating system. But I may be wrong due to I'm not familar with that either. Thanks, Michael -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
I talked to AJ and information currently is: There is no final decision nor an end result. Some SUSE engineers are working on UEFI secure boot, but otherwise nothing was finalized. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, 2012-06-25 at 17:12 +0200, Marcus Meissner wrote:
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but otherwise nothing was finalized.
Ciao, Marcus
Is there an expected target date for when such a solution might be decided upon? (Whatever the ultimate solution will be.) I guess primarily the question would also be, which openSUSE release will likely have the UEFI solution? Bryen -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jun 25, 2012 at 10:16:32AM -0500, Bryen M Yunashko wrote:
On Mon, 2012-06-25 at 17:12 +0200, Marcus Meissner wrote:
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but otherwise nothing was finalized.
Ciao, Marcus
Is there an expected target date for when such a solution might be decided upon? (Whatever the ultimate solution will be.)
I have not heard of any target date, so "No".
I guess primarily the question would also be, which openSUSE release will likely have the UEFI solution?
It is too late for 12.2 I would say, so the next one after (likely named 13.1) should be it. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Monday, June 25, 2012 10:16:32 AM Bryen M Yunashko wrote:
On Mon, 2012-06-25 at 17:12 +0200, Marcus Meissner wrote:
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but otherwise nothing was finalized.
Ciao, Marcus
Is there an expected target date for when such a solution might be decided upon? (Whatever the ultimate solution will be.) I guess primarily the question would also be, which openSUSE release will likely have the UEFI solution?
Sure not before openSUSE 12.3. The way UEFI+SecureBoot will impact other than Windows 8 operating systems will be certainly known after the next 6 months. The ARM architecture is the critical one (Windows Logo Certification specification forbid to disable SecureBoot ). Other like x86 architecture might be flexible (including a way to disable the SecureBoot option). In the meantime, another option than Fedora+RedHat have decided is not visible shortly. The more we know about the UEFI+SecureBoot and boot requirements process will increase our chances to propose another approach. Regards, -- Ricardo Chung | Panama Linux & FOSS Ambassador openSUSE Projects -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jun 25, 2012 at 8:50 AM, Ricardo Chung
Sure not before openSUSE 12.3. The way UEFI+SecureBoot will impact other than Windows 8 operating systems will be certainly known after the next 6 months. The ARM architecture is the critical one (Windows Logo Certification specification forbid to disable SecureBoot ). Other like x86 architecture might be flexible (including a way to disable the SecureBoot option).
In the meantime, another option than Fedora+RedHat have decided is not visible shortly.
The more we know about the UEFI+SecureBoot and boot requirements process will increase our chances to propose another approach.
Canonical / Ubuntu just announced their approach. I don't remember the details, but it was different from Red Hat / Fedora's and involved replacing GRUB2 as the bootloader because the GPL wouldn't allow what the Ubuntu team proposes. Personally, I think the fewer GPL components a system has, the better, but I'm not in a position to impose that on others. ;-) -- Twitter: http://twitter.com/znmeb Computational Journalism Server http://j.mp/compjournoserver Data is the new coal - abundant, dirty and difficult to mine. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Monday, June 25, 2012 11:54:57 AM M. Edward Borasky wrote:
On Mon, Jun 25, 2012 at 8:50 AM, Ricardo Chung
wrote: Sure not before openSUSE 12.3. The way UEFI+SecureBoot will impact other than Windows 8 operating systems will be certainly known after the next 6 months. The ARM architecture is the critical one (Windows Logo Certification specification forbid to disable SecureBoot ). Other like x86 architecture might be flexible (including a way to disable the SecureBoot option).
In the meantime, another option than Fedora+RedHat have decided is not visible shortly.
The more we know about the UEFI+SecureBoot and boot requirements process will increase our chances to propose another approach.
Canonical / Ubuntu just announced their approach. I don't remember the details, but it was different from Red Hat / Fedora's and involved replacing GRUB2 as the bootloader because the GPL wouldn't allow what the Ubuntu team proposes. Personally, I think the fewer GPL components a system has, the better, but I'm not in a position to impose that on others. ;-)
Edward, You are right. Ubuntu is planning their own deployment on Ubuntu OEM by replacing Grub2 with "Intel's efilinux" (http://www.h-online.com/open/news/item/Canonical-details-Ubuntu-UEFI-Secure- Boot-plans-1624444.html) https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html I would dare to say this is more reactive than anything else to generate the general opinion. Regards, -- Ricardo Chung | Panama Linux & FOSS Ambassador openSUSE Projects -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jun 25, 2012 at 2:49 PM, Ricardo Chung
On Monday, June 25, 2012 11:54:57 AM M. Edward Borasky wrote:
On Mon, Jun 25, 2012 at 8:50 AM, Ricardo Chung
wrote: Sure not before openSUSE 12.3. The way UEFI+SecureBoot will impact other than Windows 8 operating systems will be certainly known after the next 6 months. The ARM architecture is the critical one (Windows Logo Certification specification forbid to disable SecureBoot ). Other like x86 architecture might be flexible (including a way to disable the SecureBoot option).
In the meantime, another option than Fedora+RedHat have decided is not visible shortly.
The more we know about the UEFI+SecureBoot and boot requirements process will increase our chances to propose another approach.
Canonical / Ubuntu just announced their approach. I don't remember the details, but it was different from Red Hat / Fedora's and involved replacing GRUB2 as the bootloader because the GPL wouldn't allow what the Ubuntu team proposes. Personally, I think the fewer GPL components a system has, the better, but I'm not in a position to impose that on others. ;-)
Edward,
You are right. Ubuntu is planning their own deployment on Ubuntu OEM by replacing Grub2 with "Intel's efilinux" (http://www.h-online.com/open/news/item/Canonical-details-Ubuntu-UEFI-Secure- Boot-plans-1624444.html) https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html
I would dare to say this is more reactive than anything else to generate the general opinion.
Regards,
-- Ricardo Chung | Panama Linux & FOSS Ambassador openSUSE Projects -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
I'm not at all impressed with either GRUB2 of the behavior traits of certain FSF folks. ;-) -- Twitter: http://twitter.com/znmeb Computational Journalism Server http://j.mp/compjournoserver Data is the new coal - abundant, dirty and difficult to mine. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Monday, June 25, 2012 11:54:57 AM M. Edward Borasky wrote:
On Mon, Jun 25, 2012 at 8:50 AM, Ricardo Chung
wrote: Sure not before openSUSE 12.3. The way UEFI+SecureBoot will impact other than Windows 8 operating systems will be certainly known after the next 6 months. The ARM architecture is the critical one (Windows Logo Certification specification forbid to disable SecureBoot ). Other like x86 architecture might be flexible (including a way to disable the SecureBoot option).
In the meantime, another option than Fedora+RedHat have decided is not visible shortly.
The more we know about the UEFI+SecureBoot and boot requirements process will increase our chances to propose another approach.
Canonical / Ubuntu just announced their approach. I don't remember the details, but it was different from Red Hat / Fedora's and involved replacing GRUB2 as the bootloader because the GPL wouldn't allow what the Ubuntu team proposes. Personally, I think the fewer GPL components a system has, the better, but I'm not in a position to impose that on others. ;-)
This was written today on IT World: "openSUSE still searching for UEFI, Secure Boot solution" (http://www.itworld.com/it-managementstrategy/282286/opensuse- still-searching-uefi-secure-boot-solution) Regards, -- Ricardo Chung | Panama Linux & FOSS Ambassador openSUSE Projects -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jun 25, 2012 at 11:12 AM, Marcus Meissner
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but otherwise nothing was finalized.
Ciao, Marcus
I hope all 3 constituencies are considered in their evaluation: 1) SLES 2) openSUSE 3) SuseStudio Greg -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, 25 Jun 2012 12:03:12 -0400, Greg Freemyer wrote:
On Mon, Jun 25, 2012 at 11:12 AM, Marcus Meissner
wrote: On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but otherwise nothing was finalized.
Ciao, Marcus
I hope all 3 constituencies are considered in their evaluation:
1) SLES 2) openSUSE 3) SuseStudio
OBS probably needs to as well, since it can be/is used to build kernel packages. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jun 25, 2012 at 06:35:32PM +0000, Jim Henderson wrote:
On Mon, 25 Jun 2012 12:03:12 -0400, Greg Freemyer wrote:
On Mon, Jun 25, 2012 at 11:12 AM, Marcus Meissner
wrote: On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but otherwise nothing was finalized.
Ciao, Marcus
I hope all 3 constituencies are considered in their evaluation:
1) SLES 2) openSUSE 3) SuseStudio
OBS probably needs to as well, since it can be/is used to build kernel packages.
If we model this after the Fedora model, where the kernel is supposed to be signed, then this will be hard to do. In that model we will certainly not allow a random OBS kernel build to be officially signed. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 06/25/2012 01:39 PM, Marcus Meissner wrote:
If we model this after the Fedora model, where the kernel is supposed to be signed, then this will be hard to do.
In that model we will certainly not allow a random OBS kernel build to be officially signed.
Agreed, but I would certainly want something upstream from the kernel satisfy the signed requirement. Those of us that do kernel development need to generate our own kernels. Larry -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jun 25, 2012 at 01:47:51PM -0500, Larry Finger wrote:
On 06/25/2012 01:39 PM, Marcus Meissner wrote:
If we model this after the Fedora model, where the kernel is supposed to be signed, then this will be hard to do.
In that model we will certainly not allow a random OBS kernel build to be officially signed.
Agreed, but I would certainly want something upstream from the kernel satisfy the signed requirement. Those of us that do kernel development need to generate our own kernels.
For these purposes the secure mode of the UEFI x86 BIOS is supposed to be disable-able. Ciao, Marcs -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jun 25, 2012 at 11:47 AM, Larry Finger
On 06/25/2012 01:39 PM, Marcus Meissner wrote:
If we model this after the Fedora model, where the kernel is supposed to be signed, then this will be hard to do.
In that model we will certainly not allow a random OBS kernel build to be officially signed.
Agreed, but I would certainly want something upstream from the kernel satisfy the signed requirement. Those of us that do kernel development need to generate our own kernels.
Larry
Have either Linus Torvalds or the FSF weighed in on the Ubuntu proposal, which features ditching GRUB2 as the bootloader?
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- Twitter: http://twitter.com/znmeb Computational Journalism Server http://j.mp/compjournoserver Data is the new coal - abundant, dirty and difficult to mine. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, 25 Jun 2012 20:39:06 +0200, Marcus Meissner wrote:
OBS probably needs to as well, since it can be/is used to build kernel packages.
If we model this after the Fedora model, where the kernel is supposed to be signed, then this will be hard to do.
In that model we will certainly not allow a random OBS kernel build to be officially signed.
Yes, that could prove difficult - probably what would need to happen is there be a function added to allow someone building a kernel to provide their own signing key (at least). Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 25/06/12 14:43, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject was from Jim Henderson on 26 June. Any progress report from anyone on this most important matter? BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 07/17/2012 08:08 AM, Basil Chupin wrote:
On 25/06/12 14:43, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject was from Jim Henderson on 26 June.
Seems you're missing quite a few emails. The latest were from the 3rd of July. Michael Chang and others are looking for a solution here, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 17/07/12 17:38, Andreas Jaeger wrote:
On 07/17/2012 08:08 AM, Basil Chupin wrote:
On 25/06/12 14:43, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject was from Jim Henderson on 26 June.
Seems you're missing quite a few emails. The latest were from the 3rd of July. Michael Chang and others are looking for a solution here,
Andreas
Gosh, you are absolutely right, Andreas. Sorry about that. I will need to check the settings in my Thunderbird. Now that you have mentioned it, I can see those posts dated 3 July - but they are way up in the middle of the thread and not at the end (as in date order). OK, but even so, 17 days after that post from Michael, any further news? Can one expect some sort of progress report on the matter? BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 20/07/12 20:31, Basil Chupin wrote:
On 17/07/12 17:38, Andreas Jaeger wrote:
On 07/17/2012 08:08 AM, Basil Chupin wrote:
On 25/06/12 14:43, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject was from Jim Henderson on 26 June.
Seems you're missing quite a few emails. The latest were from the 3rd of July. Michael Chang and others are looking for a solution here,
Andreas
Gosh, you are absolutely right, Andreas.
Sorry about that.
I will need to check the settings in my Thunderbird. Now that you have mentioned it, I can see those posts dated 3 July - but they are way up in the middle of the thread and not at the end (as in date order).
Andreas, I have tried to have a look at what may be going on with the messages from Michael Chang (and others) but I give up. I simply don't have any longer the inclination nor patience to go figuring out what the heck the message Headers contain :-( . In one message Michael posts using Mutt and with the Return address of opensuse-bounce and in another he posts using using Mutt with a Return address of novell.com. And yet in another he posts as "mchang.novell@gmail.com". Here is a screen grab of the thread under discussion, and you can see where his posts are located. I have configured Thunderbird to sort the posts by date, by received, by order received and they all end up looking the same as on the screen grab. The screen grab is here: http://picpaste.com/mchang-XbeiLp3p.png OK, I'll just have to be more careful in the future about looking at the dates when messages were posted. Sorry "for the noise". [..............] BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-07-20 15:00, Basil Chupin wrote:
OK, I'll just have to be more careful in the future about looking at the dates when messages were posted.
Sorry "for the noise".
In thunderbird I sort by date, threaded, and I collapse all threads using the "\" key. This way, when I see a non-bold, underlined post, I know that it is one that I started to read and has unread posts. And if the added post is new, the thread will be at the bottom of the window, easily visible. It is difficult then to miss those posts. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAJXNYACgkQIvFNjefEBxpNYwCgxGsne3FsHZ7mz8pdJaDbiZk4 ocsAnRTEWxa00gmllzRZPvVQEjQ09bdh =IzR6 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 20/07/12 23:27, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-07-20 15:00, Basil Chupin wrote:
OK, I'll just have to be more careful in the future about looking at the dates when messages were posted.
Sorry "for the noise". In thunderbird I sort by date, threaded, and I collapse all threads using the "\" key. This way, when I see a non-bold, underlined post, I know that it is one that I started to read and has unread posts.
And if the added post is new, the thread will be at the bottom of the window, easily visible. It is difficult then to miss those posts. I have the messages sorted by "whichever way but loose": left to right, right to left, top to bottom, bottom to top, outside in, inside in...... You get the picture :-) . (Actually, the sort order is Date>Ascending>Threaded.)
What you say is correct PROVIDED that you check your mail and, especially, if you check a folder (such as opensuse-project) on a *daily* basis - which I don't always get the chance to do, and certainly didn't do so in this case. BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 17/07/12 17:38, Andreas Jaeger wrote:
On 07/17/2012 08:08 AM, Basil Chupin wrote:
On 25/06/12 14:43, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject was from Jim Henderson on 26 June.
Seems you're missing quite a few emails. The latest were from the 3rd of July. Michael Chang and others are looking for a solution here,
Andreas
I just came across this. Of any use?- http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-pr... BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
To summarize:
Either there has been no progress, or there has been progress and it
has happened behind closed doors as far as this mailing list is
concerned. Is that correct? ;-)
On Sat, Jul 21, 2012 at 12:35 AM, Basil Chupin
On 17/07/12 17:38, Andreas Jaeger wrote:
On 07/17/2012 08:08 AM, Basil Chupin wrote:
On 25/06/12 14:43, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject was from Jim Henderson on 26 June.
Seems you're missing quite a few emails. The latest were from the 3rd of July. Michael Chang and others are looking for a solution here,
Andreas
I just came across this. Of any use?-
http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-pr...
BC
-- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- Twitter: http://twitter.com/znmeb Computational Journalism Studio http://j.mp/CompJournStudio Data is the new coal - abundant, dirty and difficult to mine. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 22/07/12 03:26, M. Edward (Ed) Borasky wrote:
To summarize:
Either there has been no progress, or there has been progress and it has happened behind closed doors as far as this mailing list is concerned. Is that correct? ;-)
Well, it may be correct. But, on the other hand, it may not be correct. The situation is being examined and the decision as to whether there has been or has not been progress will be, probably, disclosed when it is better known if there has been or has not been any progress. (BTW, I have been wondering where I have seen the letters "EFI" before - and I found them this morning at the car park, appearing on the side of a car; "EFI", of course, stands for Electronic Fuel Injection. Now we can expect copyright/trademark/patent wars breaking out over the use of "EFI"! Holey Moley! We may be living in interesting times soon :-) !) BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.5-1 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Sat, Jul 21, 2012 at 05:35:48PM +1000, Basil Chupin wrote:
On 17/07/12 17:38, Andreas Jaeger wrote:
On 07/17/2012 08:08 AM, Basil Chupin wrote:
On 25/06/12 14:43, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject was from Jim Henderson on 26 June.
Seems you're missing quite a few emails. The latest were from the 3rd of July. Michael Chang and others are looking for a solution here,
Andreas
I just came across this. Of any use?-
http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-pr...
Thanks, we had been use it (OVMF) built from James's project in verfying the bootloader signing results. :) The current progress is we successfully walking through the process below. 1. create/generate PK/KEK key pairs 2. create/generate our own key pairs, say SUSE_KEY 3. enroll PKpub, KEKpub in setup mode, enable secure boot 4. build the stub loader (shim) with embedded SUSE_KEYpub public key certifcate. 5. sign shim with KEKpriv 6. sign bootloader (elilo and grub2) with SUSE_KEYpriv 7. verify signed shim could run in secure boot enabled 8. verify signed bootloaer could run in secure boot enabled 9. verffy any unsigned images cannot run in secure boot enabled 10. verify any unsigned images could run in secure boot disabled PS. Both sign tools, pesign and sbsign, are used in above process and verified to work. If you interested in more detail, below is the wiki page created for the procedure. http://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools http://en.opensuse.org/openSUSE:UEFI_Secure_boot_using_qemu-kvm I've tried to collect the relevant packages in my obs project https://build.opensuse.org/project/show?project=home%3Amichael-chang%3AUEFI And if you want to try building the OVMF from scratch, this wiki page may be useful. http://en.opensuse.org/SDB:UEFI_EDK2_Build_Howto_On_openSUSE12_1 Sorry the information is not consolidated well, we are still working on it. Thanks to people who involves in this topic (esp for James, Gary and Joey). Thanks, Michael
BC
-- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 23/07/12 13:23, Michael Chang wrote:
On Sat, Jul 21, 2012 at 05:35:48PM +1000, Basil Chupin wrote: [........]
I just came across this. Of any use?-
http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-pr... Thanks, we had been use it (OVMF) built from James's project in verfying the bootloader signing results. :)
The current progress is we successfully walking through the process below.
[............] Thank you Michael for the update. But may I please make a suggestion that people be kept informed by posts either in this list and/or the general help list and when final decision(s) are made in all including the Announce list? BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.5-1 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Mon, Jul 23, 2012 at 04:18:13PM +1000, Basil Chupin wrote:
On 23/07/12 13:23, Michael Chang wrote:
On Sat, Jul 21, 2012 at 05:35:48PM +1000, Basil Chupin wrote: [........]
I just came across this. Of any use?-
http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-pr... Thanks, we had been use it (OVMF) built from James's project in verfying the bootloader signing results. :)
The current progress is we successfully walking through the process below.
[............]
Thank you Michael for the update.
But may I please make a suggestion that people be kept informed by posts either in this list and/or the general help list and when final decision(s) are made in all including the Announce list?
Sure. of course no problem. :) Thanks, Michael
BC
-- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.5-1 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means Windows
8 devices will appear on store shelves as soon as the makers can build
them, test them and ship them. There's going to be a humongous
marketing push from Microsoft to get them into the hands of as many
people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan. Attachmate
/ openSUSE? Bueller? Bueller?
:-(
On Mon, Jul 16, 2012 at 11:08 PM, Basil Chupin
On 25/06/12 14:43, Chris Jones wrote:
So what was the decision/end result with the UEFI situation? Where does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject was from Jim Henderson on 26 June.
Any progress report from anyone on this most important matter?
BC
-- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- Twitter: http://twitter.com/znmeb Computational Journalism Studio http://j.mp/CompJournStudio Data is the new coal - abundant, dirty and difficult to mine. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 04/08/12 08:40, M. Edward (Ed) Borasky wrote:
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means Windows 8 devices will appear on store shelves as soon as the makers can build them, test them and ship them. There's going to be a humongous marketing push from Microsoft to get them into the hands of as many people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan. Attachmate / openSUSE? Bueller? Bueller?
There seems to be a lot of plans and talk of plans, yet nothing has eventuated. Yet... Regards -- Chris Jones @ kernel.devproject@gmail.com also on oracle.kerneldev@gmail.com and netbsd.kerneldev@gmail.com Ubuntu 12.04 (PC)|Android (Smartphone)|Windows 7 (Laptop)|Windows XP (Gaming) Linux kernel developer|Solaris kernel developer|BSD kernel developer|Lead Developer of SDL|Lead Developer of Nest Linux|Gamer and Emulator nut|Web Services|Digital Imaging Services Controllers: Rapier V2 Gaming mouse|Logitech Precision|PS3 controller|XB360 controller|Logitech Attack 3 j/stick Emulators: Fusion|Gens|ZSNES|Project64|PCSX-R|Stella|WinVICE|WinUAE|DOSBox -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Sat, 04 Aug 2012 10:26:42 +1000
Chris Jones
On 04/08/12 08:40, M. Edward (Ed) Borasky wrote:
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means Windows 8 devices will appear on store shelves as soon as the makers can build them, test them and ship them. There's going to be a humongous marketing push from Microsoft to get them into the hands of as many people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan. Attachmate / openSUSE? Bueller? Bueller?
There seems to be a lot of plans and talk of plans, yet nothing has eventuated. Yet...
Regards
Hi Probably lack of hardware? I'm sure the openSUSE developers would be happy to receive one or more of these.... http://www.h-online.com/open/news/item/Aldi-PC-becomes-first-retail-PC-with-... I've been building gummiboot on OBS; http://www.h-online.com/open/news/item/Gummiboot-is-an-EFI-boot-loader-that-... Have you seen this? http://blog.hansenpartnership.com/uefi-secure-boot/ -- Cheers Malcolm °¿° (Linux Counter #276890) SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 3.0.34-0.7-default up 5 days 21:29, 2 users, load average: 1.98, 2.03, 2.06 CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 04/08/12 10:57, Malcolm wrote:
On Sat, 04 Aug 2012 10:26:42 +1000 Chris Jones
wrote: On 04/08/12 08:40, M. Edward (Ed) Borasky wrote:
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means Windows 8 devices will appear on store shelves as soon as the makers can build them, test them and ship them. There's going to be a humongous marketing push from Microsoft to get them into the hands of as many people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan. Attachmate / openSUSE? Bueller? Bueller?
There seems to be a lot of plans and talk of plans, yet nothing has eventuated. Yet...
Regards
Hi Probably lack of hardware?
I'm sure the openSUSE developers would be happy to receive one or more of these.... http://www.h-online.com/open/news/item/Aldi-PC-becomes-first-retail-PC-with-...
I've been building gummiboot on OBS; http://www.h-online.com/open/news/item/Gummiboot-is-an-EFI-boot-loader-that-...
Have you seen this? http://blog.hansenpartnership.com/uefi-secure-boot/
I guess once more hardware becomes available, more will come to light. Regards -- Chris Jones @ kernel.devproject@gmail.com also on oracle.kerneldev@gmail.com and netbsd.kerneldev@gmail.com Ubuntu 12.04 (PC)|Android (Smartphone)|Windows 7 (Laptop)|Windows XP (Gaming) Linux kernel developer|Solaris kernel developer|BSD kernel developer|Lead Developer of SDL|Lead Developer of Nest Linux|Gamer and Emulator nut|Web Services|Digital Imaging Services Controllers: Rapier V2 Gaming mouse|Logitech Precision|PS3 controller|XB360 controller|Logitech Attack 3 j/stick Emulators: Fusion|Gens|ZSNES|Project64|PCSX-R|Stella|WinVICE|WinUAE|DOSBox -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 08/04/2012 12:40 AM, M. Edward (Ed) Borasky wrote:
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means Windows 8 devices will appear on store shelves as soon as the makers can build them, test them and ship them. There's going to be a humongous marketing push from Microsoft to get them into the hands of as many people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan. Attachmate / openSUSE? Bueller? Bueller?
:-(
Sorry, my colleagues have been working not only on a plan but also on verifying that it actually can work ;). I'll start a new thread now and will forward something, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
participants (17)
-
Andreas Jaeger
-
Andrew Joakimsen
-
Basil Chupin
-
Bryen M Yunashko
-
Carlos E. R.
-
Carlos E. R.
-
Chris Jones
-
Greg Freemyer
-
Jim Henderson
-
Larry Finger
-
M. Edward (Ed) Borasky
-
Malcolm
-
Marcus Meissner
-
Michael Chang
-
Per Jessen
-
Ricardo Chung
-
Tim Serong