25 Jun
2012
25 Jun
'12
05:43
So what was the decision/end result with the UEFI situation? Where does
OpenSUSE stand with the situation?
Regards
--
Chris Jones @ kernel.devproject(a)gmail.com
and oracle.kerneldev(a)gmail.com
OpenSUSE Linux x86_64 (PC)|Android (Smartphone)|Windows 7 (Laptop)|Windows XP (Gaming)
Linux kernel developer|Solaris kernel developer|Lead Developer of SDL|Lead Developer of
Nest Linux
Gamer and Emulator nut|Web Services|Digital Imaging Services
Controllers: Rapier V2 Gaming mouse|Logitech Precision|PS3 controller|XB360
controller|Logitech Attack 3 j/stick
Emulators: Fusion|Gens|ZSNES|Project64|PCSX-R|Stella|WinVICE|WinUAE|DOSBox
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
25 Jun
25 Jun
15:50
On Monday, June 25, 2012 14:43:41 Chris Jones wrote:
So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
Btw. it's openSUSE - always with a small "o".
There's no decision yet from openSUSE.
A couple of guys are looking into the whole situation - not only from an
openSUSE perspective but also looking what to do for SUSE Linux
Enterprise. They seem to like the Fedora approach but nothing is decided
yet,
Andreas
--
Andreas Jaeger aj(a){suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
26 Jun
26 Jun
05:01
2012/6/25 Andreas Jaeger <aj(a)suse.com>om>:
On Monday, June 25, 2012 14:43:41 Chris Jones wrote:
As one of the guys AJ mentioned who is working on the issue, I could
tell that two basic principles for openSUSE
1. We will not enroll KEKs to firmware (for openSUSE)
The reason is that openSUSE is an open and free distribution and
hosted by community. It's not an commercial distribution that sell on
market on OEM products. Enrolling KEK really conflicts the nature of
openSUSE, which should encourage distribute of the distribution, not
restrict it or even lock down the to the systems with on SUSE keys
installed. Also enrolling the keys requires some degree of partnership
with OEM and working with IBV for the solution, which is not open and
not possible for communities to participate.
2. Be equal or friendly with other distribution
That means the solution has to align with what most other distribution
be able to choose and would allow co-operate with them. This implies
the windows signing service would be used as it's an fair offer for
all with a universal key installed. Until there's another signing
authority recommended by uefi forum, this is the only possible way to
go.
I think the decision would be Fedroa's proposed solution, that is we
have a first stage bootloader signed by Microsoft signing service and
a second stage bootloader signed by us, thus we can avoid to integrate
Ms signing process to our infrastructure (OBS or whatever) as it's
painful (a *real living person* is involved to authenticate) and we
still have flexibilities for signing our bootlo.
About the kernel and kernel modules signing, it's still in discussing,
at least in the summit 2012. We have to watch it closely as it could
be a complementary technology to secure boot, However my **personal**
opinion is that the authentication happens after ExitBootService()
should be considered mandate and should be up to the OSV to decide (as
we already leave the pre-boot environment which UEFI secure boot tends
to protect) .
Beside, ** I ** am thinking to provide better flexibilities to
Redhat's solutions. We based on it and made some changes that
we|communities think we should add, by means of a layer (1.5 stage
bootloader) between 1st and 2nd stage. Not sure it's feasible or
doable so far.
bootloader 1 (signed by MS) -> bootloader 1.5 (developed and signed by
SUSE) -> bootloader 2 (allow signed by user, whatever any bootloader
is allowed)
2. distro default loader choice, grub2 or other bsd loaders which
would impose little license issue
3. more freedom to user, for example they could sign their own
bootloader (if their certificate could placed in ESP or in UEFI
variable to feed to 1.5 loader)
3. other *measure boot* technology like TPM be integrate to replace
the auth happens in 1.5.
4. multiboot with other distribution's efi, if they are signed and
certs are in place.
Above are stayed as a thoughts of myself and I'd like to know anyone's
thinking about it .. I will continue in investigating it and hope that
it makes sense to work on such direction.
Thanks,
Michael
So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
Btw. it's openSUSE - always with a small "o".
There's no decision yet from openSUSE.
A couple of guys are looking into the whole situation - not only from an
openSUSE perspective but also looking what to do for SUSE Linux
Enterprise. They seem to like the Fedora approach but nothing is decided
yet,
Andreas
--
Andreas Jaeger aj(a){suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
06:13
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang <mchang(a)suse.com> wrote:
As one of the guys AJ mentioned who is working on the
issue, I could
tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution
That means the solution has to align with what most other distribution
be able to choose and would allow co-operate with them. This implies
the windows signing service would be used as it's an fair offer for
all with a universal key installed. Until there's another signing
authority recommended by uefi forum, this is the only possible way to
go.
The Fedora proposal, presumably blessed by Red Hat, seems radically
different from the Ubuntu proposal, presumably blessed by Canonical.
So is there a "middle ground" between the two that would be friendly
to both?
I think the decision would be Fedroa's proposed
solution, that is we
have a first stage bootloader signed by Microsoft signing service and
a second stage bootloader signed by us, thus we can avoid to integrate
Ms signing process to our infrastructure (OBS or whatever) as it's
painful (a *real living person* is involved to authenticate) and we
still have flexibilities for signing our bootlo.
I'm a big fan of simplicity - as in "do the simplest thing that will
work". There are an awful lot of "moving parts" here. There's the
firmware, the boot-sector-resident code, the rest of the bootloader,
the initrd and the kernel just to get to the point where all the other
miscellaneous code running as a privileged user gets into RAM. After
*that* is all accomplished, *then* all the userspace stuff can happen.
[snip]
Is there a way to eliminate a few layers of complexity? Operating
systems are supposed to be *simple*. Linus has complained about
"bloat", I know, but the hardware keeps getting better and things like
a provably secure microkernel running Linux as a guest aren't as
farfetched on a 2012-vintage quad-core x86_64 as they were on a 386.
--
Twitter: http://twitter.com/znmeb Computational Journalism Server
http://j.mp/compjournoserver
Data is the new coal - abundant, dirty and difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
07:19
2012/6/26 M. Edward (Ed) Borasky <znmeb(a)znmeb.net>et>:
[snip]
> I'm a big fan of simplicity - as in
"do the simplest thing that will
> work". There are an awful lot of "moving parts" here. There's
the
> firmware, the boot-sector-resident code, the rest of the bootloader,
> the initrd and the kernel just to get to the point where all the other
> miscellaneous code running as a privileged user gets into RAM. After
> *that* is all accomplished, *then* all the userspace stuff can happen.
To me the most simplicity is do nothing, yeah this could be an option
if you ask me for it. Ask user who want to run free distribution to
disable secure boot is not entirely a bad idea, if you agree they
should suffer from the decision made by the monopoly company and go
protest it. :/
I think what the distribution is thinking and doing is a way to
circumvent the situation, it's not an regular procedure who really
wants secure boot technology but who wants to have the system "just
work". So it looks pretty ugly and redundancy and whatever.
Frankly there's not so many moving parts IMHO, we don't care about the
initrd and kernel at this moment because when they are loaded and
executed, the UEFI Boot Service ended (aka they are not running in
pre-boot contect) also there's no boot sector as UEFI boot protocol
not requires it. :)
> [snip]
> Is there a way to eliminate a few layers of
complexity? Operating
> systems are supposed to be *simple*. Linus has complained about
> "bloat", I know, but the hardware keeps getting better and things like
> a provably secure microkernel running Linux as a guest aren't as
> farfetched on a 2012-vintage quad-core x86_64 as they were on a 386.
I could understand and don't want to introduce the extra layers to
mess things further, this is why I think that's my personal idea and
not decided.
The complexity is because we want support on secure boot and not
restrict the bootloader to be SUSE-blessed. We can't make the change
on the first stage because it should be simple and bug free, neither
is the second stage as it's distribution specific so only introducing
a 1.5 layer is possible.
But I think *not running blessed bootloader" itself will have problem
as it contradict the *chian-of-trust* design of secure boot (sign).
> --
> Twitter: http://twitter.com/znmeb Computational Journalism Server
> http://j.mp/compjournoserver
> Data is the new coal - abundant, dirty and
difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
<mchang(a)suse.com> wrote:
By reading ubuntu's plan for download version I believe it's similar
with fedora's, except these difference:
1. Kenerl and kernel module signing is not required
2. They choose efilinx (bsd licensed) as default boot loader as gplv2
licensed would have potential law infringement if not publish private
key and it's certificate would be revoked by MS
For preload or Ubuntu certificated machines it would require firmware
to enroll their KEKS, but this should not compared with Fedora as it's
vertically integrated product with OEM selling for profit and not the
case for openSUSE as well.
So I think for open & free download distributions, use microsoft
signed first stage tiny bootloader to load self signed distribution's
bootloader could be a consent.
As one of the guys AJ mentioned who is working on
the issue, I could
tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution
That means the solution has to align with what most other distribution
be able to choose and would allow co-operate with them. This implies
the windows signing service would be used as it's an fair offer for
all with a universal key installed. Until there's another signing
authority recommended by uefi forum, this is the only possible way to
go.
The Fedora proposal, presumably blessed by Red Hat, seems radically
different from the Ubuntu proposal, presumably blessed by Canonical.
So is there a "middle ground" between the two that would be friendly
to both? 
07:43
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
<mchang(a)suse.com> wrote:
I am now wondering if this whole thing may be just an unnecessary PITA
caused by yet another MS stumble.
Like all "empires" which must come to an end at some point, I wonder if
this is the beginning of the end for one certain behemoth?:
http://www.zdnet.com/blog/open-source/has-microsoft-opened-the-door-to-the-…
[......]
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 and kernel 3.4.3 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
As one of the guys AJ mentioned who is working on
the issue, I could
tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution
That means the solution has to align with what most other distribution
be able to choose and would allow co-operate with them. This implies
the windows signing service would be used as it's an fair offer for
all with a universal key installed. Until there's another signing
authority recommended by uefi forum, this is the only possible way to
go.
The Fedora proposal, presumably blessed by Red Hat, seems radically
different from the Ubuntu proposal, presumably blessed by Canonical.
So is there a "middle ground" between the two that would be friendly
to both? 
07:56
On 06/26/2012 04:43 PM, Basil Chupin wrote:
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
It probably is a PITA, but boot process attacks do exist - see for
example
http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats
- so this is not just security theatre. It's also worth having a read
of couple more of mjg's posts:
"No, really, secure boot does add security"
http://mjg59.dreamwidth.org/2012/06/14/
"The security of Secure Boot"
http://mjg59.dreamwidth.org/12897.html
Regards,
Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
tserong(a)suse.com
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
<mchang(a)suse.com> wrote:
I am now wondering if this whole thing may be just an unnecessary PITA
caused by yet another MS stumble. As one of the guys AJ mentioned who is working on
the issue, I could
tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution
That means the solution has to align with what most other distribution
be able to choose and would allow co-operate with them. This implies
the windows signing service would be used as it's an fair offer for
all with a universal key installed. Until there's another signing
authority recommended by uefi forum, this is the only possible way to
go.
The Fedora proposal, presumably blessed by Red Hat, seems radically
different from the Ubuntu proposal, presumably blessed by Canonical.
So is there a "middle ground" between the two that would be friendly
to both? 
09:59
Tim Serong wrote:
On 06/26/2012 04:43 PM, Basil Chupin wrote:
http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
It probably is a PITA, but boot process attacks do exist - see for
example
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
<mchang(a)suse.com>
wrote:
I am now wondering if this whole thing may be just an unnecessary
PITA caused by yet another MS stumble. As one of the guys AJ mentioned who is working on
the issue, I
could tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution
That means the solution has to align with what most other
distribution be able to choose and would allow co-operate with
them. This implies the windows signing service would be used as
it's an fair offer for all with a universal key installed. Until
there's another signing authority recommended by uefi forum, this
is the only possible way to go.
The Fedora proposal, presumably blessed by Red
Hat, seems radically
different from the Ubuntu proposal, presumably blessed by Canonical.
So is there a "middle ground" between the two that would be friendly
to both? - so this is not just security theatre.
We're probably going OT, but one can't help wondering if the risk of the
above is severe enough to warrant the combined UEFI effort - inventing
it, spec'ing it and the Linux communities' effort in working with or
around it.
I tend to side with Basil here - this is not just about security.
Follow-ups to opensuse-offtopic please.
--
Per Jessen, Zürich (19.8°C)
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
11:03
2012/6/26 Tim Serong <tserong(a)suse.com>om>:
It probably is a PITA, but boot process attacks do exist - see for
example
I agree with matthew and UEFI secure boot could provide protect at
preboot. The question is it really a need for consumer product?
assuming we all working in Nation Defense Department and will really
appreciate this functionality?
I think it would be fine for all of us if it's a default disabled
feature, and SUSE could focus on the solution who really want this
feature enabled on the products like server or preload machines .. the
ms signing, first and second stage bootloader are aiming to get the
distro boot up from this default shipped status in sake of better user
experience, which is a bit twisted to the real purpose of secure boot
IMHO.
Regards,
Michael
http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats
- so this is not just security theatre. It's also worth having a read
of couple more of mjg's posts:
"No, really, secure boot does add security"
http://mjg59.dreamwidth.org/2012/06/14/
"The security of Secure Boot"
http://mjg59.dreamwidth.org/12897.html
Regards,
Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
tserong(a)suse.com
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
14:17
On 06/26/2012 08:03 PM, Michael Chang wrote:
2012/6/26 Tim Serong <tserong(a)suse.com>om>:
I agree that it would be most straightforward if this were disabled by
default and those who want it could turn it on. If most hardware comes
like that, maybe we can forget about the whole thing :) But I worry
about new hardware with Win8 pre-installed and this thing enabled, so,
my personal opinion is as follows (sorry Per, I still think this is on
topic, at least to frame some thoughts).
1) Speaking very generally:
* UEFI secure boot helps security "somehow" (I think this has been
described well enough elsewhere).
* There will be some people who actually care and/or want it, and some
who don't care and/or don't want it.
2) Speaking more specifically:
* On x86 hardware (with the ability to disable secure boot), some people
will want it turned on, some people will want it turned off, and some
people won't know what to do with it at all and/or won't know it exists
until it bites them.
* On Win8 logo ARM hardware, it will always be on, so it doesn't matter
what anybody wants, we're stuck with it.
3) Speaking even more specifically, it seems to me that the users we
(openSUSE) have to care about are:
* x86 hardware, for users who:
* know what it is, and want it.
* don't know what it is, and/or don't want it, and don't know how to
turn it off (think: new users, who without secure boot support may
not even be able to *try* openSUSE on new win8 hardware).
* ARM hardware, if we support ARM (I'd guess the people working on the
openSUSE ARM port will want this at some point, if secure boot can't be
disabled by the user).
The only users we don't need to worry about are the ones who don't want
it, and who know how to turn it off. That's probably most of the people
participating in this thread :)
Disclaimer: I'm not actually involved in writing any code to support
this thing. Please accept my apologies for that - it's been a long time
since I hacked on anything even remotely resembling a boot loader...
Regards,
Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
tserong(a)suse.com
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
It probably is a PITA, but boot process attacks do exist - see for
example
I agree with matthew and UEFI secure boot could provide protect at
preboot. The question is it really a need for consumer product?
assuming we all working in Nation Defense Department and will really
appreciate this functionality?
I think it would be fine for all of us if it's a default disabled
feature, and SUSE could focus on the solution who really want this
feature enabled on the products like server or preload machines .. the
ms signing, first and second stage bootloader are aiming to get the
distro boot up from this default shipped status in sake of better user
experience, which is a bit twisted to the real purpose of secure boot
IMHO. 
27 Jun
27 Jun
01:09
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday, 2012-06-26 at 23:17 +1000, Tim Serong wrote:
...
The only users we don't need to worry about are
the ones who don't want
it, and who know how to turn it off. That's probably most of the people
participating in this thread :)
There is one detail you forget: double booting with Win 8, which has been
said will not boot if the feature is disabled⁽¹⁾. This would require to
enable/disable the feature in Bios, then choosing one or another system in
grub. Tedious.
(1) Not verified.
- --
Cheers,
Carlos E. R.
(from 11.4 x86_64 "Celadon" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAk/qTzMACgkQtTMYHG2NR9XSvgCdEUyYuP1p2j50Mk//fVfMeVRa
zqMAn3wNZWh0usCjJOdanxcqfWK5Ex2h
=uQRp
-----END PGP SIGNATURE-----
01:15
New subject: [opensuse-project] Re: UEFI situation
On Wed, 27 Jun 2012 02:09:23 +0200 (CEST)
"Carlos E. R." <carlos.e.r(a)opensuse.org>
wrote:
On Tuesday, 2012-06-26 at 23:17 +1000, Tim Serong wrote:
...
Hi
AFAIK you can boot windows 8 in 'untrusted' mode, which is what I
assume would be a user who uses older hardware without secure boot
present but UEFI capabilities.
--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 3.0.34-0.7-default
up 5:12, 2 users, load average: 0.40, 0.63, 0.58
CPU Intel i5 CPU M520(a)2.40GHz | Intel Arrandale GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
The only users we don't need to worry about
are the ones who don't
want it, and who know how to turn it off. That's probably most of
the people participating in this thread :)
There is one detail you forget: double booting with Win 8, which has
been said will not boot if the feature is disabled⁽¹⁾. This would
require to enable/disable the feature in Bios, then choosing one or
another system in grub. Tedious.
(1) Not verified.
- --
Cheers,
Carlos E. R.
(from 11.4 x86_64 "Celadon" at Telcontar)
08:52
2012/6/26 Tim Serong <tserong(a)suse.com>om>:
On 06/26/2012 08:03 PM, Michael Chang wrote:
> 2012/6/26 Tim Serong <tserong(a)suse.com>om>:
>>
[snip]
I agree that it would be most straightforward if this were disabled by
default and those who want it could turn it on. If most hardware comes
like that, maybe we can forget about the whole thing :) But I worry
about new hardware with Win8 pre-installed and this thing enabled, so,
my personal opinion is as follows (sorry Per, I still think this is on
topic, at least to frame some thoughts).
1) Speaking very generally:
* UEFI secure boot helps security "somehow" (I think this has been
described well enough elsewhere).
* There will be some people who actually care and/or want it, and some
who don't care and/or don't want it.
2) Speaking more specifically:
* On x86 hardware (with the ability to disable secure boot), some people
will want it turned on, some people will want it turned off, and some
people won't know what to do with it at all and/or won't know it exists
until it bites them.
* On Win8 logo ARM hardware, it will always be on, so it doesn't matter
what anybody wants, we're stuck with it.
3) Speaking even more specifically, it seems to me that the users we
(openSUSE) have to care about are:
* x86 hardware, for users who:
* know what it is, and want it.
Probably such user have to wait a while, considering they want a key
in firmware to have the full secure boot feature, and enjoy same
experience on Windows, something may have to be done or happen.
Note some case is for free download distribution. IMHO they are.
1. The complementary technology on linux boot path is implemented,
that is bootloader authenticate with kernel and initrd, and kernel
authenticate with loaded kernel module. The entire security mechanism
is disabled when secure boot disable. Otherwise it may not a real
secure "system" solution because the entire boot path is untrusted
after bootloader finishes. (think Window has Winqual which only load
trusted module). Matthew's blog has good explanation for this topic.
2. The UEFI tools for signing driver and key management (for ex,
manipulating authenticated variable to write signature database) are
mature and up-streamed. All distributions could leverage and support
secure boot on their own (and on their will). Otherwise the system is
still consider locked by those who is able to work with OEM on
providing the solution and most free distribution is not suppose able
to do that.
3. OEM welcome keys from free distribution, even they couldn't provide
any warranty to them. And would like to put efforts on communicating
,or even more, test and verify the key could work.
If above condition could satisfied, I think it's time to enroll key
for openSUSE. :) Or any good timing we could consider as feasible?
* don't know what it is, and/or don't want
it, and don't know how to
turn it off (think: new users, who without secure boot support may
not even be able to *try* openSUSE on new win8 hardware).
The currently discussion solution is aiming for such category of user
I think, they may even be scared by the warning message pops when
disabling secure boot. :)
Thanks,
Michael
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
14:51
On Tue, Jun 26, 2012 at 6:03 AM, Michael Chang <mchang(a)suse.com> wrote:
2012/6/26 Tim Serong <tserong(a)suse.com>om>:
The REAL reason why this is implemented is because currently Windows 7
can be pirated with a hacked bootloader. Therefore this UEFI secure
boot will in theory render that "attack" impossible.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
It probably is a PITA, but boot process attacks do exist - see for
example
I agree with matthew and UEFI secure boot could provide protect at
preboot. The question is it really a need for consumer product?
assuming we all working in Nation Defense Department and will really
appreciate this functionality?
28 Jun
28 Jun
10:21
Andrew Joakimsen wrote:
The REAL reason why this is implemented is because
currently Windows 7
can be pirated with a hacked bootloader. Therefore this UEFI secure
boot will in theory render that "attack" impossible.
In theory, impossible. Technically, not.
Just thought I should clear that up.
Cheers
--
Chris Jones @ kernel.devproject(a)gmail.com
also on oracle.kerneldev(a)gmail.com and netbsd.kerneldev(a)gmail.com
OpenSUSE Linux x86_64 (PC)|Android (Smartphone)|Windows 7 (Laptop)|Windows XP (Gaming)
Linux kernel developer|Solaris kernel developer|BSD kernel developer
Lead Developer of SDL|Lead Developer of Nest Linux|Gamer and Emulator nut|Web
Services|Digital Imaging Services
Controllers: Rapier V2 Gaming mouse|Logitech Precision|PS3 controller|XB360
controller|Logitech Attack 3 j/stick
Emulators: Fusion|Gens|ZSNES|Project64|PCSX-R|Stella|WinVICE|WinUAE|DOSBox
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
16:06
There is an interesting thread started by James Bottomley at
http://lkml.indiana.edu/hypermail/linux/kernel/1206.3/01710.html for those
interested in exploring secure UEFI booting but have no suitable hardware.
Larry
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
2 Jul
2 Jul
08:29
On 06/28/2012 05:06 PM, Larry Finger wrote:
There is an interesting thread started by James
Bottomley at
http://lkml.indiana.edu/hypermail/linux/kernel/1206.3/01710.html for
those interested in exploring secure UEFI booting but have no suitable
hardware.
Larry
There's a wiki page about this now:
http://en.opensuse.org/KVM/UEFI_Secure_boot_using_qemu-kvm
Andreas
--
Andreas Jaeger aj(a){suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
27 Jun
27 Jun
10:13
On 26/06/12 16:56, Tim Serong wrote:
On 06/26/2012 04:43 PM, Basil Chupin wrote:
As I earlier stated in another post, we have been booting our operating
systems, say openSUSE, for many years without any problems.
Yes, there is/was a setting in the BIOS which checks/checked for malware
in the boot sector. But if there was one, which operating system/systems
could suffer as a result of such malware? Not a Linux system is my
understanding.
But now an operating system which caused a multi-million secondary
industry to evolve to try and protect it from malware has suddenly come
up with a PITA procedure to try and protect itself from malware because
it hasn't the ability to write software which is immune to malware. So,
instead it comes up with this "uefi" crap which apparently affects EVERY
operating in the world.
And this is supposed to be "beneficial" to all computer systems/users!?
I think the bottom line here is that-
1. re those closed-source/proprietary operating systems, they don't have
bright enough programmers who are capable of putting together a system
which is secure; and
2. re the opensource systems, like openSUSE, are too reliant on the
efforts of "community" members to write code and then there is no
procedure in place which thoroughly examines the code before it is
included in a distro/s. The claim that Linux is secure because it is
opensource and can be examined by anyone is but a lame claim when
something is included as an update or upgrade but only examined at some
future date after the horse has bolted and has caused a meltdown (you
know what I mean).
I must be missing something here, and I readily admit that I do not have
the technical knowledge re this matter, but what is the good of booting
a system with all this "uefi" rubbish when there is then no real
security to install some file which has been written by some "community"
member and which has not gone thru a security check to see what exactly
it is trying to do?
Proprietary software like that produced by MS and Apple have well paid
programmers writing code and yet they come up with crap which is open to
hacking.
But openSUSE uses "community" members, and as Henne stated only days ago,
/quote
You do realize that we are an open source project and not your usual
software-sweat-shop right?
We as distro channel and integrate what all the FOSS projects and our
own contributors do out there. We don't direct resources, we feed of
what happens because an individual, a group or a company has an itch to
scratch.
/unquote
Is this "uefi" thingie mean that *EVERY* piece of software which is to
be installed on a system will require to be '"uefi"-compliant' before
it
will be installable so that the OS can be booted/rebooted with this
piece of software installed?
If not, then what is the good of going thru this "uefi" saga just to be
able to boot the *operating* *system* - but then allow later/subsequent
upgrades/updates to be installed without them being "uefi-compliant"? Or
is every piece of software going to be thoroughly examined as a separate
exercise to ensure that it contains no malware before it gets included
as part of, say, openSUSE update/upgrade?
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 and kernel 3.4.3 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
It probably is a PITA, but boot process attacks
do exist - see for
example
http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats
- so this is not just security theatre. It's also worth having a read
of couple more of mjg's posts:
"No, really, secure boot does add security"
http://mjg59.dreamwidth.org/2012/06/14/
"The security of Secure Boot"
http://mjg59.dreamwidth.org/12897.html
Regards,
Tim On Mon, Jun 25, 2012 at 9:01 PM, Michael
Chang<mchang(a)suse.com> wrote:
I am now wondering if this whole thing may be just an unnecessary PITA
caused by yet another MS stumble. As one of the guys AJ mentioned who is working on
the issue, I could
tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution
That means the solution has to align with what most other distribution
be able to choose and would allow co-operate with them. This implies
the windows signing service would be used as it's an fair offer for
all with a universal key installed. Until there's another signing
authority recommended by uefi forum, this is the only possible way to
go.
The Fedora proposal, presumably blessed by Red Hat, seems radically
different from the Ubuntu proposal, presumably blessed by Canonical.
So is there a "middle ground" between the two that would be friendly
to both?
3 Jul
3 Jul
05:17
On Wed, Jun 27, 2012 at 07:13:22PM +1000, Basil Chupin wrote:
On 26/06/12 16:56, Tim Serong wrote:
>On 06/26/2012 04:43 PM, Basil Chupin wrote:
>>On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
>>>On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang<mchang(a)suse.com>
wrote:
>>>
[snip]
Is this "uefi" thingie mean that *EVERY*
piece of software which is
to be installed on a system will require to be '"uefi"-compliant'
before it will be installable so that the OS can be booted/rebooted
with this piece of software installed?
It's not uefi, but microsoft windows 8 logo requirement program. The
technology itself is neutral and if used properly, it could benefit
people who really wants it. However Microsoft renders it to
"restricted boot" is not a problem of uefi, I would consider it as
victim since many peopler mis-understand it. :)
Basil, you would be interested in looking this
"Free Software Foundation recommendations for free operating system
distributions considering Secure Boot "
https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/whitepaper-web
The recommanded solution for operation system in terms of supporting
uefi secureboot.
==
1) fully supporting user-generated keys, including providing tools and
full documentation for booting and installing both modified and
official versions of the distribution using this method;
2) using a GPLv3-covered bootloader to help protect users against the
dangers of Restricted Boot;
3) avoiding requiring or encouraging users to trust Microsoft or any
company which makes proprietary software; and
4) joining the FSF and the broader free software movement in
pressuring computer distributors to facilitate easy and independent
installation of free software operating systems on any computer.
==
Apparently the recommendations did not encourage free distribution
to adopt neither Fedora nor Ubuntu's process, each has it's own
defect in FSF's point of view.
I could say the real situration is much *worse* than what FSF's
comprehend. And that's why free distribution are struggling in
figurint out solution that could circumvent the situration. We can't
change it and we see no light. :(
1) is simply not possible for now. As user-generated key means the
chain-of-trust rooted on user (otherwise it's exploitable) but not
OEM manufacturer. OEM support it means it can't satisfy microsoft logo
requirement. And I also don't think for consumer product OEM would
like to ship this feature because it's real need is few, and it's
really big burden for them, for example, in terms of support user and
in inventing their new factory|production process. (As I know the
platform key is enrolled during production process ( to make sure it's
secure .. lol) and it's one-way-only to turn from setup mode to user mode,
it can turn back to setup mode unless you refresh your rom entirely
2) Per FSF's suggestion free distribution did not have to be in charge
of the responsibilty of gplv3, it's hardware manufacturer as they are
the distributer of software. Even though this is true, we still can't
use grub2 because *OEM manufacturer will request to not to use gplv3 loader,
as they don't want to expose on potential law suit either". Otherwise
they will not accept your key .. quite irony fate to us.
3) Not possible, in current situration Microsoft Key is common in all
firmware and that's the major reason why OEM are working to support secure
boot => To get a Windows key in their machine that could run Win 8.
4) yes. :)
Regards,
Michael
If not, then what is the good of going thru this "uefi" saga just to
be able to boot the *operating* *system* - but then allow
later/subsequent upgrades/updates to be installed without them being
"uefi-compliant"? Or is every piece of software going to be
thoroughly examined as a separate exercise to ensure that it
contains no malware before it gets included as part of, say,
openSUSE update/upgrade?
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 and kernel 3.4.3 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
05:48
On Tue, Jul 3, 2012 at 12:17 AM, Michael Chang <mchang(a)suse.com> wrote:
2) using a GPLv3-covered bootloader to help protect
users against the
dangers of Restricted Boot
Some may argue then the operating system must be licensed through a
GPL copyleft license? Or is there a consensus the GPL v3 bootloader
can load any operating system without an issue?
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
06:42
New subject: [opensuse-project] Re: UEFI situation
On Tue, 03 Jul 2012 00:48:36 -0400, Andrew Joakimsen wrote:
On Tue, Jul 3, 2012 at 12:17 AM, Michael Chang
<mchang(a)suse.com> wrote:
I don't think that could be a requirement, otherwise Windows would have
to be GPL licensed as well (or GRUB would have to be made intentionally
incompatible with chainloading), wouldn't it?
Seems it would be extremely unlikely (and unreasonable) for the GRUB
authors to try to push the GPL3 to any OS that might be booted with GRUB.
Jim
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
2) using a GPLv3-covered bootloader to help
protect users against the
dangers of Restricted Boot
Some may argue then the operating system must be licensed through a GPL
copyleft license? Or is there a consensus the GPL v3 bootloader can load
any operating system without an issue?
06:54
New subject: [opensuse-project] Re: UEFI situation
The Free Software Foundation has very little leverage here. Only
actual customers spending or not spending actual currency have any
leverage. For example, if the US Federal Government would cancel major
hardware purchases because the machines could not run Linux, there
would be change.
--
Twitter: http://twitter.com/znmeb Computational Journalism Server
http://j.mp/compjournoserver
Data is the new coal - abundant, dirty and difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
07:13
New subject: [opensuse-project] Re: UEFI situation
On Mon, Jul 02, 2012 at 10:54:21PM -0700, M. Edward (Ed) Borasky wrote:
The Free Software Foundation has very little leverage
here. Only
actual customers spending or not spending actual currency have any
leverage. For example, if the US Federal Government would cancel major
hardware purchases because the machines could not run Linux, there
would be change.
Or the other way round, they would cancel linux purchase as they can't
support secure boot as such Government deal the security is a major
concern.
I know this sounds pathetic as they are blinded by the marketing term
which not really reflect the dark, but that's possible to happen so we'll
still need FSF here to get more people understand.
Like the term "restricted boot" they use be recognized by the
public.
Thanks,
Michael
--
Twitter: http://twitter.com/znmeb Computational Journalism Server
http://j.mp/compjournoserver
Data is the new coal - abundant, dirty and difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
06:53
On Tue, Jul 03, 2012 at 12:48:36AM -0400, Andrew Joakimsen wrote:
On Tue, Jul 3, 2012 at 12:17 AM, Michael Chang
<mchang(a)suse.com> wrote:
I think later is correct, my opinion is GPL should not exert on loaded
operating system.
But I may be wrong due to I'm not familar with that either.
Thanks,
Michael
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
2) using a GPLv3-covered bootloader to help
protect users against the
dangers of Restricted Boot
Some may argue then the operating system must be licensed through a
GPL copyleft license? Or is there a consensus the GPL v3 bootloader
can load any operating system without an issue? 
25 Jun
25 Jun
16:12
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones wrote:
So what was the decision/end result with the UEFI
situation? Where does
OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but
otherwise nothing was finalized.
Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
16:16
On Mon, 2012-06-25 at 17:12 +0200, Marcus Meissner wrote:
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones
wrote:
Is there an expected target date for when such a solution might be
decided upon? (Whatever the ultimate solution will be.) I guess
primarily the question would also be, which openSUSE release will likely
have the UEFI solution?
Bryen
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
So what was the decision/end result with the UEFI
situation? Where does
OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but
otherwise nothing was finalized.
Ciao, Marcus
16:25
On Mon, Jun 25, 2012 at 10:16:32AM -0500, Bryen M Yunashko wrote:
On Mon, 2012-06-25 at 17:12 +0200, Marcus Meissner
wrote:
I have not heard of any target date, so "No".
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris
Jones wrote:
Is there an expected target date for when such a solution might be
decided upon? (Whatever the ultimate solution will be.) So what was the decision/end result with the UEFI
situation? Where does
OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but
otherwise nothing was finalized.
Ciao, Marcus I guess
primarily the question would also be, which openSUSE release will likely
have the UEFI solution?
It is too late for 12.2 I would say, so the next one after (likely named 13.1)
should be it.
Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
16:50
On Monday, June 25, 2012 10:16:32 AM Bryen M Yunashko wrote:
On Mon, 2012-06-25 at 17:12 +0200, Marcus Meissner
wrote:
Sure not before openSUSE 12.3. The way UEFI+SecureBoot will impact other than
Windows 8 operating systems will be certainly known after the next 6 months.
The ARM architecture is the critical one (Windows Logo Certification
specification forbid to disable SecureBoot ). Other like x86 architecture
might be flexible (including a way to disable the SecureBoot option).
In the meantime, another option than Fedora+RedHat have decided is not visible
shortly.
The more we know about the UEFI+SecureBoot and boot requirements process will
increase our chances to propose another approach.
Regards,
--
Ricardo Chung | Panama
Linux & FOSS Ambassador
openSUSE Projects
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris
Jones wrote:
Is there an expected target date for when such a solution might be
decided upon? (Whatever the ultimate solution will be.) I guess
primarily the question would also be, which openSUSE release will likely
have the UEFI solution? So what was the decision/end result with the UEFI
situation? Where
does
OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but
otherwise nothing was finalized.
Ciao, Marcus
19:54
On Mon, Jun 25, 2012 at 8:50 AM, Ricardo Chung <amon0.thoth1(a)gmail.com> wrote:
Sure not before openSUSE 12.3. The way UEFI+SecureBoot
will impact other than
Windows 8 operating systems will be certainly known after the next 6 months.
The ARM architecture is the critical one (Windows Logo Certification
specification forbid to disable SecureBoot ). Other like x86 architecture
might be flexible (including a way to disable the SecureBoot option).
In the meantime, another option than Fedora+RedHat have decided is not visible
shortly.
The more we know about the UEFI+SecureBoot and boot requirements process will
increase our chances to propose another approach.
Canonical / Ubuntu just announced their approach. I don't remember the
details, but it was different from Red Hat / Fedora's and involved
replacing GRUB2 as the bootloader because the GPL wouldn't allow what
the Ubuntu team proposes. Personally, I think the fewer GPL components
a system has, the better, but I'm not in a position to impose that on
others. ;-)
--
Twitter: http://twitter.com/znmeb Computational Journalism Server
http://j.mp/compjournoserver
Data is the new coal - abundant, dirty and difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
22:49
On Monday, June 25, 2012 11:54:57 AM M. Edward Borasky wrote:
Edward,
You are right. Ubuntu is planning their own deployment on Ubuntu OEM by
replacing Grub2 with "Intel's efilinux"
(http://www.h-online.com/open/news/item/Canonical-details-Ubuntu-UEFI-Secure-
Boot-plans-1624444.html)
https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html
I would dare to say this is more reactive than anything else to generate the
general opinion.
Regards,
--
Ricardo Chung | Panama
Linux & FOSS Ambassador
openSUSE Projects
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Mon, Jun 25, 2012 at 8:50 AM, Ricardo Chung
<amon0.thoth1(a)gmail.com>
wrote:
Sure not
before openSUSE 12.3. The way UEFI+SecureBoot will impact other
than Windows 8 operating systems will be certainly known after the next
6 months. The ARM architecture is the critical one (Windows Logo
Certification specification forbid to disable SecureBoot ). Other like
x86 architecture might be flexible (including a way to disable the
SecureBoot option).
In the meantime, another option than Fedora+RedHat have decided is not
visible shortly.
The more we know about the UEFI+SecureBoot and boot requirements process
will increase our chances to propose another approach.
Canonical / Ubuntu just announced their approach. I don't remember the
details, but it was different from Red Hat / Fedora's and involved
replacing GRUB2 as the bootloader because the GPL wouldn't allow what
the Ubuntu team proposes. Personally, I think the fewer GPL components
a system has, the better, but I'm not in a position to impose that on
others. ;-)
23:37
On Mon, Jun 25, 2012 at 2:49 PM, Ricardo Chung <amon0.thoth1(a)gmail.com> wrote:
On Monday, June 25, 2012 11:54:57 AM M. Edward
Borasky wrote:
Edward,
You are right. Ubuntu is planning their own deployment on Ubuntu OEM by
replacing Grub2 with "Intel's efilinux"
(http://www.h-online.com/open/news/item/Canonical-details-Ubuntu-UEFI-Secure-
Boot-plans-1624444.html)
https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html
I would dare to say this is more reactive than anything else to generate the
general opinion.
Regards,
--
Ricardo Chung | Panama
Linux & FOSS Ambassador
openSUSE Projects
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
I'm not at all impressed with either GRUB2 of the behavior traits of
certain FSF folks. ;-)
--
Twitter: http://twitter.com/znmeb Computational Journalism Server
http://j.mp/compjournoserver
Data is the new coal - abundant, dirty and difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Mon, Jun 25, 2012 at 8:50 AM, Ricardo Chung
<amon0.thoth1(a)gmail.com>
wrote:
Sure not
before openSUSE 12.3. The way UEFI+SecureBoot will impact other
than Windows 8 operating systems will be certainly known after the next
6 months. The ARM architecture is the critical one (Windows Logo
Certification specification forbid to disable SecureBoot ). Other like
x86 architecture might be flexible (including a way to disable the
SecureBoot option).
In the meantime, another option than Fedora+RedHat have decided is not
visible shortly.
The more we know about the UEFI+SecureBoot and boot requirements process
will increase our chances to propose another approach.
Canonical / Ubuntu just announced their approach. I don't remember the
details, but it was different from Red Hat / Fedora's and involved
replacing GRUB2 as the bootloader because the GPL wouldn't allow what
the Ubuntu team proposes. Personally, I think the fewer GPL components
a system has, the better, but I'm not in a position to impose that on
others. ;-)
23:36
On Monday, June 25, 2012 11:54:57 AM M. Edward Borasky wrote:
This was written today on IT World: "openSUSE still searching for UEFI, Secure
Boot solution" (http://www.itworld.com/it-managementstrategy/282286/opensuse-
still-searching-uefi-secure-boot-solution)
Regards,
--
Ricardo Chung | Panama
Linux & FOSS Ambassador
openSUSE Projects
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Mon, Jun 25, 2012 at 8:50 AM, Ricardo Chung
<amon0.thoth1(a)gmail.com>
wrote:
Sure not
before openSUSE 12.3. The way UEFI+SecureBoot will impact other
than Windows 8 operating systems will be certainly known after the next
6 months. The ARM architecture is the critical one (Windows Logo
Certification specification forbid to disable SecureBoot ). Other like
x86 architecture might be flexible (including a way to disable the
SecureBoot option).
In the meantime, another option than Fedora+RedHat have decided is not
visible shortly.
The more we know about the UEFI+SecureBoot and boot requirements process
will increase our chances to propose another approach.
Canonical / Ubuntu just announced their approach. I don't remember the
details, but it was different from Red Hat / Fedora's and involved
replacing GRUB2 as the bootloader because the GPL wouldn't allow what
the Ubuntu team proposes. Personally, I think the fewer GPL components
a system has, the better, but I'm not in a position to impose that on
others. ;-) 
17:03
On Mon, Jun 25, 2012 at 11:12 AM, Marcus Meissner <meissner(a)suse.de> wrote:
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris Jones
wrote:
I hope all 3 constituencies are considered in their evaluation:
1) SLES
2) openSUSE
3) SuseStudio
Greg
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
So what was the decision/end result with the UEFI
situation? Where does
OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but
otherwise nothing was finalized.
Ciao, Marcus
19:35
New subject: [opensuse-project] Re: UEFI situation
On Mon, 25 Jun 2012 12:03:12 -0400, Greg Freemyer wrote:
On Mon, Jun 25, 2012 at 11:12 AM, Marcus Meissner
<meissner(a)suse.de> wrote:
OBS probably needs to as well, since it can be/is used to build kernel
packages.
Jim
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris
Jones wrote:
I hope all 3 constituencies are considered in their evaluation:
1) SLES 2) openSUSE 3) SuseStudio So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but otherwise
nothing was finalized.
Ciao, Marcus
19:39
New subject: [opensuse-project] Re: UEFI situation
On Mon, Jun 25, 2012 at 06:35:32PM +0000, Jim Henderson wrote:
On Mon, 25 Jun 2012 12:03:12 -0400, Greg Freemyer
wrote:
If we model this after the Fedora model, where the kernel is supposed to
be signed, then this will be hard to do.
In that model we will certainly not allow a random OBS kernel build to
be officially signed.
Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Mon, Jun 25, 2012 at 11:12 AM, Marcus
Meissner
<meissner(a)suse.de> wrote:
OBS probably needs to as well, since it can be/is used to build kernel
packages. On Mon, Jun 25, 2012 at 02:43:41PM +1000, Chris
Jones wrote:
I hope all 3 constituencies are considered in their evaluation:
1) SLES 2) openSUSE 3) SuseStudio So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
I talked to AJ and information currently is:
There is no final decision nor an end result.
Some SUSE engineers are working on UEFI secure boot, but otherwise
nothing was finalized.
Ciao, Marcus
19:47
New subject: [opensuse-project] Re: UEFI situation
On 06/25/2012 01:39 PM, Marcus Meissner wrote:
If we model this after the Fedora model, where the
kernel is supposed to
be signed, then this will be hard to do.
In that model we will certainly not allow a random OBS kernel build to
be officially signed.
Agreed, but I would certainly want something upstream from the kernel satisfy
the signed requirement. Those of us that do kernel development need to generate
our own kernels.
Larry
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
19:55
New subject: [opensuse-project] Re: UEFI situation
On Mon, Jun 25, 2012 at 01:47:51PM -0500, Larry Finger wrote:
On 06/25/2012 01:39 PM, Marcus Meissner wrote:
For these purposes the secure mode of the UEFI x86 BIOS is supposed to
be disable-able.
Ciao, Marcs
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
If we model this after the Fedora model, where
the kernel is supposed to
be signed, then this will be hard to do.
In that model we will certainly not allow a random OBS kernel build to
be officially signed.
Agreed, but I would certainly want something upstream from the kernel
satisfy the signed requirement. Those of us that do kernel development need
to generate our own kernels.
19:56
New subject: [opensuse-project] Re: UEFI situation
On Mon, Jun 25, 2012 at 11:47 AM, Larry Finger
<Larry.Finger(a)lwfinger.net> wrote:
On 06/25/2012 01:39 PM, Marcus Meissner wrote:
Have either Linus Torvalds or the FSF weighed in on the Ubuntu
proposal, which features ditching GRUB2 as the bootloader?
If we model this after the Fedora model, where the kernel is supposed to
be signed, then this will be hard to do.
In that model we will certainly not allow a random OBS kernel build to
be officially signed.
Agreed, but I would certainly want something upstream from the kernel
satisfy the signed requirement. Those of us that do kernel development need
to generate our own kernels.
Larry
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
--
Twitter: http://twitter.com/znmeb Computational Journalism Server
http://j.mp/compjournoserver
Data is the new coal - abundant, dirty and difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
20:03
New subject: [opensuse-project] Re: UEFI situation
On Mon, 25 Jun 2012 20:39:06 +0200, Marcus Meissner wrote:
Yes, that could prove difficult - probably what would need to happen is
there be a function added to allow someone building a kernel to provide
their own signing key (at least).
Jim
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
OBS probably
needs to as well, since it can be/is used to build kernel
packages.
If we model this after the Fedora model, where the kernel is supposed to
be signed, then this will be hard to do.
In that model we will certainly not allow a random OBS kernel build to
be officially signed.
17 Jul
17 Jul
07:08
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On 25/06/12 14:43, Chris Jones wrote:
So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject
was from Jim Henderson on 26 June.
Any progress report from anyone on this most important matter?
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
08:38
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On 07/17/2012 08:08 AM, Basil Chupin wrote:
On 25/06/12 14:43, Chris Jones wrote:
Seems you're missing quite a few emails. The latest were from the 3rd of
July. Michael Chang and others are looking for a solution here,
Andreas
--
Andreas Jaeger aj(a){suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject
was from Jim Henderson on 26 June.
20 Jul
20 Jul
11:31
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On 17/07/12 17:38, Andreas Jaeger wrote:
On 07/17/2012 08:08 AM, Basil Chupin wrote:
Gosh, you are absolutely right, Andreas.
Sorry about that.
I will need to check the settings in my Thunderbird. Now that you have
mentioned it, I can see those posts dated 3 July - but they are way up
in the middle of the thread and not at the end (as in date order).
OK, but even so, 17 days after that post from Michael, any further news?
Can one expect some sort of progress report on the matter?
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On 25/06/12 14:43, Chris Jones wrote:
Seems you're missing quite a few emails. The latest were from the 3rd
of July. Michael Chang and others are looking for a solution here,
Andreas So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject
was from Jim Henderson on 26 June.
14:00
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On 20/07/12 20:31, Basil Chupin wrote:
On 17/07/12 17:38, Andreas Jaeger wrote:
Andreas, I have tried to have a look at what may be going on with the
messages from Michael Chang (and others) but I give up.
I simply don't have any longer the inclination nor patience to go
figuring out what the heck the message Headers contain :-( . In one
message Michael posts using Mutt and with the Return address of
opensuse-bounce and in another he posts using using Mutt with a Return
address of novell.com. And yet in another he posts as
"mchang.novell(a)gmail.com".com".
Here is a screen grab of the thread under discussion, and you can see
where his posts are located. I have configured Thunderbird to sort the
posts by date, by received, by order received and they all end up
looking the same as on the screen grab.
The screen grab is here:
http://picpaste.com/mchang-XbeiLp3p.png
OK, I'll just have to be more careful in the future about looking at the
dates when messages were posted.
Sorry "for the noise".
[..............]
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On 07/17/2012 08:08 AM, Basil Chupin wrote:
Gosh, you are absolutely right, Andreas.
Sorry about that.
I will need to check the settings in my Thunderbird. Now that you have
mentioned it, I can see those posts dated 3 July - but they are way up
in the middle of the thread and not at the end (as in date order). On 25/06/12 14:43, Chris Jones wrote:
Seems you're missing quite a few emails. The latest were from the 3rd
of July. Michael Chang and others are looking for a solution here,
Andreas So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject
was from Jim Henderson on 26 June. 
14:27
New subject: [opensuse-project] missed posts [Was: UEFI situation - ANY PROGRESS?]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2012-07-20 15:00, Basil Chupin wrote:
OK, I'll just have to be more careful in the
future about looking at the dates when
messages were posted.
Sorry "for the noise".
In thunderbird I sort by date, threaded, and I collapse all threads using the
"\" key. This
way, when I see a non-bold, underlined post, I know that it is one that I started to read
and
has unread posts.
And if the added post is new, the thread will be at the bottom of the window, easily
visible.
It is difficult then to miss those posts.
- --
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 "Celadon" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlAJXNYACgkQIvFNjefEBxpNYwCgxGsne3FsHZ7mz8pdJaDbiZk4
ocsAnRTEWxa00gmllzRZPvVQEjQ09bdh
=IzR6
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
21 Jul
21 Jul
07:24
New subject: [opensuse-project] missed posts [Was: UEFI situation - ANY PROGRESS?]
On 20/07/12 23:27, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2012-07-20 15:00, Basil Chupin wrote:
I have the messages sorted by
"whichever way but loose": left to right,
right to left, top to bottom, bottom to top, outside in, inside in......
You get the picture :-) . (Actually, the sort order is
Date>Ascending>Threaded.)
What you say is correct PROVIDED that you check your mail and,
especially, if you check a folder (such as opensuse-project) on a
*daily* basis - which I don't always get the chance to do, and certainly
didn't do so in this case.
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
OK, I'll just have to be more careful in the
future about looking at the dates when
messages were posted.
Sorry "for the noise".
In thunderbird I sort by date, threaded, and I
collapse all threads using the "\" key. This
way, when I see a non-bold, underlined post, I know that it is one that I started to read
and
has unread posts.
And if the added post is new, the thread will be at the bottom of the window, easily
visible.
It is difficult then to miss those posts.
08:35
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On 17/07/12 17:38, Andreas Jaeger wrote:
On 07/17/2012 08:08 AM, Basil Chupin wrote:
I just came across this. Of any use?-
http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-p…
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On 25/06/12 14:43, Chris Jones wrote:
Seems you're missing quite a few emails. The latest were from the 3rd
of July. Michael Chang and others are looking for a solution here,
Andreas So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject
was from Jim Henderson on 26 June.
18:26
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
To summarize:
Either there has been no progress, or there has been progress and it
has happened behind closed doors as far as this mailing list is
concerned. Is that correct? ;-)
On Sat, Jul 21, 2012 at 12:35 AM, Basil Chupin <blchupin(a)iinet.net.au> wrote:
On 17/07/12 17:38, Andreas Jaeger wrote:
--
Twitter: http://twitter.com/znmeb Computational Journalism Studio
http://j.mp/CompJournStudio
Data is the new coal - abundant, dirty and difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On 07/17/2012 08:08 AM, Basil Chupin wrote:
I just came across this. Of any use?-
http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-p…
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On 25/06/12 14:43, Chris Jones wrote:
Seems you're missing quite a few emails. The latest were from the 3rd of
July. Michael Chang and others are looking for a solution here,
Andreas
So what was the decision/end result with the UEFI situation? Where
does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject
was from Jim Henderson on 26 June.
23 Jul
23 Jul
07:11
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On 22/07/12 03:26, M. Edward (Ed) Borasky wrote:
To summarize:
Either there has been no progress, or there has been progress and it
has happened behind closed doors as far as this mailing list is
concerned. Is that correct? ;-)
Well, it may be correct. But, on the other hand, it may not be correct.
The situation is being examined and the decision as to whether there has
been or has not been progress will be, probably, disclosed when it is
better known if there has been or has not been any progress.
(BTW, I have been wondering where I have seen the letters "EFI" before -
and I found them this morning at the car park, appearing on the side of
a car; "EFI", of course, stands for Electronic Fuel Injection.
Now we can expect copyright/trademark/patent wars breaking out over the
use of "EFI"!
Holey Moley! We may be living in interesting times soon :-) !)
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.5-1 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
04:23
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On Sat, Jul 21, 2012 at 05:35:48PM +1000, Basil Chupin wrote:
On 17/07/12 17:38, Andreas Jaeger wrote:
Thanks, we had been use it (OVMF) built from James's project in
verfying the bootloader signing results. :)
The current progress is we successfully walking through the process
below.
1. create/generate PK/KEK key pairs
2. create/generate our own key pairs, say SUSE_KEY
3. enroll PKpub, KEKpub in setup mode, enable secure boot
4. build the stub loader (shim) with embedded SUSE_KEYpub
public key certifcate.
5. sign shim with KEKpriv
6. sign bootloader (elilo and grub2) with SUSE_KEYpriv
7. verify signed shim could run in secure boot enabled
8. verify signed bootloaer could run in secure boot enabled
9. verffy any unsigned images cannot run in secure boot enabled
10. verify any unsigned images could run in secure boot disabled
PS. Both sign tools, pesign and sbsign, are used in above process and
verified to work.
If you interested in more detail, below is the wiki page created for
the procedure.
http://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools
http://en.opensuse.org/openSUSE:UEFI_Secure_boot_using_qemu-kvm
I've tried to collect the relevant packages in my obs project
https://build.opensuse.org/project/show?project=home%3Amichael-chang%3AUEFI
And if you want to try building the OVMF from scratch, this wiki page
may be useful.
http://en.opensuse.org/SDB:UEFI_EDK2_Build_Howto_On_openSUSE12_1
Sorry the information is not consolidated well, we are still working
on it.
Thanks to people who involves in this topic (esp for James, Gary and
Joey).
Thanks,
Michael
On 07/17/2012 08:08 AM, Basil Chupin wrote:
I just came across this. Of any use?-
http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-p…
On 25/06/12 14:43, Chris Jones wrote:
Seems you're missing quite a few emails. The latest were from the
3rd of July. Michael Chang and others are looking for a solution
here,
Andreas So what was the decision/end result with the UEFI
situation? Where
does OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject
was from Jim Henderson on 26 June.
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
07:18
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On 23/07/12 13:23, Michael Chang wrote:
[............]
Thank you Michael for the update.
But may I please make a suggestion that people be kept informed by posts
either in this list and/or the general help list and when final
decision(s) are made in all including the Announce list?
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.5-1 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Sat, Jul 21, 2012 at 05:35:48PM +1000, Basil Chupin
wrote:
[........]
I just came
across this. Of any use?-
http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-p…
Thanks, we had been use it (OVMF) built from James's project in
verfying the bootloader signing results. :)
The current progress is we successfully walking through the process
below.
07:54
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On Mon, Jul 23, 2012 at 04:18:13PM +1000, Basil Chupin wrote:
On 23/07/12 13:23, Michael Chang wrote:
[............]
Thank you Michael for the update.
But may I please make a suggestion that people be kept informed by
posts either in this list and/or the general help list and when
final decision(s) are made in all including the Announce list?
Sure. of course no problem. :)
Thanks,
Michael
On Sat, Jul 21, 2012 at 05:35:48PM +1000, Basil
Chupin wrote:
[........]
I just
came across this. Of any use?-
http://www.zdnet.com/linux-developers-working-on-windows-uefi-secure-boot-p…
Thanks, we had been use it (OVMF) built from James's project in
verfying the bootloader signing results. :)
The current progress is we successfully walking through the process
below.
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.5-1 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
3 Aug
3 Aug
23:40
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means Windows
8 devices will appear on store shelves as soon as the makers can build
them, test them and ship them. There's going to be a humongous
marketing push from Microsoft to get them into the hands of as many
people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan. Attachmate
/ openSUSE? Bueller? Bueller?
:-(
On Mon, Jul 16, 2012 at 11:08 PM, Basil Chupin <blchupin(a)iinet.net.au> wrote:
On 25/06/12 14:43, Chris Jones wrote:
--
Twitter: http://twitter.com/znmeb Computational Journalism Studio
http://j.mp/CompJournStudio
Data is the new coal - abundant, dirty and difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
So what was the decision/end result with the UEFI situation? Where does
OpenSUSE stand with the situation?
Regards
Chris asked this question on 25 June, and the last post on this subject was
from Jim Henderson on 26 June.
Any progress report from anyone on this most important matter?
BC
--
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
4 Aug
4 Aug
01:26
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On 04/08/12 08:40, M. Edward (Ed) Borasky wrote:
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means Windows
8 devices will appear on store shelves as soon as the makers can build
them, test them and ship them. There's going to be a humongous
marketing push from Microsoft to get them into the hands of as many
people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan. Attachmate
/ openSUSE? Bueller? Bueller?
There seems to be a lot of plans and talk of plans, yet nothing has
eventuated. Yet...
Regards
--
Chris Jones @ kernel.devproject(a)gmail.com
also on oracle.kerneldev(a)gmail.com and netbsd.kerneldev(a)gmail.com
Ubuntu 12.04 (PC)|Android (Smartphone)|Windows 7 (Laptop)|Windows XP (Gaming)
Linux kernel developer|Solaris kernel developer|BSD kernel developer|Lead Developer of
SDL|Lead Developer of Nest Linux|Gamer and Emulator nut|Web Services|Digital Imaging
Services
Controllers: Rapier V2 Gaming mouse|Logitech Precision|PS3 controller|XB360
controller|Logitech Attack 3 j/stick
Emulators: Fusion|Gens|ZSNES|Project64|PCSX-R|Stella|WinVICE|WinUAE|DOSBox
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
01:57
New subject: [opensuse-project] Re: UEFI situation - ANY PROGRESS?
On Sat, 04 Aug 2012 10:26:42 +1000
Chris Jones <chrisjones(a)spin.net.au> wrote:
On 04/08/12 08:40, M. Edward (Ed) Borasky wrote:
Hi
Probably lack of hardware?
I'm sure the openSUSE developers would be happy to receive one or more
of these....
http://www.h-online.com/open/news/item/Aldi-PC-becomes-first-retail-PC-with…
I've been building gummiboot on OBS;
http://www.h-online.com/open/news/item/Gummiboot-is-an-EFI-boot-loader-that…
Have you seen this?
http://blog.hansenpartnership.com/uefi-secure-boot/
--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 3.0.34-0.7-default
up 5 days 21:29, 2 users, load average: 1.98, 2.03, 2.06
CPU Intel i5 CPU M520(a)2.40GHz | Intel Arrandale GPU
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means
Windows 8 devices will appear on store shelves as soon as the
makers can build them, test them and ship them. There's going to be
a humongous marketing push from Microsoft to get them into the
hands of as many people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan.
Attachmate / openSUSE? Bueller? Bueller?
There seems to be a lot of plans and talk of plans, yet nothing has
eventuated. Yet...
Regards
02:08
New subject: [opensuse-project] Re: UEFI situation - ANY PROGRESS?
On 04/08/12 10:57, Malcolm wrote:
On Sat, 04 Aug 2012 10:26:42 +1000
Chris Jones <chrisjones(a)spin.net.au> wrote:
I guess once more hardware becomes available, more will come to light.
Regards
--
Chris Jones @ kernel.devproject(a)gmail.com
also on oracle.kerneldev(a)gmail.com and netbsd.kerneldev(a)gmail.com
Ubuntu 12.04 (PC)|Android (Smartphone)|Windows 7 (Laptop)|Windows XP (Gaming)
Linux kernel developer|Solaris kernel developer|BSD kernel developer|Lead Developer of
SDL|Lead Developer of Nest Linux|Gamer and Emulator nut|Web Services|Digital Imaging
Services
Controllers: Rapier V2 Gaming mouse|Logitech Precision|PS3 controller|XB360
controller|Logitech Attack 3 j/stick
Emulators: Fusion|Gens|ZSNES|Project64|PCSX-R|Stella|WinVICE|WinUAE|DOSBox
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On 04/08/12 08:40, M. Edward (Ed) Borasky wrote:
Hi
Probably lack of hardware?
I'm sure the openSUSE developers would be happy to receive one or more
of these....
http://www.h-online.com/open/news/item/Aldi-PC-becomes-first-retail-PC-with…
I've been building gummiboot on OBS;
http://www.h-online.com/open/news/item/Gummiboot-is-an-EFI-boot-loader-that…
Have you seen this?
http://blog.hansenpartnership.com/uefi-secure-boot/
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means
Windows 8 devices will appear on store shelves as soon as the
makers can build them, test them and ship them. There's going to be
a humongous marketing push from Microsoft to get them into the
hands of as many people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan.
Attachmate / openSUSE? Bueller? Bueller?
There seems to be a lot of plans and talk of plans, yet nothing has
eventuated. Yet...
Regards
7 Aug
7 Aug
18:59
New subject: [opensuse-project] UEFI situation - ANY PROGRESS?
On 08/04/2012 12:40 AM, M. Edward (Ed) Borasky wrote:
Progress? Well ...
http://www.zdnet.com/windows-8-reaches-rtm-when-will-you-get-it-7000001984/
Microsoft has released Windows 8 to manufacturers. That means Windows
8 devices will appear on store shelves as soon as the makers can build
them, test them and ship them. There's going to be a humongous
marketing push from Microsoft to get them into the hands of as many
people as possible.
Red Hat / Fedora has a plan. Canonical / Ubuntu has a plan. Attachmate
/ openSUSE? Bueller? Bueller?
:-(
Sorry, my colleagues have been working not only on a plan but also on
verifying that it actually can work ;).
I'll start a new thread now and will forward something,
Andreas
--
Andreas Jaeger aj(a){suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
3337
days inactive
3380
days old
55 comments
17 participants
participants (17)
-
Andreas Jaeger -
Andrew Joakimsen -
Basil Chupin -
Bryen M Yunashko -
Carlos E. R. -
Carlos E. R. -
Chris Jones -
Greg Freemyer -
Jim Henderson -
Larry Finger -
M. Edward (Ed) Borasky -
Malcolm -
Marcus Meissner -
Michael Chang -
Per Jessen -
Ricardo Chung -
Tim Serong