Getting Linux to boot and install on PCs locked down with Windows 8’s UEFI (Unified Extensible Firmware Interface) Secure Boot is still a major headache. However, Matthew Garrett, a well-known Linux developer who’s been working on fixing the Secure Boot problem, has just released a working UEFI boot solution for Linux distributors. This should enable many more versions of Linux to run on Secure Boot-imprisoned PCs.
Garrett, formerly a Red Hat programmer and now a security developer at Nebula, an OpenStack private-cloud company, announced on November 30th that he was “pleased to say that a usable version of shim is now available for download. … This is intended for distributions that want to support secure boot but don’t want to deal with Microsoft.”
This approach is not the same as the one that Garrett devised for use with Fedora Linux. That approach uses a Fedora-specific key that’s based on a Microsoft/Verisign-supplied Secure Boot key.
While that meant dealing with Microsoft, it was as Garrett had written earlier, “Easy enough for us [Red Hat] to do, but not necessarily practical for smaller distributions.” It’s also, as The Linux Foundation has found, in its so-far failed attempts to obtain a universal Secure Boot key for Linux distributions, really not that easy at all.