Linux Foundation loader allows you to load any Linux distribution in UEFI Secure Boot mode.
Linux Foundation presented the boot loader can be used by any distributions that have no resources of its own assurance solutions key Microsoft.
Developer Kernel Linux, part of coordinating the technical committee Linux Foundation, James Bottomley reported that on February 6, Microsoft released a new universal downloader that lets you download any Linux distribution mode UEFI Secure Boot on computers that ship with Windows 8.
Note that Microsoft requires mandatory activation of the default mode secure boot UEFI, which blocks the loading of systems that do not have a certified digital signature, for certification of equipment to be compatible with Windows 8. Supply own key would require relevant approvals for listing in the firmware of each company engaged in assembling systems, which would have caused considerable organizational difficulties.
Linux Foundation presented the boot loader can be used by any distributions that have no resources of its own assurance solutions key Microsoft. Loader performs the first phase of loading, and then passes control to the boot loader staffing distribution to test its correctness by a checksum, which is stored in a special service area UEFI. Opportunity assurances only the primary boot without generating signatures for kernel and driver fits the requirements of the specification UEFI Secure Boot, because it protects the initial stage of the boot, before starting the kernel.
Available for download two key certified Microsoft EFI-component PreLoader.efi and HashTool.ef, in addition, provides the ability to boot systems with USB-drives. KeyTool.efi can be used while only his manual verification of the hash, due to implementation errors in one of the UEFI-platform that can bypass security restrictions UEFI.
It is worth noting that the loader proposed Linux Foundation, can be used in conjunction with more complex loaders, for example, Gummiboot, used to run a Linux mechanisms UEFI.
Linux Foundation loader intercepts UEFI function to verify the accuracy of the image and provide your own handler that checks for invariance kernel and user approval Gummiboot uses hashes instead of using validation keys.