First UEFI PlugFest for Linuxers

After the 3 days dedicated to LinuxCon US 2013 in New Orleans, it was time to contribute to the UEFI Plugfest organized for the first time as a co-located event.

So what is a UEFI plugfest ? Well it’s a place where hardware manufacturers and software producers meet to check the compatibility of their implementations with regards to UEFI. So Every hardware manufacturer brings some systems, sometimes early units or prototypes, and try them with the latest operating systems available to find out potential issues, some other bring cards to see whether their UEFI driver works fine on computer manufacturer and operating system producers want to try their latest version on these often brand new systems.

UEFI PlugFest

I think it was a brilliant idea to mix the 2 populations for multiple reasons:

  • UEFI members were for sure impressed by the technical knowledge floating around, and employed in such an open fashion, which is not the standard way of working of this standard body.
  • Linux kernel members could exchange with manufacturer representatives of UEFI systems which definitely helped reducing all the FUD around this technology, in particular Secure Boot. They also had the opportunity to test some not yet available hardware platform to ensure their distributions/drivers/tools were working fine or fix them if that wasn’t the case

UEFI PlugFest - Samer El-Haj-Mahmoud, HP

So in the HP area, under the lead of Dong Wei who is UEFI Forum Vice President and HP Fellow, we tried with 2 colleagues various Linux distributions (and even Windows, but not me !) on the 4 systems that were around. And some findings were interesting !

UEFI PlugFest - Dong Wei, HP

  • Debian 7.1 had grub issue at boot and we were not able to install it
  • Mageia 3 has no UEFI support yet and we were not able to install it easily. However, support is planned for Mageia 4, and some info have been published recently to detail how to perform UEFI based installation.
  • Ubuntu 13.10 provides all what is needed to install in a UEFI compliant environment, thanks to their documentation. We were also able to test SecureBoot with success with their version of Matthew Garrett‘s shim bootloader, signed by Microsoft. They are also working on an interesting tool: FWTS aka Firmware Test Suite, which should be adopted by all distributions IMHO in order to have (for once !) a single tool able to perform firmware compliance tests for a Linux environment. Easy to use, pretty comprehensive, reports lots of useful info. Too bad that they are not providing their certification tools online anymore :-(
  • OpenSUSE 12.3+ again has what is needed for UEFI support. Same mechanism with a shim bootloader, but this time signed multiple times by Microsoft and SUSE. However, this requires a more recent implementation of the UEFI specification, which wasn’t the case on all our system during this event. SUSE provides in particular an excellent documentation on UEFI support, including the possibility to sign its own kernel with pesign in order to use it with SecureBoot.
  • Fedora 19 provides mostly all what is needed. Install worked in UEFI mode without problem. We used the updated version of the shim and shim-unsigned packages from Fedora 20 in order to avoid some issues. However, the multisign issue met with OpenSUSE was also encountered here. More over, Fedora doesn’t provide a good documentation yet for signing your own kernel, which was reported upstream and could benefit from this article. Also the usage of mokutil is broken and should be fixed for Fedora 20.
  • UEFI PlugFest - Samer El-Haj-Mahmoud, HP

    We also got visited by two Kernel Maintainers Greg Kroah-Hartman and James Bottomley who even tried some of his tools on our systems.
    UEFI PlugFest - James Bottomley, Parallels - Neill Kapron, HP

    Note that Some USB keys even correctly formated didn’t boot correctly on some platforms so if you encounter this issue, try using another USB key.

    Finally I made some tries with MondoRescue on the Last Fedora distribution installed. I thought the work done to support EFI on Itanium would be sufficient, but there are some detection problems for the boot loader in mindi need to be solved and are now tracked upstream as well.

    And on top of all what I was able to learn working with my 3 colleagues, I was pointed to a very instructive article from Ken Thomson on Trusting Trust, I hadn’t read before (and I encourage you to read it), following discussions on Secure Boot. And we had a very nice dinner downtown, a walk through Bourbon Street
    Bourbon Street

    followed by a real air of New Orleans Jazz.
    DSC_8789

    That was the end of a very rich US week. More to come on other more recent travels later.

    Tags: , , , , , , , , , , , , ,

4 Responses to “First UEFI PlugFest for Linuxers”

  1. brunocornec Says:

    The UEFI forum announed that the future ACPI specifications will happen in the UEFI Forum. Cf: http://www.businesswire.com/news/home/20131029005610/en

    Quote: “Transferring the ACPI specs to the UEFI Forum is favorable to the Linux community,” said Grant Likely, technical architect at Linaro and device tree subsystem maintainer. “In particular, we believe the participation of open-source developers is critical to bringing ACPI onto new classes of platforms and devices.”

  2. brunocornec Says:

    BTW Thomas Backlund started a UEFI howto for Mageia in this thread on the devel mailing list: http://article.gmane.org/gmane.linux.mageia.devel/29876

  3. Day 4 at Linux.conf.au | Bruno Cornec's Blog Says:

    […] are indeed supporting pretty well Secure Boot on UEFI, as I was able to test myelf during the UEFI Plugfest we had last year. Matthew posed more questions in fact than he gave answers around security: What […]

  4. Mageia 4 on time for Fosdem but … | Bruno Cornec's Blog Says:

    […] job done by the Mageia team and lots of good apps in this new version, including OpenStack and UEFI ! Enjoy and try it. It’s really worth it […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

Join 100 other followers

%d bloggers like this: