Today the keynotes were dedicated to Openness and Hardware. The first was from a company, Makerbot, which spoke a lot about Openness, but that I saw more as trying to sell their 3D printers, rather then anything else😦 I even learned later from an attendee that they even tend to block innovation with their patents ! So maybe the LinuxFoundation should take care of not “giving” opportunity to such actors to speak to an Open Source audience if their state of mind is nearer from the closed source business. Having a community sharing 3D design doesn’t sound sufficient to me.
The second keynote was on the topic that even is 3D printing is such a hype at the moment, disallowed people still have a hard time finding useful prothesis, modern ones, les expensive ones, or building their own. I really encourage you to listen to Jonathan Kuniholm (the keynote doesn’t seem to be online, but TED provides one very similar). This was puzzling for me to see how few technology is helping people like him😦 So I think that if you have time, you should look at helping his initiative at openprosthetics.org/ rather than inventing yet another piece of software just because the existing one doesn’t happen to please you.
Finally we had the “usual” IBM keynote, showing how Linux on Power was great, and presenting the foundation built around it. But if you look at uses cases, you see that most of them are academics, where probably the hardware was given so it weakened the talk IMO. Of course, I’m working for a competitor, so I’m not completely neutral here. Anyway having a portable Linux is extremely important, but I think it will reveal its capabilities on x86 (well it has of course!) or ARM. It had on Itanium or Sparc or Power (Linux can enable them) but the problem is that market doesn’t want such high-end platforms anymore, as they were representing a closed approach even if that has changed since. Openness is what allows mass distribution today (in processors as those mentionned, or software as Android and hopefully Linux on the desktop ;-))
After the break, I passed my day in the UEFI mini-Summit. The goal was different from last year PlugFest during LinuxCon. Instead of targetting developers, the goal was to expain the technology to potential and existing Linux sysadmin or devops. And I think it went pretty well with regards to demystifying how UEFI works woith Linux, including SecureBoot and brought back the discussion at a technical level rather than an emotional one.
An introduction talk by Dong Wei, HP served as positioning the UEFI Forum, the various groups in it (with the inclusion of ACPI), the history of UEFI, current status, and helped put everybody at the same level.
After that we had a (always too short IMO) round table were the audience was given the possibility to ask questions to the panelists. And there were very tough questions asked around the usefulness of UEFI, the lockdown brough by SecureBoot, … and everytime clear and honets answers were given showing why UEFI is useful, why SecureBoot help increasing Linux security without restricting users possibilties and control over their platform. All in all a lot of myths were just addressed during that Q&A session which was really interactive.
After that, we had more formal presentations:
- UEFI Secure Boot – Strengthening the Chain of Trust – Jeff Bobzin, Insyde Software & Kevin Lane, HP
This session was mainly about how Secureboot is working from a technology perspective, and the various solutions existing with Linux and its boot loaders to use it, benefit from it as it really increase security by providing a chain of trust from firmware up to the kernel+intrd booted, with either standard UEFI keys or its own ones.
- UEFI Test Tools for Linux Developers – Brian Richardson, Intel & Alex Hung, Canonical
This session was on FWTS from Canonical which provides a UEFI firmware and ACPI test suite, used alot by manufacturers to check the conformity of their platform with the UEFI and ACPI specifications. Chipsec and LuvOS were also covered which provides other areas of test with regards to respectively security and an integrated Linux distribution calling all these tools and more, both developed by Intel.
- Building ARM Servers with UEFI and ACPI – Dong Wei, HP & Roy Franz, Linaro
This session was to give a status on UEFI support for ARM architecture, and was pretty interesting for me as I had no clue on where we are on this domain. And it seems they are catching up with Intel Architecture now and should be at parity very soon. ACPI is still less advanced, but will be there for ARM servers as requested by customers, whereas device tree will probably remain what will be used on nn server platforms.
- Self-signing the Linux Kernel (the hobbyist approach) – Zach Bobroff, AMI
This last session was IMHO the best of the serie, because it was demo oriented (and I like demos !) and more over, it just worked !! The goal was to show how to register its own key used to sign its own kernel with SecureBoot, and rebooting a machine with and without key loaded to demonstrate the increased security brought by that mechanism. Was very clear and illustrative of what was described during the first session of the mini-Summit by Jeff and Kevin. Zach did an excellent job explaining each step and provided great details on how all that works, and finally showed to the audience that we shouldn’t be afraid of the feature, because we have the possibility with the shim bootloade to use our own keys without issue.
You can listen to all these presentations at the UEFI web site. And I think it’s worth doing so for those who still have questions on the SecureBoot topic, as it will enlighten you and remove and barrier you may still see there.
The event was then over, so it was time to benefit from my speaker gift, which was the possibility to use a boat and have a cruise around Chicago, which I did with Dong and it was a very good idea from the organizers to offer that gift. Hope the pictures will give ou a good idea of how we enjoyed it.