So what is a UEFI plugfest ? Well it’s a place where hardware manufacturers and software producers meet to check the compatibility of their implementations with regards to UEFI. So Every hardware manufacturer brings some systems, sometimes early units or prototypes, and try them with the latest operating systems available to find out potential issues, some other bring cards to see whether their UEFI driver works fine on computer manufacturer and operating system producers want to try their latest version on these often brand new systems.
I think it was a brilliant idea to mix the 2 populations for multiple reasons:
- UEFI members were for sure impressed by the technical knowledge floating around, and employed in such an open fashion, which is not the standard way of working of this standard body.
- Linux kernel members could exchange with manufacturer representatives of UEFI systems which definitely helped reducing all the FUD around this technology, in particular Secure Boot. They also had the opportunity to test some not yet available hardware platform to ensure their distributions/drivers/tools were working fine or fix them if that wasn’t the case
So in the HP area, under the lead of Dong Wei who is UEFI Forum Vice President and HP Fellow, we tried with 2 colleagues various Linux distributions (and even Windows, but not me !) on the 4 systems that were around. And some findings were interesting !
- Debian 7.1 had grub issue at boot and we were not able to install it
- Mageia 3 has no UEFI support yet and we were not able to install it easily. However, support is planned for Mageia 4, and some info have been published recently to detail how to perform UEFI based installation.
- Ubuntu 13.10 provides all what is needed to install in a UEFI compliant environment, thanks to their documentation. We were also able to test SecureBoot with success with their version of Matthew Garrett‘s shim bootloader, signed by Microsoft. They are also working on an interesting tool: FWTS aka Firmware Test Suite, which should be adopted by all distributions IMHO in order to have (for once !) a single tool able to perform firmware compliance tests for a Linux environment. Easy to use, pretty comprehensive, reports lots of useful info. Too bad that they are not providing their certification tools online anymore😦
- OpenSUSE 12.3+ again has what is needed for UEFI support. Same mechanism with a shim bootloader, but this time signed multiple times by Microsoft and SUSE. However, this requires a more recent implementation of the UEFI specification, which wasn’t the case on all our system during this event. SUSE provides in particular an excellent documentation on UEFI support, including the possibility to sign its own kernel with pesign in order to use it with SecureBoot.
- Fedora 19 provides mostly all what is needed. Install worked in UEFI mode without problem. We used the updated version of the shim and shim-unsigned packages from Fedora 20 in order to avoid some issues. However, the multisign issue met with OpenSUSE was also encountered here. More over, Fedora doesn’t provide a good documentation yet for signing your own kernel, which was reported upstream and could benefit from this article. Also the usage of mokutil is broken and should be fixed for Fedora 20.
Note that Some USB keys even correctly formated didn’t boot correctly on some platforms so if you encounter this issue, try using another USB key.
Finally I made some tries with MondoRescue on the Last Fedora distribution installed. I thought the work done to support EFI on Itanium would be sufficient, but there are some detection problems for the boot loader in mindi need to be solved and are now tracked upstream as well.
And on top of all what I was able to learn working with my 3 colleagues, I was pointed to a very instructive article from Ken Thomson on Trusting Trust, I hadn’t read before (and I encourage you to read it), following discussions on Secure Boot. And we had a very nice dinner downtown, a walk through Bourbon Street
That was the end of a very rich US week. More to come on other more recent travels later.