1. I don't think that MS is *happy* - I think that probably they were shocked that their plan to block Linux on desktop showed up to be so easy to mitigate - only $99 was neededHead_on_a_Stick wrote:Then why are Microsoft happy to provide their signing keys to Linux distributions? There is a fee but it's set to $99 so they're not really making any money from it.Bloom wrote:The main reason for SecureBoot was not to increase security (at least not what we understand as "security"): the intention was to ensure that computers would not boot Linux anymore.
Secure Boot was introduced in an attempt to compensate for the massive added attack surface provided by the UEFI standard.
Any discussion about Secure Boot is off-topic for this thread so please open a new one to discuss the issues further. Thanks.
2. SecureBoot does not fix or compensate anything - modified bootloaders can also be signed - of course, this requires root privileges - but how it is different from writing to MBR in the BIOS era?.
Nope, it's not a problem with GRUB - the UEFI GRUB has to be loaded from EFI partition first, so unless the RAID driver is build into UEFI itself, You can't boot *any* of RAID-based systems directly.p.H wrote:I guess you mean software Linux RAID ? AFAICS GRUB is the culprit, not UEFI.LE_746F6D617A7A69 wrote:I wonder when (if ever) we'll see an update for broken UEFI specs - what a moron have released a standard which breaks booting from RAID arrays?
This obviously breaks *ALL* the software raids, f.e. based on md, lvm or btrfs, but also it causes problems with some HW Raid controllers due to notorious bugs in UEFI firmware.