Restructured bootloader allows any Linux version to be launched on PCs

James Bottomley has restructured Linux’s mini bootloader to allow any version to be launched on PCs with UEFI Secure Boot.

The boot loader’s development has been sponsored by the Linux Foundation. The revised version uses a different method to boot the more complex secondary bootloader.

This enables it to co-operate with Gummiboot, which was introduced in mid-2012. Gummiboot doesn’t load or start Linux itself like GRUB does, instead it accesses EFI mechanisms. This keeps its structure significantly less complex than that of GRUB.

But when Secure Boot is active, the approach requires other firmware-related mechanisms to verify the kernel before it is launched.

In a recent blog post, Bottomley says that as a consequence of this, Gummiboot doesn’t work with Shim or the original version of the Linux Foundation’s bootloader when Secure Boot is active. Further details can be found in the slides for a presentation given by Bottomley, a member of the Linux Foundation’s Technical Advisory Board.

In the presentation, he explains that the Linux kernel and the Gummiboot versions should not be verified via keys, and that user-authorised hash values should be used instead.

To provide the functionality, the new version uses some modification that is also part of an extension which was introduced by SUSE Linux developers and has since been integrated into Shim 0.2.

That extension allows Shim to store trusted code information in a MOKs (Machine Owner Keys) database.

According to Bottomley’s presentation slides, it takes a week or two for Microsoft to respond to bootloader submissions and provide a signature that is considered trustworthy by Secure Boot PCs.

This means that the difficulties Bottomley encountered when he tried to get an earlier version of his mini bootloader signed last autumn appear to have been eliminated.

Bottomley says that he submitted the revised version to be signed by Microsoft on January 21st, and that he hopes to receive a signed version shortly. The Linux Foundation plans to offer this signed version for download free of charge.

Shim contributor Matthew Garrett has recently also written a blog post on UEFI and Secure Boot. In that post, the developer provides some details about the issues that have caused Samsung notebooks to refuse to start at all after Linux was booted.

He also mentions a few flaws in the UEFI firmware of various Toshiba notebooks that result in the signatures of the Secure Boot-compatible Fedora 18 being considered invalid, which prevents the distribution from starting when Secure Boot is active.

In other Linux and open source news

For the past week or so, there’s been lots of rumors flying in the open source community that Microsoft might potentially invest in Dell, but a big question has since emerged– if such an investment would occur, will Dell still maintain its very close relationships with Red Hat, other Linux vendors and the open source community?

And there’s also another rumor– Dell could go private soon… In fact, it’s that rumor that triggered the other, as it often happens with rumors.

Other potential investors could include the private equity firm Silver Lake Partners, Michael Dell himself and a few others. If Microsoft injects a lot of its cash into Dell, the software company could strain relationships with Hewlett-Packard, Lenovo, Acer and other PC makers.

Acer has already been very critical of Microsoft’s Windows Surface RT and Surface Pro tablet launches. not to mention other reservations is already has against the company co-founded by Bill Gates.

But while all of this is happening, a Microsoft-Dell financial relationship could also have a ripple effect in the open source and Linux world. Dell is one of the top suppliers of servers running Red Hat Enterprise Linux and SUSE Linux. The company also has a close, ongoing relationship with Canonical, promoting Ubuntu Linux on PCs in emerging regions and also working with Canonical on cloud computing.

But Dell’s own public cloud could leverage OpenStack soon, the open source platform for launching infrastructure services. However, if Microsoft does invest privately in Dell, will the company founded by Michael Dell himself deemphasize or abandon its Linux and open source relationships?

We doubt it, especially when it comes to servers and cloud computing, one area that has always interested Microsoft and one that the software giant continues to invest in agressively.

But with or without Microsoft’s cash, Dell must still answer to its many customers. And enterprise customers will revolt if Dell somehow abandons or weakens its engagements with Red Hat and the other major Linux vendors. Even Microsoft has opened up to the cross-platform reality, allowing customers to run Linux in its Windows Azure cloud.

Still, other major server makers such as HP and IBM could wind up being the big open source winners if customers perceive that Microsoft has somehow undermined, however slightly, Dell’s Linux strategy.

On the PC and in the notebook markets, where Windows still rules over Linux in most regions, you could imagine Microsoft trying to inspire Dell to go all Windows, all the time. The question is, will it happen?

Even as Dell focuses more intensely on enterprise computing, the company still can’t overlook opportunities with Android, Google’s Chrome OS, Linux and other software used today in the rapidly growing mobile market.

In other Linux and open source news

Google says it has released a large chunk of code of its Cloud Platform to the open source community for the benefit of all.

However, just don’t connect the dots between the open source community, clouds and a big search engine company and assume that this is all about generosity.

Twitter and even Facebook may have offered some bits of production code here and there to the open source world in order that anyone can learn from their innovations.

Google has been especially a little more prosaic, offering what it calls starter projects that it hopes will help other developers get more out of its cloudy platform, which comprises the App Engine, BigQuery, Compute Engine, Cloud SQL, and Cloud Storage offerings.

“We will continue to add code repositories that clearly illustrate the solutions, such as the classic guest book app on Google App Engine,” the company said.

“And for good measure, you will soon see tools that will make your developer life easier, such as an Auth 2.0 helper,” Google added.

“You can quickly get your app running by forking any of our repositories and diving into your own code,” the company’s bloggers added.

And Google sure is hoping that the message gets through, because its Cloud Platform hasn’t exactly set the world on fire. Forrester’s James Staten recently said that Amazon Web Services has “has opened up a substantial lead in the cloud platforms market” and currently owns around 70 percent of the market.

The Forrester analyst says that both Google and Microsoft are big improvers, but also believes that emerging OpenStack-based means that increased competition can be expected.

Google doesn’t have natural access to the same number of developers as Microsoft, making efforts like this important if it is to grow its user base and achieve its long-held ambition to build substantial businesses beyond AdWords.

That business, while healthy, is also showing some signs of stress as revealed in the company’s results announcement yesterday.

But Google still remains a genius at giving away code to rake in big revenue later. The Cloud Platform code could repeat the trick again.

It will still be interesting to see how the open source community responds to this, and how soon it starts ‘kicking the tires’.

In other Linux and open source news

Over the past fifteen years, open source has had a strong corporate aspect to it, perhaps starting when IBM pledged to invest $1 billion on the Linux operating system more than 13 years ago. Despite the benefits of corporate funding of open-source software, some industry observers still question whether open source has become ‘too corporate’.

For those who worry about the outright commercialization of the true open source model, we’d like to introduce you to Pedro Algarvio, contributor to the SaltStack project.

Algarvio is interesting because he fits the original mold of the open-source developer– he writes code because he loves it, and not because he gets paid to do so. It’s easy to overlook such open source developers, highlighting how GNOME, Linux, Apache, Mozilla and so many other initiatives are fueled by developers *not* paid to contribute open-source code.

But Algarvio plays an important role with Salt, an open-source tool used to manage one’s infrastructure. In some ways similar to Puppet or Chef, Salt distinguishes itself by being lightning fast and very easy-to-use.

But none of this truly explains why Algarvio got involved in the first place. He’s a core contributor to the project, despite having no commercial or other affiliation with the Salt developers, or even with configuration management or infrastructure management for that matter.

“I ended up dropping out of the Salt community for about a year. I returned later because I reached a dead end. I needed a fast, encrypted, messaging system for yet another project idea. Salt had it. This time I wasn’t going to fork Salt, I was going to make it work for me, so I got my hands dirty again.”

“So I ended up adding more content to the logging work I had previously done and I added a basic shell parser which should demonstrate Salt’s dependency versions to better help on various bug reports. Afterwards, I added its current parser system, then I got in touch with its testing suite. It was useful, but creating test cases was a pain. I now love getting a bug reproduced in a test case, which is my first step when I get to a bug,” added Algarvio.

“But when I first contributed to Salt, I wasn’t aware of what it could really do. Now, I have a better idea, and I see a really bright future ahead. The more I get into Salt’s code, the more I grasp what it can do, the more things I want it to do,” he said.

Algarvio had a need for Salt, but his utilization case doesn’t neatly fit into “configuration management” or any of the other industry definitions we could give to Salt. There is no way that a product manager at some proprietary software company would ever have thought to reach out to Algarvio.

But being open source, the code is hosted on GitHub and invites the Pedro Algarvios of the world to discover, download, fork, and then use the code, however they want. And to contribute back if they see fit.

In Algarvio’s case, he definitely “sees fit.” As he told us, “I prefer and tend to only use open source software. If I’m able to contribute back to the open source projects I use, then I’ll contribute back.”

And he’s right– also, he’s not getting paid to say that, either. For years some have focused on the IBMs to the exclusion of the Pedro Algarvios of open source. That’s a big mistake. It takes both kinds of contributions to make open source work– the corporate environment and the programming enthusiast.

In other Linux and open source news

Developed on December 18, 1987 by a programmer called Larry Wall, Perl is an open source programming language used by developers and Unix/Linux system admins all over the world to automate any number of data management tasks, and yesterday Perl celebrated its 25th birthday. Wall released its Perl 1.0 language on that date, posting the source code to the Usenet newsgroup since the internet wasn’t public at that time.

He begun developing the language while working as a programmer at Unisys, and had initially intended it to be a Unix scripting language in the vein of sh or awk. But the language grew very quickly, steadily adding new features in subsequent releases over the next few years.

By the time Perl 5 shipped in 1994, it had developed into a full-fledged general programming tool with support for modern language features including objects, references, modules, and rich native support for regular expressions, a bit like C++ except simpler to use and understand.

At about the same time, web developers began adopting Perl as a language for coding CGI scripts, an early method of developing web applications. The fact that Perl is an interpreted language made scripts quick to write and easy to debug, and its strong text-processing capabilities made it ideally suited for outputting complex HTML.

The fact that it’s an interpreted language means that it doesn’t need to be compiled. Perl has since fallen a bit out of favor for web development in recent years however, its role having in large part been taken over by more recent languages such as PHP, Python and even Ruby.

Critics often take a negative view of Perl’s somewhat idiosyncratic syntax, which can make Perl programs difficult to maintain even, sometimes, for the original developer, if much time has passed since the original coding.

As such, Perl has occasionally been described as a write-only-once-and-forget-language. But Perl fans deny the charges, arguing that the language’s flexible syntax and its overarching philosophy are actually two of its greatest strengths, not impediments.

And if web developers have avoided Perl lately, it still enjoys a healthy and loyal following among systems administrators, scientists, database admins, and anyone else who appreciates what Wall describes as “the three great virtues of a programmer”– laziness, impatience, and hubris.

Today, Perl is available on almost every operating system imaginable, ranging from Windows and Apple’s OS X to Unix and Linux systems and IBM mainframes bigger than the average-size refrigerator.

For a while, Nokia even maintained a version of the Perl language for its System 60 smartphones, so Perl is definitely a flexible programming language.

Source: The Linux Foundation.

« « Twitter security breach leaks emails and passwords of 250,000 users | Goodbye RIM, hello BlackBerry 10 » »