The Linux Foundation announced a little over a month ago that they singlehandedly solved the problem with Microsoft's UEFI restrictions, but it seems things are not that simple.
The initial proposal from The Linux Foundation was to obtain a legitimate valid key that would be embedded in a bootloader.
This bootloader would be available for download, from The Linux Foundation website, providing every developer with the tools and the means to bypass UEFI.
Needless to say, obtaining a valid key from Microsoft
is a bureaucratic and difficult process. James Bottomley from The Linux Foundation has explained why the bootloader is not available yet.
Besides getting a Verisign key, The Linux Foundation had to sign an actual paper contract with Microsoft.
“The agreements are pretty onerous, include a ton of excluded licences (including all GPL ones for drivers, but not bootloaders). The most onerous part is that the agreements seem to reach beyond the actual UEFI objects you sign.
“The Linux Foundation lawyers concluded it is mostly harmless to the LF because we don’t ship any products, but it could be nasty for other companies,” explained James Bottomley.
The UEFI binary has to be wrapped in Microsoft Cabinet file, but long story short, this can only be done in Windows 7 under kvm.
Once the upload is finished, the file has to pass through several steps of verification, but it gets stuck at one of them. After a flurry of emails, the conclusion was that Microsoft had yet to provide a valid signed binary.
“However, that’s the status: We’re still waiting for Microsoft to give the Linux Foundation a validly signed pre-bootloader. When that happens, it will get uploaded to the Linux Foundation website for all to use,” ended James Bottomley on a sour note.
The Linux Foundation is trying to provide an elegant solution to the UEFI problem, but it seems it might take a while longer.