Free Software Foundation: Ubuntu's Secure Boot Plan Won't Fly
There's still no end in sight to the ongoing Secure Boot saga arising from Microsoft's Windows 8 plans, and just recently we've seen both Fedora Linux and Ubuntu Linux respond with two very different approaches to working around the problem.
Both the Linux Foundation and the Free Software Foundation voiced their own perspectives last fall when the issue first came up, but over the weekend the Free Software Foundation felt the need to speak out again in response to the approaches being taken by these two popular distributions.
In a nutshell, the advocacy group isn't thrilled with what either distro has proposed, but it prefers the Fedora approach over Canonical's solution. It also has a number of suggestions of its own.
To recap, the heart of the issue is the fact that future Windows 8 hardware will come with the Secure Boot technology enabled in the Unified Extensible Firmware Interface (UEFI), meaning that only operating systems with an appropriate digital signature will be able to boot on such machines.
Instead of “Secure Boot,” the Free Software Foundation uses the term “Restricted Boot.”
“Under the guise of security, a computer afflicted with Restricted Boot refuses to boot any operating systems other than the ones the computer distributor has approved in advance,” explains FSF Executive Director John Sullivan in the group's new white paper on the topic. “Restricted Boot takes control of the computer away from the user and puts it in the hands of someone else.”
'There Should Be No Problem'
Users should have either a way to disable Secure Boot restrictions, or a failproof way to install the free software operating system of their choice, Sullivan asserted.
And indeed, while ARM-based hardware won't allow users to disable Secure Boot, x86 Windows machines will, as well as making it possible for users to employ their own keys.
“In theory, there should be no problem. In practice, the situation is more complicated,” Sullivan asserted. “As currently proposed, Secure Boot impedes free software adoption,” essentially by making it more difficult for users to install and try free software, he explained.
'Much to Like About Fedora's Thinking'
Fedora's approach, for those who missed it, is to pay $99 to Verisign for unlimited use of Microsoft signing services, allowing its first stage boot loader to be signed with a Microsoft key. The distro will, however, also allow users to work with their own self-generated keys, Sullivan noted.
“There is much to like about Fedora's thinking,” he wrote. “Their process of deliberation evinced concern for user freedom; it's clear that the Fedora team sought a solution that would work not just for their own GNU/Linux distribution, but for as many free software users and distributions as possible.”
Fedora's solution is also compliant with GPLv3, Sullivan added, though he did point out two “serious problems” with its approach.
'We Urge Canonical to Reverse This Decision'
As for Ubuntu's plan, “our main concern is that because they are afraid of falling out of compliance with GPLv3, they plan to drop Grub 2 on Secure Boot systems in favor of another bootloader with a different license that lacks GPLv3's protections for user freedom,” Sullivan wrote.
“We urge Ubuntu and Canonical to reverse this decision, and we offer our help in working through any licensing concerns,” he added. “We also hope that Ubuntu, like Fedora, will actively support users generating and using their own signing keys to run and share any versions of the software, and not require users to install a key from Canonical to get the full benefit of their operating system.”
The FSF plans to continue fighting Secure Boot and educating the public, it says; it also hopes to work with hardware manufacturers and distributors to help protect user freedom.