Ubuntu Linux changes its plans for Windows 8 Secure Boot
By Katherine Noyes, PCWorld
Microsoft’s “Secure Boot” plans for Windows 8 have already caused no end of controversy in the Linux community, and certainly one of the more divisive announcements in recent months was Canonical’s decision to drop the GRUB 2 bootloader as part of its solution for Ubuntu Linux.
It didn’t take long for the Free Software Foundation (FSF) to react to that news, and its response wasn’t favorable.
“Our main concern is that because they are afraid of falling out of compliance with GPLv3, they plan to drop Grub 2 on Secure Boot systems in favor of another bootloader with a different license that lacks GPLv3’s protections for user freedom,” wrote FSF Executive Director John Sullivan in a recent white paper on the topic. “We urge Ubuntu and Canonical to reverse this decision, and we offer our help in working through any licensing concerns.”
Sure enough, it now looks like that’s just what happened, and Canonical on Thursday announced that it will use GRUB 2 after all.
A variety of solutions
As a quick recap, the problem at the root of all this is that Windows 8 hardware will come with the Secure Boot technology enabled in the Unified Extensible Firmware Interface (UEFI), meaning that only operating systems with an appropriate digital signature will be able to boot.
On ARM-based hardware, furthermore, it apparently won’t be possible to disable Secure Boot.
Canonical’s original decision to use an EFILinux bootloader instead of GRUB 2 arose out of a fear that licensing provisions in the latter might force the disclosure of Canonical’s encryption keys if a manufacturer inadvertently shipped a computer that did not allow Secure Boot to be disabled, explained Jon Melamut, its vice president of professional and engineering services, in a blog post on Thursday.
‘Security and user choice’
It is the FSF that owns the copyrights to GRUB 2, however, and in subsequent discussions with the group, “the FSF has stated clearly that GRUB 2 with Secure Boot does not pose a risk of key disclosure in such circumstances,” Melamut added.
Canonical has also confirmed that fact with its manufacturing partners, he noted, as well as introducing variations in the Ubuntu Certification program and QA scripts for pre-installs “to ensure that security and user choice are maintained on Ubuntu machines,” he explained.