Canonical and Red Hat have issued a joint statement
regarding Microsoft’s plan to make UEFI Secure Boot a requirement of
Windows 8. Simultaneously, The Linux Foundation has issued a similar statement.
We first covered this issue in September.
The joint Red Hat and Canonical statement opens with an assessment of the situation:
The
UEFI specification for secure boot does not define who controls the
boot restrictions on UEFI platforms, leaving the platform implementer in
control of the exact security model. Unfortunately, Microsoft’s
recommended implementation of secure boot removes control of the system
from the hardware owner, and may prevent open source operating systems
from functioning. The Windows 8 requirement for secure boot will
pressure OEMs to implement secure boot in this fashion.
We
believe that restrictions that prevent users from exercising full
control over their hardware is not in the best interest of those users,
and works against the spirit of open source software in general.
It's
a fair assessment of the situation. It's worth noting that the language
used in both documents is reasonable and doesn't go out of its way to
demonize Microsoft. Both documents outline the difficulties that will be
caused to Linux adoption in general by the proposed measures. They also
highlight some of the benefits of EUFI and secure boot, and I got the
impression that all three organizations have accepted that Secure Boot
is an inevitable development in some form.
The Canonical/Red Hat document concludes with three proposals:
“We recommend that all OEMs allow secure boot to be easily disabled and enabled through a firmware configuration interface”
One
point that the authors make is that as Windows 8 will require Secure
Boot in order to boot, this causes a problem for dual boot scenarios.
The user would probably have to enter the setup interface and manually
toggle the feature between each reboot.
There is also the possibility that some vendors won't include a menu option to disable secure boot at all.
“We
recommend that OEMs (with assistance from BIOS vendors) provide a
standardised mechanism for configuring keys in system firmware”
The
problem with this, as pointed out in the document, is that a feature to
add extra keys to the firmware must not be susceptible to malware.
Again, it sounds like a lot of additional hassle, particularly for non
technical users.
“We recommend that hardware ship in setup mode, with the operating system taking responsibility for initial key installation”
What
the authors are suggesting is that an operating system would be able to
add its secure key to a brand new system the first time it boots.
This
means that it would be possible to switch over to an alternate
operating system on a brand new machine that has never been booted. This
might appeal to companies that sell complete machines. If the proposal
were adheared to, a brand new motherboard would also ship in this state.
Obviously, Microsoft would have to agree support this system, and they
might not.
The Linux Foundation document includes similar
recommendations. It echos the suggestion that new machines could ship in
a state in which they are ready to receive a new key, but adds that it
should be possible for the user to reset a machine to the initial state.
It acknowledges the potential problems for dual booting. It adds the
point that some sort of provision needs to be made for booting from
removable media. It also suggests that a neutral organization should be
formed for the granting of keys to hardware and software vendors.
The
tone of both documents gives the impression that all parties have
accepted the inevitability of Secure Boot. It's starting to look like we
might soon be looking back with fondness on the days in which we could
walk around installing Linux wherever we liked.
Both documents were well-written, fair and either would serve as a good introduction to the issue.
The Red Hat/Canonical document
The Linux Foundation document
Subscribe to:
Post Comments (Atom)
The official site
Followers
Recent Post
Popular Posts
-
When it comes to reading an ebook is nothing better than an ereader like the Kindle or 613 or any other Papyre with electronic ink. The i...
-
Linux is free and open operating system (open source). So do not need a license fee to buy or use Linux, for free. Linux is easy to use....
-
Now a days, Linux Mint is one of the most popular Linux based operating system among the desktop users, specifically who used to be a win...
-
Introduction and Notes This is the list of current stable packages tracked by DistroWatch, the latest versions and some n...
No comments:
Post a Comment