Ubuntu / Linux news and application reviews.

According to an article by ITWorld, Microsoft requires that Windows 8-certified machines use UEFI (Unified Extensible Firmware Interface) with support for secure booting instead of the BIOS firmware.

This means that both the firmware and software used in the boot process must be signed by a trusted Certificate Authority and at the moment, none of the EFI Linux bootloaders is signed. So basically, if you buy a computer that includes the manufacturer's keys and Microsoft's keys, you won't be able to boot a Linux distribution.


To get secure UEFI booting support for a Linux distribution, a non-GPL bootloader would be required and since in the near future the kernel itself will be a part of the bootloader, the kernel would have to be signed too, meaning you won't be able to compile your own custom kernels.

Matthew Garrett, a Linux developer at Red Hat says:

"Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.

[...] Firstly, we'd need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It's a grey area, and exploiting it would be a pretty good show of bad faith. Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it's still necessary to get our keys included by ever OEM."


Even if the major Linux distros find a way around this (hopefully), there are still questions like: what will happen with small Linux distributions or how will the users or various companies boot their own custom kernels? But before getting there, here's the most important question: is this legal?


Read more about it @ ITWorld.


Update: Microsoft has responded to this by saying that "unfortunately these seemed to synthesize scenarios that are not the case" and "for the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision. [...] At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves". [more @ H-Online]