Linked by Thom Holwerda on Fri 22nd Jun 2012 23:17 UTC
Ubuntu, Kubuntu, Xubuntu After Fedora, Ubuntu has now also announced how it's going to handle the nonsense called "Secure" Boot. The gist: they'll use the same key as Fedora, but they claim they can't use GRUB2. "In the event that a manufacturer makes a mistake and delivers a locked-down system with a GRUB 2 image signed by the Ubuntu key, we have not been able to find legal guidance that we wouldn't then be required by the terms of the GPLv3 to disclose our private key in order that users can install a modified boot loader. At that point our certificates would of course be revoked and everyone would end up worse off." So, they're going to use the more liberally licensed efilinux loader from Intel. Only the bootloader will be signed; the kernel will not.
Permalink for comment 523504
To read all comments associated with this story, please click here.
darknexus
Member since:
2008-07-15

The thing one could consider is preventing Microsoft from making Secure Boot a Windows 8 logo requirement, but on the other hand the logo requirement is likely the only thing that is ensuring that all x86 systems will have a toggle and key update facility for Secure Boot.


I have a better idea: Don't allow Microsoft to be the primary control on secure boot. It could still be a logo requirement and yes, machines can come with Microsoft's keys preloaded, but you should not have to go through Microsoft to get a key. That's what everybody's upset about, and why they're extremely quick to bring up anti-trust. Microsoft, like it or not, has a proven track record of power abuse and allowing them to be the controlling influence behind the keys used for secure boot is, like it or not, a recipe for disaster. Keys should be given via an independent third party. Thawte is a good example as someone already mentioned.

Mostly what I want to get said though; legal interventions is a dangerous game. Launching challenges against Microsofts uses of cryptography will make principled stands against limitations on cryptography use a bit trickier.


I couldn't agree with you more. Any time you bring the government in on something like this, you set precedents whether you realize it or not. I am not in favor of having a government, no matter who it is, getting involved in this. The US government is already trying to choke the life out of the internet after all and, given that Microsoft is a US company, setting any precedent here could be just as disastrous. People must realize that legal force can backfire spectacularly. Imagine what would happen if, rather than siding with those of us who are against Microsoft's control over secure boot, they instead side with Microsoft? There's your precedent, and it goes completely against what you were originally trying to accomplish. Given that the US government has a vested interested in keeping their support contracts useful, exactly whom do you think they would side with? If that happens, the EU might contest it, but what are they going to do? Bar Microsoft from selling their products? This, unlike integrated software, isn't something they can demand a different edition of Windows be produced in order to comply. They could forbid secure boot on equipment sold there but then what? Demand that every OEM make two versions of their products, and pass the extra cost on to the buyer? I say we need to keep the political bodies out of this, if at all possible. Going that route will backfire later, most likely in ways we haven't even thought of yet.

Reply Parent Score: 2