Linked by Thom Holwerda on Fri 22nd Jun 2012 23:17 UTC
Ubuntu, Kubuntu, Xubuntu After Fedora, Ubuntu has now also announced how it's going to handle the nonsense called "Secure" Boot. The gist: they'll use the same key as Fedora, but they claim they can't use GRUB2. "In the event that a manufacturer makes a mistake and delivers a locked-down system with a GRUB 2 image signed by the Ubuntu key, we have not been able to find legal guidance that we wouldn't then be required by the terms of the GPLv3 to disclose our private key in order that users can install a modified boot loader. At that point our certificates would of course be revoked and everyone would end up worse off." So, they're going to use the more liberally licensed efilinux loader from Intel. Only the bootloader will be signed; the kernel will not.
Thread beginning with comment 523485
To view parent comment, click here.
To read all comments associated with this story, please click here.
vaette
Member since:
2008-08-09

There is a point there, though I think people are a bit quick to jump to the legal attacks based on the convicted monopolist status of Microsoft. One has to understand that Microsoft is not the only company in the Secure Boot game. I also think that one has to accept at least that Microsoft implements Secure Boot and pushes for it a bit.

The thing one could consider is preventing Microsoft from making Secure Boot a Windows 8 logo requirement, but on the other hand the logo requirement is likely the only thing that is ensuring that all x86 systems will have a toggle and key update facility for Secure Boot. Left to themselves many motherboard manufacturers would likely implement Secure Boot (simple checklist feature) either way, but putting in the key update stuff probably has somewhat poor returns in reality.

Mostly what I want to get said though; legal interventions is a dangerous game. Launching challenges against Microsofts uses of cryptography will make principled stands against limitations on cryptography use a bit trickier.

Reply Parent Score: 3

ricegf Member since:
2007-04-25

Agreed.

Note that my objection is Microsoft's direct control over the key infrastructure.

I have no problem with requiring secure boot for Windows 8 as long as identity management is with an independent third party such as Thawte, and an end user can replace the OS (or pay a service company to replace it) if desired.

Reply Parent Score: 2

darknexus Member since:
2008-07-15

The thing one could consider is preventing Microsoft from making Secure Boot a Windows 8 logo requirement, but on the other hand the logo requirement is likely the only thing that is ensuring that all x86 systems will have a toggle and key update facility for Secure Boot.


I have a better idea: Don't allow Microsoft to be the primary control on secure boot. It could still be a logo requirement and yes, machines can come with Microsoft's keys preloaded, but you should not have to go through Microsoft to get a key. That's what everybody's upset about, and why they're extremely quick to bring up anti-trust. Microsoft, like it or not, has a proven track record of power abuse and allowing them to be the controlling influence behind the keys used for secure boot is, like it or not, a recipe for disaster. Keys should be given via an independent third party. Thawte is a good example as someone already mentioned.

Mostly what I want to get said though; legal interventions is a dangerous game. Launching challenges against Microsofts uses of cryptography will make principled stands against limitations on cryptography use a bit trickier.


I couldn't agree with you more. Any time you bring the government in on something like this, you set precedents whether you realize it or not. I am not in favor of having a government, no matter who it is, getting involved in this. The US government is already trying to choke the life out of the internet after all and, given that Microsoft is a US company, setting any precedent here could be just as disastrous. People must realize that legal force can backfire spectacularly. Imagine what would happen if, rather than siding with those of us who are against Microsoft's control over secure boot, they instead side with Microsoft? There's your precedent, and it goes completely against what you were originally trying to accomplish. Given that the US government has a vested interested in keeping their support contracts useful, exactly whom do you think they would side with? If that happens, the EU might contest it, but what are they going to do? Bar Microsoft from selling their products? This, unlike integrated software, isn't something they can demand a different edition of Windows be produced in order to comply. They could forbid secure boot on equipment sold there but then what? Demand that every OEM make two versions of their products, and pass the extra cost on to the buyer? I say we need to keep the political bodies out of this, if at all possible. Going that route will backfire later, most likely in ways we haven't even thought of yet.

Reply Parent Score: 2

Alfman Member since:
2011-01-28

vaette,

"There is a point there, though I think people are a bit quick to jump to the legal attacks based on the convicted monopolist status of Microsoft. One has to understand that Microsoft is not the only company in the Secure Boot game."

Microsoft's monopoly gives them tremendous power to dictate what manufacturers have to implement regardless of the standard. Microsoft's requirement could outright contradict the standard and manufacturers would be forced to obey whatever microsoft says.... Their monopoly status is exactly what makes them so dangerous to the industry.

Reply Parent Score: 2