This secure boot initiative would prohibit tech people from implementing their own custom Linux flavors, and restrict them to using only what the manufacturer of the computer wants them to. The Certifying Authority (CA) would be incorporated by the computer manufacturer and he would ultimately decide whether a particular operating system has to be included or not.
A simple solution to this controversy would be making the user be the CA and giving him or her the authority to decide the choice of operating system with secure boot. But on the other hand, this would open non-technical to the danger of being tricked into using a malicious operating system. Everything has its pros and cons and that is how technology goes. Luckily, everything is not settled yet and Microsoft is still trying its best without harming the Free Software Foundation and the Open Source Community.
Red Hat, in collaboration with Canonical (the Ubuntu Community) and The Linux Foundation, published a white paper titled UEFI Secure Boot Impact on Linux. For further information regarding Linux and Red Hat, check out the Linux certification courses offered by the InfoSec Institute. The Red Hat and Canonical team further warned people that the personal computer devices will ship their hardware enabled with Secure Boot, which ultimately would be a problem for the open source distributions.
Although Microsoft clearly denies this fact, the Linux Foundation is full of anger over this initiative. Microsoft is open to the implementation of the option to disable Secure Boot in the UEFI model but at the same time, it does not strongly support it. The issue would become even more troublesome if a user wants to dual boot Linux along with Windows. Red Hat along with the Linux Foundation have worked with hardware vendors and Microsoft to develop a UEFI secure boot mechanism that would allow users to run the Linux of their choice. During its research initiative, Red Hat's main aim was to not only provide support to Red Hat/Fedora but also to make users able to run any one they choose.
Red Hat geek Matthew Garrett, put forward a customized solution in which Microsoft would provide keys for all Windows OS, and Red Hat would similarly provide keys for Red Hat and Fedora. Ubuntu and others could participate by paying a nominal price of 99$. This would allow them to register their own keys for distribution to firmware vendors.
We have covered the advantages of having the Secure Boot feature of UEFI, but there are cons to be considered as well. Having the Secure Boot feature would require all the components of the system to be signed, which includes not only the bootloader, but any hardware drivers as well. If the component vendors wished to sign their own drivers, they would need to ensure that their key is installed on all hardware they wish to support. For laptops, a single point solution would be to make all the drivers be signed with the OEM's keys. At the same time, this approach would be problematic for the new hardware vendors and would prevent them from entering the new market until they distributed their keys to major OEMs.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.