Red Hat, in collaboration with Canonical (the Ubuntu Community) and The Linux Foundation, published a white paper titled UEFI Secure Boot Impact on Linux. For further information regarding Linux and Red Hat, check out the Linux certification courses offered by the InfoSec Institute. The Red Hat and Canonical team further warned people that the personal computer devices will ship their hardware enabled with Secure Boot, which ultimately would be a problem for the open source distributions.
Although Microsoft clearly denies this fact, the Linux Foundation is full of anger over this initiative. Microsoft is open to the implementation of the option to disable Secure Boot in the UEFI model but at the same time, it does not strongly support it. The issue would become even more troublesome if a user wants to dual boot Linux along with Windows. Red Hat along with the Linux Foundation have worked with hardware vendors and Microsoft to develop a UEFI secure boot mechanism that would allow users to run the Linux of their choice. During its research initiative, Red Hat's main aim was to not only provide support to Red Hat/Fedora but also to make users able to run any one they choose.
Red Hat geek Matthew Garrett, put forward a customized solution in which Microsoft would provide keys for all Windows OS, and Red Hat would similarly provide keys for Red Hat and Fedora. Ubuntu and others could participate by paying a nominal price of 99$. This would allow them to register their own keys for distribution to firmware vendors.
We have covered the advantages of having the Secure Boot feature of UEFI, but there are cons to be considered as well. Having the Secure Boot feature would require all the components of the system to be signed, which includes not only the bootloader, but any hardware drivers as well. If the component vendors wished to sign their own drivers, they would need to ensure that their key is installed on all hardware they wish to support. For laptops, a single point solution would be to make all the drivers be signed with the OEM's keys. At the same time, this approach would be problematic for the new hardware vendors and would prevent them from entering the new market until they distributed their keys to major OEMs.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.