Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Linux Foundation: Secure boot need not be a problem

Implemented correctly, the UEFI protocol is perfectly compatible with open operating systems

Article comments

There's been considerable concern in recent weeks over the secure boot mechanism planned for Microsoft's upcoming Windows 8, primarily among Linux users and others worried that the technology will make it impossible to run alternative operating systems on Windows 8 certified PCs.

Such fears were only compounded when the Free Software Foundation weighed in with its own statement of concern about what the technology might mean for users of free and open source software.

Last week, however, the Linux Foundation added its own voice and perspective to the mix with an explanation of why secure boot doesn't necessarily have to be a bad thing for Linux users.

'If it is implemented properly'

Secure boot offers "the prospect of a hardware-verified, malware-free operating system bootstrap process that can improve the security of many system deployments," write Linux Foundation Technical Advisory Board Chair James Bottomley and Technical Advisory Board Member Jonathan Corbet in the group's six-page document (PDF).

"Linux and other open operating systems will be able to take advantage of secure boot if it is implemented properly in the hardware," they add.

That's a big "if," of course, and the paper makes several key recommendations to help ensure that happens.

'The only bootable OS'

At the heart of the Unified Extensible Firmware Interface (UEFI) secure boot protocol are Platform Keys (PKs) - which are designed to be controlled by the owner of the hardware in question - and Key-Exchange Keys (KEKs), which are controlled by the hardware and operating system vendors, the paper explains.

"This separation is vital because it allows the platform owner to decide which keys they trust without compromising the ability of the KEK controllers to assure themselves that the OS booted securely," Bottomley and Corbet write.

The implementation of UEFI described by Microsoft's Steven Sinofsky, however, "runs counter to the UEFI recommendation that the platform owner be the PK controller and would ensure that the Windows operating system would then become the only bootable operating system on the platform," the paper notes.

An open 'Setup Mode'

While that may be a valid choice for some informed users, it's also essential that users be able to regain control by resetting their hardware back to setup mode, the authors argue.

Toward that end, all hardware should ship in an open "setup mode" with no platform key installed. That way, hardware owners can install the platform key of their choice or let their operating system do so for them, Bottomley and Corbet explain.

It should also be possible for the owner of a piece of hardware to return a system back to setup mode in the future, they add. Meanwhile, there needs to be a firmware-based mechanism for adding new KEKs to make dual-boot systems possible, as well as one for easy booting of removable media.

Time will tell

The Linux Foundation's paper specifies in considerably more detail how UEFI can best be implemented for compatibility with both open and closed operating systems, but in essence the bottom line seems to be this open setup mode that can be restored at any time and the ability to add new KEKs to the firmware.

Red Hat and Canonical, incidentally, also spoke out last Friday with their own take on the situation (PDF), including a number of like-minded suggestions.

Only time will tell how Microsoft ends up implementing the technology, but it's nice to hear it confirmed that UEFI won't necessarily be a problem for Linux users.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *