Canonical Promises Ubuntu Compatibility with Secure Boot
A specter is haunting the open source world — the specter of UEFI Secure Boot, or so some Linux fans fear. Recently, Canonical spoke out about its efforts to make sure the new hardware specification won’t prevent Ubuntu users from running their operating system of choice. Here’s what it had to say.
As most geeks have probably heard by now, Secure Boot is a new hardware feature designed to make computers less susceptible to malware that manipulates the boot process. Secure Boot-enabled PCs should start making a mass appearance on the market very soon.
And that would all be good and well, except for the fear expressed by some open source advocates that the new feature will be implemented in such a way that it may prevent users from installing a non-proprietary platform in place of, or alongside, the Windows operating system most OEMs will be shipping preloaded on Secure Boot-enabled hardware.
As the Free Software Foundation (whose members would object sharply to being grouped alongside “open source advocates,” I know, but consider it a shorthand), for instance, wrote in a statement:
It is essential that manufacturers get their implementation of UEFI right. To respect user freedom and truly protect user security, they must either provide users a way of disabling the boot restrictions, or provide a sure-fire way that allows the computer owner to install a free software operating system of her choice. Computer owners must not be required to seek external authorization to exercise their freedoms.
Canonical and Secure Boot
What open source companies such as Canonical have that the FSF lacks, of course, is direct relationships with OEMs responsible for implementing Secure Boot. And Canonical appears to be working hard to exert that influence to prevent anticompetitive exploitation of the feature — insofar as Ubuntu is concerned, at least.
As Jon Melamut, a VP at Canonical, explained in a recent blog post, the company is:
committed to ensuring that Ubuntu will work smoothly with Secure Boot-enabled hardware. In addition to investigating Microsoft’s recommendation to participate in its WinQual program, Canonical has generated an Ubuntu key, and we are in active discussions with partners to implement simple ways for enterprises and consumers to use this key.
For now, Canonical is keeping its cards close regarding exactly how Ubuntu friendly Secure Boot might work. But we’ll keep our eyes open for forthcoming details.
And Everyone Else?
As a longtime Ubuntu user, I’m reassured by the promises made in Melamut’s blog post. But while nothing is yet set in stone, I get the impression that Canonical’s approach is designed to ensure that Ubuntu in particular — and not just any Linux distribution — will be able to clear the Secure Boot hurdles.
Canonical, of course, is a for-profit company under no obligation to go out of its way to protect the interests of other Linux distributions. And some of those are directly affiliated with its competitors — which, of course, are taking their own steps to deal with the potential Secure Boot threat, not necessarily with Ubuntu’s needs at the top of their lists.
Yet I wonder if the open source community as a whole might be better off if its various major stakeholders — even those competing with one another — acted in concert on the Secure Boot issue, as they have in the past during similar challenges. Otherwise, if companies such as Canonical seek to protect only their immediate and direct interests, they risk spreading too thin the limited resource of the open source world.
Of course, a lot remains to be nailed down. But here’s hoping that when Secure Boot becomes common on PCs, it will be implemented in such a way that it will work with any Linux distribution (or BSD, or whatever), not just specific ones that enjoy powerful backers.