Ubuntu Linux adopts new UEFI boot problem approach

Canonical, Ubuntu's parent company, is taking a new way to address the Windows 8 UEFI secure-boot problem.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Ubuntu is changing how it will boot up on UEFI Secure Boot PCs.

Windows 8 PCs will come with Microsoft's UEFI (Unified Extensible Firmware Interface) Secure Boot. This "feature" will make it much harder to boot Linux or other operating systems. Canonical, Ubuntu Linux's parent company, is going to take a new approach to address this problem.

When Canonical first announced its plan on dealing with Microsoft's Secure Boot in the next version of Ubuntu, 12.10, it ran into objections from the Fedora Linux developers and the Free Software Foundation (FSF). In an ideal world, the FSF wants PC vendors to not let users be locked in by Microsoft's Secure Boot.

Failing that, the FSF dislikes both Fedora and Ubuntu's plans on how to deal with Secure Boot because both require that a user trust in a Microsoft-generated key. With Ubuntu, the FSF also opposed Ubuntu dropping the Grub 2 bootloader "on Secure Boot systems, in favor of another bootloader." A bootloader is the program that lets you boot your system and, if you have multiple operating systems, choose which one to boot.

While both Fedora and Ubuntu are still sticking with Microsoft keys for now, Canonical has come to an agreement with the FSF that will enable Ubuntu users to keep using GRUB2. In a blog posting, Jon Melamut, Canonical's VP of Professional & Engineering Services, writes, "When we announced our plans to support Secure Boot in Ubuntu 12.10, we originally planned that we would use an EFILinux bootloader. We chose that option over the Grub 2 bootloader because Grub 2 has licensing provisions that, in our view at the time, could have forced disclosure of Canonical keys if an OEM partner had inadvertently shipped a computer which did not allow disabling of Secure Boot."

Canonical and the FSF have talked their disagreement out and, continues Melamut, "the FSF has stated clearly that Grub 2 with Secure Boot does not pose a risk of key disclosure in such circumstances. We have also confirmed that view with our OEM partners, and have introduced variations to the Ubuntu Certification program and QA scripts for pre-installs to ensure that security and user choice are maintained on Ubuntu machines. Therefore, we have decided that Grub 2 is the best choice for a bootloader, and will use only Grub 2 in Ubuntu 12.10 and 12.04.2 by default."

In a statement, John Sullivan, Executive Director of the FSF, added, "We are pleased with Canonical's decision to stick with Grub 2. We know that the challenges raised when trying to support true user security without harming user freedom—Secure Boot vs. Restricted Boot—are new for everyone distributing free software. This is the situation for which GPLv3 was written, and after helpful conversations with Canonical, we are confident the license does its job well, ensuring users can modify their systems without putting distributors in untenable positions."

While booting desktop Linux is going to continue to face challenges on Windows 8 PCs, at least the free software and open-source Linux communities are uniting in how they'll confront the Windows 8's UEFI Secure Boot lock-in problem.

Related Stories:

Editorial standards