Ubuntu to continue using GRUB 2 with Windows 8 Secure Boot

Leeky

Posts: 3,357   +116

Canonical has reversed its decision to drop Ubuntu’s GRUB 2 bootloader in favor of EFILinux on systems using Secure Boot, which prevents the loading of drivers or OS loaders that are not signed with a certain digital signature, after the Free Software Foundation (FSF) stepped in and said it will help find a workable solution for Linux installations.

Last year, Microsoft confirmed that new computers carrying the “Certified for Windows 8” logo will implement UEFI's Secure Boot feature. While that's good news for Windows users who will be better protected against malware and rootkits, the move proved controversial because initial feedback suggested it was likely to prevent users from booting alternative operating systems such as Linux or Unix.

Canonical announced earlier this year that they had found a solution to the problem, which involved the creation of their own private signed keys for “Ubuntu Certified” hardware pre-loaded with their OS, in much the same way as Microsoft is going to do for Windows 8.

That meant changing Ubuntu’s bootloader for systems using Secure Boot though, as Canonical was concerned that GRUB 2’s GPLv3 license would require them to reveal their private signed keys if an OEM mistakenly shipped a computer with Secure Boot enabled. In order to avoid this happening, Canonical said it would use a modified version of Intel’s EFILinux as a bootloader instead of Grub 2.

In a whitepaper published in June, the FSF asked Canonical to reconsider this approach, and instead support users in creating their own signed keys to run Linux on their computers. “We offer our help in working through any licensing concerns,” FSF executive director, John Sullivan wrote. He argued that the license used by GRUB 2 actually protects users against the dangers of Secure Boot and Canonical wouldn’t be required to hand out its private signed keys to any third party.

Canonical confirmed the reversal in a blog post late last week and said it has taken steps “to ensure security and user choice is maintained” on Ubuntu systems. “Grub 2 is the best choice for a bootloader, and [we] will use only Grub 2 in Ubuntu 12.10 and 12.04.2 by default,” the post read.

Permalink to story.

 
Yes, nice move. But, that doesn't fix the fact that Secure Boot can be hacked. Either vulnerabilities to the encryption will occur, or falsified encryption keys will be used to gain access. However, boot level malware will be prevented a lot better. Maybe after a few times of being hacked, it'll no longer be hackable.

But, I'm happy Ubuntu will not be prevented distribution on systems running Windows 8. Although, I think Linux makers are very pursuant to still get their OS available to Windows 8 users, so a dual boot is still possible. I know I'll always have a dual-boot OS.
 
Back