An update on Ubuntu and Secure Boot

,

In October 2011, Canonical discussed our activities and recommendations related to Secure Boot, including recommendations for OEMs. Since that time, we have continued to consult industry partners, the technical community and users on the topic. Today’s post provides an update on how Ubuntu will implement Secure Boot for 12.10.

The Secure Boot portion of the UEFI spec defines how computers boot. In a nutshell, Secure Boot requires a digital key to boot a computer in order to reduce the possibility of an attack in which malware tries to control the boot process of your computer. Secure Boot will be widespread on new computers bought in the coming year.

As a Contributor Member of the UEFI Forum, Canonical engaged early in the UEFI specification process and invested significantly in ensuring that Secure Boot preserves the ability for enterprise and consumer users to choose their operating system, particularly on machines that come with Windows pre-installed at the factory. We authored and engaged with others to co-publish a whitepaper entitled “Secure Boot impact on Linux”, attended plugfests to advocate for software choice, and worked to ensure that the specification retained sufficient options to preserve the rights of users.

That work continues and we’re committed to ensuring that Ubuntu will work smoothly with Secure Boot enabled hardware. In addition to investigating Microsoft’s recommendation to participate in its WinQual program, Canonical has generated an Ubuntu key, and we are in active discussions with partners to implement simple ways for enterprises and consumers to use this key. These conversations have not concluded, and as a result we cannot detail the plans of our OEM partners yet.

For users who download Ubuntu directly we are working on a revised bootloader for 12.10 to ensure that Ubuntu continues to provide the “it just works” experience that our users expect. If you’re interested in understanding the technical details or would like to contribute to this area then please join the conversation on the development mailing list.

We’re committed to ensuring that Ubuntu provides a secure, world class user experience on all machines.

7 comments

  1. Dmitrijs Ledkovs

    Futher technical details have been posted to the development mailing list:

    https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html

  2. Schmatzler

    Guys, this is the wrong approach. Ubuntu is as bad as Windows Vista is. Putting only Microsoft and Ubuntu Keys into a system makes it hard to use any other, professional and unbloated OS.

    I HATE Ubuntu for making the system unstable, not providing system updates and trying to rewrite any commandline tool with a bad GUI for beginners.

    What about all the other distributions out there, that don’t use Ubuntus key? They will have a hard time. It’s disgusting from you to think that you are the only ones out there – puts you straight into one line with Microsoft.

    In my opinion, every single distributor out there should unite and stand against Microsofts shitty decisions. Manufacturers will think about it, if that happens.

  3. Curtis Maurand

    Secure Boot is a solution looking for a problem.

  4. Ellis Rubio

    Hello Ubuntu Developers,
    Hope Ubuntu will implement Secure Boot for 12.10.
    Ellis
    industrial engineer
    Colombia

  5. Gord Campbell

    Excellent!

    I think a lot of Linux fans confuse UEFI with Secure Boot. UEFI is not a problem, but Secure Boot could be.

  6. Paddy Landau

    I have read many reports about this, and it seems to me that Microsoft requires UEFI as part of its license to OEMs.

    This is fine, provided that it does not force OEMs to exclude other operating systems.

    However, from what I understand, the method does exclude other operating systems unless purchasing a license from Microsoft (which Fedora has opted for).

    Isn’t this anti-competitive behaviour requiring a good look from the regulators?

  7. BANANA DE PIJAMA

    certification process. This means that an Ubuntu certified machine will be no is noob!>…

Add your comment