Linux Foundation: Secure Boot Need Not Be a Problem

There's been considerable concern in recent weeks over the secure boot mechanism planned for Microsoft's upcoming Windows 8, primarily among Linux users and others uneasy that the engineering volition pull round impossible to run secondary operating systems on Windows 8 credentialed PCs.

Such fears were sole compounded when the Free Software Foundation weighed in with its own statement of come to about what the technology might mean for users of free and open source software.

On Friday, however, the Linux Foundation added its ain part and perspective to the mix with an explanation of why secure boot doesn't necessarily have to constitute a bad thing for Linux users.

'If It Is Enforced Properly'

Secure iron heel offers "the prospect of a hardware-verified, malware-free operating system bootstrap process that force out amend the certificate of many system deployments," write out Linux Foundation Bailiwick Planning board Chair James Bottomley and Technical Advisory Board Member Jonathan Corbet in the group's six-paginate document (PDF).

"Linux and unusual open operating systems will beryllium able to take advantage of secure boot if IT is implemented decent in the hardware," they add.

That's a big "if," naturally, and the newspaper publisher makes several key recommendations to help ensure that happens.

'The Lonesome Bootable In operation System'

At the heart of the Unified Extensible Firmware Interface (UEFI) secure boot protocol are Platform Keys (PKs)–which are designed to be possessed by the owner of the hardware in question–and Paint-Exchange Keys (KEKs), which are controlled past the ironware and operating system vendors, the paper explains.

"This separation is vital because information technology allows the platform owner to adjudicate which keys they trust without compromising the ability of the KEK controllers to assure themselves that the OS booted securely," Bottomley and Corbet publish.

The implementation of UEFI described by Microsoft's Steven Sinofsky, however, "runs heel counter to the UEFI recommendation that the political platform possessor be the PK accountant and would ensure that the Windows in operation system would then get on the only bootable OS on the platform," the paper notes.

An Harsh 'Setup Mode'

While that may personify a valid choice for whatever informed users, it's likewise constitutional that users be able to regain command by resetting their hardware dorsum to apparatus mode, the authors argue.

Toward that end, all hardware should ship in an open "setup way" with no platform key installed. That way, hardware owners can install the platform describe of their choice operating room let their operating system do so for them, Bottomley and Corbet explain.

It should also be possible for the possessor of a piece of ironware to return a system back to apparatus mode in the early, they add. Lag, in that location needs to beryllium a firmware-based mechanism for adding new KEKs to make dual-boot systems possible, as well atomic number 3 uncomparable for easy booting of removable media.

Time Will Differentiate

The Linux Groundwork's paper specifies in considerably much detail how UEFI can optimum be implemented for compatibility with both open and closed in operation systems, but in essence the bottom bank line seems to be this open frame-up mode that can be restored at any time and the ability to minimal brain damage new KEKs to the firmware.

Red Hat and Standard, incidentally, also spoke out happening Fri with their own take on the site (PDF), including a number of like-minded suggestions.

Only time bequeath William Tell how Microsoft ends up implementing the technology, but it's nice to see information technology confirmed that UEFI won't inevitably be a problem for Linux users.

Source: https://www.pcworld.com/article/477825/linux_foundation_secure_boot_need_not_be_a_problem.html

Posted by: toppandever.blogspot.com