FSF Weighs in on Secure Boot
Free Software Foundation considers Restricted Boot a threat to user freedom.
In the ongoing saga of secure boot, the Free Software Foundation has issued a whitepaper that “outlines the difficulties Secure Boot poses for the free software movement and free software adoption, warns against the threat of Restricted Boot, and gives recommendations for how free software developers and users can best address the issues.”
In the paper, the FSF recaps the approaches taken by Fedora and Ubuntu to address the problem. The FSF says there is much to like about Fedora’s thinking, but goes on to say, “Unfortunately, while it is compliant with the license of GRUB 2 and any other GPLv3-covered software, we see two serious problems with the Microsoft program approach.” They outline the problems as follows:
- Users wishing to run in a Secure Boot environment will have to trust Microsoft in order to boot official Fedora. The Secure Boot signing format currently allows only one signature on a binary – so Fedora’s shim bootloader can be signed only by the Microsoft-vouched key. If a user removes Microsoft’s key, official Fedora will no longer boot, as long as Secure Boot is on.
- We reject the recommendation that others join the Microsoft developer program. In addition to the $99 expense being a barrier for many people around the world, the process for joining this program is objectionable.
The Ubuntu approach states that machines preinstalled with Ubuntu, will have an Ubuntu-specific key generated by Canonical in their firmware. Ubuntu CDs will depend on Microsoft’s key in the machine’s firmware to boot when Secure Boot is active. And, Ubuntu bootloader images distributed from the official Ubuntu archive will be signed by Ubuntu’s own key.
The FSF’s main concern here is that Ubuntu plans to drop GRUB 2 on secure boot systems in favor of another bootloader with a different license that lacks GPLv3’s protections for user freedom. In the whitepaper, they urge Ubuntu and Canonical to reverse this decision and reiterate that the focus of the FSF is “to evaluate proposed solutions to the issues posed by Secure Boot on the basis of how well they protect user freedom, to recommend the solutions that do the best job of that, and to stop attempts to turn Secure Boot into Restricted Boot.” You can read the Secure Boot whitepaper online.
Issue 41: Linux Shell Handbook 2021 Edition/Special Editions
Buy this issue as a PDF
News
-
Apple M1 Hardware Support to be Merged into Linux Kernel 5.13
Linux users will be able to install their favorite distribution on Apple’s M1-based hardware.
-
KDE Launches the Qt 5 Patch Collection
To support and maintain a stable Qt 5 for KDE Gears and Frameworks, KDE will maintain a patch collection.
-
Linux Creator Warns Next Kernel Could be Delayed
Linus Torvalds has issued concern about the size of kernel 5.12 and possible delays for its release.
-
System76 Updates its Pangolin Laptop
System76 has released a much-anticipated AMD version of their most popular laptop, the Pangolin.
-
New Debian-Based Distribution Arrives on the Market
TelOS is a new Debian-based Linux distribution with a customized, touch-screen-ready KDE Plasma 5 desktop.
-
System76 Releases New Thelio Desktop
One of the most ardent supporters of open source hardware has released a new desktop machine for home or office.
-
Mageia 8 Now Available with Linux 5.10 LTS
The latest release of Mageia includes improved graphics support for both AMD and NVIDIA GPUs.
-
GNOME 40 Beta has been Released
Anyone looking to test the beta for the upcoming GNOME 40 release can now do so.
-
OpenMandriva Lx 4.2 has Arrived
The latest stable version of OpenMandriva has been released and offers the newest KDE desktop and ARM support.
-
Thunderbird 78 Ported to Ubuntu 20.04
The Ubuntu developers have made the decision to port the latest release of Thunderbird to the LTS version of the platform.