That the two papers referred to earlier have been released so soon is an indication that Microsoft's plans are occasioning considerable unease in free software and open source software circles.
|
|
The Linux Foundation paper details how the UEFI secure boot process can work with open platforms; GNU/Linux vendors Canonical and Red Hat have set forth the impact the UEFI secure boot will have on GNU/Linux.
A secure boot is ensured by communication between the system firmware and the operating system executable; the system firmware can contain one or more signed keys and any executable that is not signed by these keys will not boot on the system in question. Another set of keys allows for communication between the operating system and the firmware.
The Foundation paper contains a series of recommendations to hardware vendors on how a secure boot process can be incorporated without prejudicing the rights of users of other operating systems; it also details the reasoning behind these recommendations.
Written by James Bottomley, the chief technical officer of server virtualisation at Parallels, and Jonathan Corbet, a Linux kernel developer, recommends that every platform that provides a secure boot using the UEFI specifications should be sold in setup mode.
This would give the buyer control over which platform key is installed and would also make it possible for the owner to return a system to setup mode later on if the need arises; say, if one decides to install another operating system.
When the initial bootstrap of an operating system occurs, the fact that the platform is in setup mode would be detected. The operating system would then install its own key-exchange key and install a platform key to enable secure boot.
In order to cater to users who want dual-boot systems, the Foundation paper recommends that a mechanism, based in the firmware, should be established to allow a platform owner to add new key-exchange keys to a system running in secure mode.
The paper also recommends that there be a firmware-based mechanism to make the booting of removable media easy. In conclusion it says that an authority should be established to issue key-exchange keys for third-party hardware and software vendors. Such an authority should be neutral when it comes to both operating systems and vendors.
The second paper, (PDF) written by Bottomley, Jeremy Kerr, technical architect at Canonical, and Garrett, who is a senior software engineer at Red Hat, once again contains recommendations that hardware vendors should adopt if they wish to cater to all operating systems.
