Home opinion-and-analysis Open Sauce Secure boot: Microsoft shows up Linux

Secure boot: Microsoft shows up Linux

It's early days for secure boot, the new method that Microsoft is using to protect its desktop turf, but it would not be unfair to say that the company has succeeded in showing up the sharply fragmented nature of GNU/Linux.

Secure boot is a feature in the Unified Extensible Firmware Interface, the replacement for the motherboard firmware or BIOS. It has been implemented by Microsoft in a manner that effectively prevents easy booting of other operating systems on machines which have secure boot enabled.

An exchange of cryptographic keys takes place at boot-time so that a system can verify that the operating system attempting to boot is a genuine one, and not malware. There are further key exchanges along the way. Since Microsoft controls the key-signing authority, everyone who wishes to boot an operating system on hardware certified for Windows 8 has to buy a Microsoft key.

The fact that secure boot would be used in Windows 8 was known last September. The ideal solution would have been for all the Linux distributions, plus other companies that depend on Linux for their profits, to band together under the Linux Foundation and use their combined clout to influence things with hardware vendors.

Instead, the distributions have been unable to do anything except to work separately to devise solutions to cope with the technology. The bigger distros — Red Hat, Ubuntu and SUSE — have each devised their own methods of getting their operating systems to boot on machines with secure boot. The biggest free distribution, Debian, has still not said publicly what it will do.

(Update, January 4, 2013: Initial official announcements: Red Hat, Ubuntu and SUSE (1 and 2).)

The smaller distributions will probably have to depend on an act of charity to get their systems working on secure boot systems.

That act of charity has come from kernel developer Matthew Garrett who has created a shim or first-stage bootloader, and obtained a cryptographic key from Microsoft, for the purpose of signing it, with his own money. Using this, the smaller distributions can follow a procedure which he has outlined to cope with the barrier of secure boot.

When it became evident that the Linux companies would take an each-man-for-himself attitude, the Linux Foundation came up with an idea similar to that which Garrett has implemented.

The difference is that it has, thus far, failed to overcome the bureaucracy within Microsoft's ranks and complete the procedure. Garrett has been able to do what the Foundation, which blows its own trumpet quite a lot within restricted circles, could not do.

A pretty simple ploy would have been for the so-called Linux community — it looks like a collection of disparate tribes at times like this — to use the media, and the clout that it enjoys by virtue of the widespread use of the kernel in businesses, to put the onus on hardware vendors to co-operate in devising a solution. Many media outlets are sympathetic to Linux and never write a negative word about it.

But when it comes to using the media, the Linux community is in grade 1. Or probably in kindergarten. It works in a highly insular manner, preaching to the converted, and forgetting that there is a vast, thirsty audience out there, looking for good computing software.

It is not as though there is no talent in the ranks of the Linux community to come up with a solution and an elegant one at that.

Back in 2005, when the kernel project faced a crisis after Larry McVoy, the owner of the proprietary source code management system used by Linus Torvalds, said he was withdrawing the use of the free version of the system, Torvalds himself came up trumps with a SCM system called git, which was knocked together in next to no time. A few others, all talented individuals, put their hands to the wheel as well and there was barely a hiccup in the development process.

But that was then. This is now, when there is more than just a touch of arrogance in Linux circles because of the way usage has grown. Never mind that Linux is barely a whisper on the desktop, it dominates several other spaces. Why, Linux people even feel proud that Android is dominating the mobile arena, forgetting that the only truly free element in that system is the kernel.

Secure boot has exposed the Linux community as a fractured entity that cannot pull together. It has inconvenienced ordinary people who often take up use of the system after testing out a downloaded CD/DVD. At the moment only one DVD (corrected) can be booted on a Windows 8 computer with secure boot – Ubuntu 12.10 64-bit. And there are more than 300 distributions.

True to form, even the fact that this Ubuntu DVD would boot on Windows 8 certified machines was never widely disseminated. Once again, it can only be put down to sheer arrogance – after all the whole world knows about Linux, so they should know that fact too, shouldn't they?

You'd have to wonder – when will people ever learn?


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.