Fedora Linux capitulates to Microsoft boot certificate

To run on UEFI-secured machines, the next version of Fedora will use a digital key from Microsoft

By , IDG News Service |  Open Source

In order to get its Linux distribution to run on the next generation of secured desktop computing hardware, the Fedora Project will obtain a digital signature from Microsoft, a developer from the project announced Wednesday.

"This isn't an attractive solution, but it is a workable one," wrote Matthew Garrett in a blog post on Wednesday. "We came to the conclusion that every other approach was unworkable."

The next release of the open-source distribution, Fedora 18, due in November, will be the first version able to run on computers that use UEFI (Unified Extensible Firmware Interface), which requires the operating system to furnish a digital key before it can be run by the machine.

With the growing adoption of UEFI among hardware developers -- largely at the behest of Microsoft -- the Fedora Project faced a number of alternatives, none of them completely satisfying, Garrett said.

Fedora could ignore the request for a digital certificate. This would require users to fiddle with their firmware settings, though, which would make the software less usable for those less technically inclined. "The cause of free software isn't furthered by making it difficult or impossible for unskilled users to run Linux, and while this approach does have its downsides, it does also avoid us ending up where we were in the 90s," Garrett continued. "Users will retain the freedom to run modified software and we wouldn't have accepted any solution that made that impossible."

Another possibility: Fedora could produce its own key. This approach, however, would require buy-in from each hardware manufacturer, which would be difficult to achieve and may result in long lists of computers and components that would be compatible with Fedora. It would also leave out other, smaller, Linux distributions, such as Slackware, which may not have the resources to manage their keys.

The Fedora Project also looked into producing a key for all Linux distributions. This approach, however, would end up costing millions of dollars and take a lot of time, neither of which most Linux distributors would have the resources to cover.

Join us:






Answers - Powered by ITworld

Ask a Question