October 31, 2011, 2:03 PM — There's been considerable concern in recent weeks over the secure boot mechanism planned for Microsoft's upcoming Windows 8, primarily among Linux users and others worried that the technology will make it impossible to run alternative operating systems on Windows 8 certified PCs.
On Friday, however, the Linux Foundation added its own voice and perspective to the mix with an explanation of why secure boot doesn't necessarily have to be a bad thing for Linux users.
'If It Is Implemented Properly'
Secure boot offers "the prospect of a hardware-verified, malware-free operating system bootstrap process that can improve the security of many system deployments," write Linux Foundation Technical Advisory Board Chair James Bottomley and Technical Advisory Board Member Jonathan Corbet in the group's six-page document (PDF).
"Linux and other open operating systems will be able to take advantage of secure boot if it is implemented properly in the hardware," they add.
That's a big "if," of course, and the paper makes several key recommendations to help ensure that happens.
'The Only Bootable Operating System'
At the heart of the Unified Extensible Firmware Interface (UEFI) secure boot protocol are Platform Keys (PKs)--which are designed to be controlled by the owner of the hardware in question--and Key-Exchange Keys (KEKs), which are controlled by the hardware and operating system vendors, the paper explains.
"This separation is vital because it allows the platform owner to decide which keys they trust without compromising the ability of the KEK controllers to assure themselves that the OS booted securely," Bottomley and Corbet write.
The implementation of UEFI described by Microsoft's Steven Sinofsky, however, "runs counter to the UEFI recommendation that the platform owner be the PK controller and would ensure that the Windows operating system would then become the only bootable operating system on the platform," the paper notes.