October 28, 2011, 6:00 AM — The Linux Foundation has made its own response to the potential problem of UEFI secure boot being required for any device authorized to run Windows 8 with a technical whitepaper that describes how the problem can be avoided.
Update: The Linux Foundation is not the only organization putting their two cents in. Interestingly, Red Hat and Canonical also released a joint whitepaper of their own at the same time Friday morning. The Red Hat/Canonical whitepaper makes similar and more specific recommendations, and is authored by James Bottomley, Matthew Garrett, and Canonical's Jeremy Kerr.
The whitepaper itself is not a hard-and-fast solution: it contains recommendations for hardware manufacturers and users. And at least one of these recommendations may call for the creation of something the Linux world has never had: a vendor-neutral certificate authority.
Before getting into the specifics of the Linux Foundation's recommendations, here's a quick review of what's going on:
In September one of the authors of the Red Hat/Canonical whitepaper, Red Hat developer Garrett, raised the concern that according to the new Windows 8 logo rules from Microsoft, all Windows 8 machines will need to be have the Unified Extensible Firmware Interface (UEFI) instead of the venerable BIOS firmware layer. Further, the system must support secure booting, which means that "all firmware and software in the boot process must be signed by a trusted Certificate Authority (CA)," according to slides from a presentation on the UEFI boot process made by Arie van der Hoeven, Microsoft Principal Lead Program Manager this fall.
After some community attention on Garrett's initial and subsequent blog posts on the issue, the open source and free software communities erupted into a fury: if OEM vendors implemented these features without some sort of loophole that enabled other operating systems to be loaded onto these machines, then native Linux operations on Windows 8 logoed machines would be impossible.
Many, including myself, speculated that while secure boot is a very good feature for any machine (especially one running virus-prone Windows) to have, Microsoft surely wasn't going to shed a tear if this secondary result of UEFI secure boot happened.