The FSF weighs in on UEFI Secure Boot
The Free Software Foundation (FSF) has published a white paper commenting on the UEFI Secure Boot plans as detailed by the Fedora and Ubuntu Linux distributions. Generally commending Fedora for an approach that enables users to boot using Secure Boot and their own keys, the FSF criticises Canonical's plans for Ubuntu. This is because the distribution plans to drop the GPLv3 licensed GRUB 2 bootloader over fears that under this licence, users might compel it to divulge its signing keys.
According to the FSF's Executive Director John Sullivan, the fear that Canonical might have to release the private key used to sign its boot loader is "unfounded and based on a misunderstanding of GPLv3." The FSF's position is that should a customer receive a computer with only an Ubuntu key installed and a UEFI configuration that does not allow them to disable Secure Boot, it would be the manufacturer's responsibility to divulge the signing key to the customer. Canonical on the other hand, does not seem to want to put itself in a position where this problem could even arise, opting instead for using a non-GPLv3 boot loader instead.
Where the FSF's white paper states that "no representative from Canonical contacted the FSF about these issues prior to announcing the policy", an email by Canonical employee Colin Watson on the issue states that the company had indeed contacted the FSF and that the foundation responded in a way that did not reassure Canonical. "They certainly didn't say that we were safe, rather the reverse", Watson writes. He goes on to say that if the FSF were ever to assure them that using GRUB 2 would not put them at risk of having to disclose their private key, Ubuntu would most likely reverse their stance on the issue. Since his email dates from before the release of the FSF's white paper, it is not clear if Sullivan's assertion that the GPLv3 does not require such a disclosure of keys is enough to make Canonical reconsider.
The Fedora project is getting around the requirement of disclosing its boot loader keys by signing only a shim boot loader with the key it has received from Microsoft and VeriSign; this shim boot loader is not licensed under the GPLv3 and can then load GRUB 2 signed with Fedora's key. This shim boot loader will also load a GRUB 2 boot loader signed with any other key available in the firmware, a factor that is under the control of the equipment manufacturers or the user. Since Canonical is working directly with OEMs to get its key included in device firmware, the company is more worried about having to disclose its keys.
(fab)