Linux Foundation releases blueprint for UEFI Secure Boot
To address worries about the possibility of Microsoft using UEFI's Secure Boot functionality to lock out Linux and other open source operating systems, the Linux Foundation has published a report which examines UEFI and offers OEMs a blueprint on how to implement UEFI. In Making UEFI Secure Boot Work With Open Platforms – by James Bottomley, Foundation Technical Advisory Board Chair and CTO of Parallels, and Jonathan Corbet, board member and editor of LWN.net – the paper explores the functionality of the "bit dense" 2169 page UEFI specification and concludes that although Secure Boot is a useful mechanism, work will need to be done with OEMs to ensure that customers can install their own keys. A similar conclusion is reached in a paper co-authored by Bottomley, Red Hat Developer Matthew Garrett and Canonical Technical Architect Jeremy Kerr: "Secure Boot Impact on Linux".
Last month when Matthew Garrett raised the issue it was feared that Microsoft's requirements for Windows 8 would see OEMs shipping firmware which only had Microsoft's platform key (PK) installed and which would only be able to securely boot Windows 8. Microsoft responded to the concerns saying they weren't attempting to lock out any other operating systems, but it was pointed out that, intentional or not, this would be the effect of their current plans. The Free Software Foundation then launched a call for OEMs to implement an open and fair version of UEFI Secure Boot, but did not offer any technical suggestions on how that would be achieved.
The Linux Foundation paper calls Microsoft's plans "counter to the UEFI recommendation that the platform owner be the PK controller" and says that it is "a legitimate choice for an informed user to make voluntarily". Both papers suggest that all platforms which enable Secure Boot should ship in "setup mode" which would give the system owner control of the Secure Boot system. Initial startup of an operating system should then detect that setup mode and install a KEK (key-exchange-key) and PK to enable Secure Boot. The system would then securely boot that operating system. When a user needed to take control of their system's secure boot, a "reset" option for UEFI's keys would allow those keys to be cleared and a different operating system installed. Microsoft's Windows 8 could also be pre-installed in the same way; the UEFI reset would then unlock the machine for other operating systems.
The Linux Foundation paper also explores the more complex possibilities of creating a trust model for UEFI, support for dual booting and how booting could be done from external media. Implementation of the full recommendations would need industry-wide cooperation, an issue beyond the scope of a technical paper. The Canonical/Red Hat paper asks for OEMs to generally allow Secure Boot to be disabled, but only through physical access to the system, and go further in their UEFI implementations to also add a standardised mechanism for configuring keys in firmware.
(djwm)