It would be nice to have Microsoft come right out and tell us that other operating systems can boot by disabling the secure boot of UEFI but it’s not that simple. First off, if you’re unaware, UEFI is a new bios proposal from Microsoft they’re mandating be used in order to place Microsoft stickers and potentially other types of branding for pc’s running Windows 8.
This is what we have now:
With UEFI this is what we’ll get:
UEFI may not choose to recognize GRUB or any other bootloaders depending upon how its’ implemented. At least that is a partial fear brought forward by the new security features of UEFI designed to keep Windows 8 safe from highly sophisticated malware attacks. “A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.” That’s an issue, but Microsoft has come forward and explained this further.
“For the enthusiast who wants to run older operating systems, the option (disabling secure boot) is there to allow you to make that decision,” said the Microsoft blog post. (The statement didn’t specify whether this is a reference to older versions of Windows only or if it also applies to Linux and other operating systems.)
In the comments section of the post, Windows President Steven Sinofsky got a little closer to directly addressing the issue, noting “How secure boot works with any other operating systems is obviously a question for those OS products :-).”
As long as the manufacturers don’t remove the option to disable secure boot then there shouldn’t be a problem. The operating system lock-out only occurs when secure boot is enabled. I doubt that Microsoft will give their keys for secure boot to anyone other than Novell unless they’re ready to pay for licensing the patents that Microsoft insists that linux infringes upon. That along with paying for the actual key too, I don’t believe that Redhat, Canonical and others will be too happy about that. Once again, this is only if you want a linux distro that supports secureboot. It’s a nice feature of UEFI but it’s not needed to run an operating system.
Even better, linux and other open operating systems have a way to counter UEFI. It’s called “coreboot”. I believe that the Free Software Foundation, a non-profit that works to protect peoples digital freedom, should make coreboot a priority project and to market it to hardware manufacturers to be used in place of UEFI (for those that don’t require the Windows 8 logo). Even better, why not assist in the development of coreboot so that it may have the ability to either initialize or be initialized from UEFI? It may be a bit impractical to support two loaders in some cases but it’s bound to have the ability to increase security without taking away control and choice from users.
Coreboot is licensed under the GPL and is open source. With those two attributes, coreboot will easily be available for use by pc manufacturers while allowing for development by more than just a single corporation. Heck, even you could contribute to the project if you wanted to do so. Coreboot benefits more than just *nix, bsd and other open, free and non-Windows 8 operating systems. UEFI’s secureboot features are only supported in Windows 8 at the moment, those features can be copied or improved upon by coreboot and then added to other operating systems if they ever truly become a necessity.
I believe that there’s very little to be concerned about today and in the future. Companies are entities that exist for the sake of doing business to obtain money. They do not want to lose it nor waste it, just like most people. Why would they not add the ability to disable secureboot when they will have to deal with the passionate folk that it affects? It only takes a few seconds to remove the ability to disable secureboot feature of UEFI, it can take many hours to get a power user off of the phone with technical support that was caused by removing this ability.