Jon Melamut
on 22 June 2012
In October 2011, Canonical discussed our activities and recommendations related to Secure Boot, including recommendations for OEMs. Since that time, we have continued to consult industry partners, the technical community and users on the topic. Today’s post provides an update on how Ubuntu will implement Secure Boot for 12.10.
The Secure Boot portion of the UEFI spec defines how computers boot. In a nutshell, Secure Boot requires a digital key to boot a computer in order to reduce the possibility of an attack in which malware tries to control the boot process of your computer. Secure Boot will be widespread on new computers bought in the coming year.
As a Contributor Member of the UEFI Forum, Canonical engaged early in the UEFI specification process and invested significantly in ensuring that Secure Boot preserves the ability for enterprise and consumer users to choose their operating system, particularly on machines that come with Windows pre-installed at the factory. We authored and engaged with others to co-publish a whitepaper entitled “Secure Boot impact on Linux”, attended plugfests to advocate for software choice, and worked to ensure that the specification retained sufficient options to preserve the rights of users.
That work continues and we’re committed to ensuring that Ubuntu will work smoothly with Secure Boot enabled hardware. In addition to investigating Microsoft’s recommendation to participate in its WinQual program, Canonical has generated an Ubuntu key, and we are in active discussions with partners to implement simple ways for enterprises and consumers to use this key. These conversations have not concluded, and as a result we cannot detail the plans of our OEM partners yet.
For users who download Ubuntu directly we are working on a revised bootloader for 12.10 to ensure that Ubuntu continues to provide the “it just works” experience that our users expect. If you’re interested in understanding the technical details or would like to contribute to this area then please join the conversation on the development mailing list.
We’re committed to ensuring that Ubuntu provides a secure, world class user experience on all machines.