Canonical and Red Hat recommend choice in the Secure Boot

Canonical and Red Hat

Few weeks ago, Microsoft announced extra requirements to be added to hardware vendors that want to ship Windows 8 systems, among which one particular component, Secure Boot, triggered natural opposite reactions from thousands and thousands of choice-lover users.

This against-approach was and still is generated by the possible removal of choice when one buys a Windows 8 machine and it is forced to stick with Windows OS, making the dual boot out of the question.

"Secure Boot is designed to address the potential for malware to insert itself between the firmware and the operating system on your computer. It accomplishes this by enforcing that only “approved” software is able to boot in your computer by way of a key that recognises pre-approved and signed software".

The problems are quite important and difficult (especially for non IT-skilled persons) because the system won't boot if the predefined key is "unmet", consequently, all of the "unapproved" software will stop the computer at boot (Secure Boot is mainly about signing and "approving" software with keys defined by remains-to-find-out, no centralized place is "born" yet)).

At the moment, this is in its birth stage, but, Windows 8 Secure Boot-able machines are to land in early 2012 (the scale/percentage of it is to be seen), and, if would be as of today, the users will probably have to only use Windows 8 on that machine, with the high risk of being targeted as "unapproved" when they will handle the regular replacements of their hardware with, let's say, pieces from a small hardware vendor.

Canonical and Red Hat have just published recommendations, advices and how-to's, combined in a white paper, clarifying some misunderstandings (Secure Boot has advantages, too) and clearly defining the steps and approach that are to/should be followed:

  • Secure Boot should be available to all users
  • System manufacturers to include a mechanism to configure user's own list of approved software
  • probably, the most important, PCs should include a User Interface to permit users to easily enable/disable the Secure Boot