The Linux Foundation has proposed a solution for the current conundrum Linux is facing, with the introduction of Secure boot specification for UEFI.
UEFI, Unified Extensible Firmware Interface, or as the Linux community calls it “The Secret Plan of Microsoft to Take Over the World” (cue evil laughter), is thought more as a necessary evil.
Unfortunately, the implementation of Secure boot has proven to hinder the development of Linux distributions. Secure boot can prevent the loading of an operating system that is not signed with an acceptable digital signature.
The Linux Foundation has found a solution to this problem, as explained by James Bottomley, from Linux Foundation Technical Advisory Board.
“The Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system),” said Bottomley.
The pre-bootloader has a few protections in place, insuring that it cannot be used as a vector for any type of UEFI malware to target secure systems.
This pre-bootloader can be used either to boot a CD/DVD installer or LiveCD distribution or even boot an installed operating system, in secure mode, for any distribution that chooses to use it.
Microsoft has yet to provide a signature, but The Linux Foundations says it is just a matter of time. The pre-bootloader will be available to download from their website.
James Bottomley also provided some technical details about the project. “The real bootloader must be installed on the same partition as the pre-bootloader with the known path loader.efi (although the binary may be any bootloader including Grub2). The pre-bootloader will attempt to execute this binary and, if that succeeds, the system will boot normally,” stated The Linux Foundation representative.
More information about the pre-bootloader will be made available once The Linux Foundation obtains the Microsoft key.