Attempting to arrive at a solution to a complicated issue, the Linux Foundation has introduced a possible way that smaller Linux distributions can be run on machines using UEFI (Unified Extensible Firmware Interface) technology.
Linux Foundation technical advisory board member James Bottomley has posted a description of software that the foundation has developed to allow small and homegrown Linux distributions to run on new computers that have UEFI, also know as "secure boot" technology, installed.
[ The Bossies are back, bigger and badder than ever! Check out the top open source products of 2012, as selected by InfoWorld. | Track the latest trends in open source with InfoWorld's Technology: Open Source newsletter. ]
"It is a good initiative, one that addresses the different use cases" of how people use Linux, said Gerald Pfeifer, director of product management for SUSE, which offers the commercial-grade SUSE Linux distribution.
SUSE, however, has no plans to use the foundation's approach for its own enterprise Linux distributions, and instead will use another approach that takes full advantage of UEFI's capability of securing machines. Red Hat, which did not immediately comment on the issue, appears to be following a similar approach, judging from blog entries from company engineers. Canonical did not offer an immediate comment.
How Linux should work with UEFI has been a hot topic in the Linux community for well over a year.
The controversy centers around how to implement UEFI, an industry initiative to secure computers against malware by designing the computer's firmware to require a trusted key before booting. UEFI would provide a foundation for a chain of trust that would connect all the way up to the software layer, which could thwart attempts to install illicit, and harmful, software on computers.
Microsoft is requiring UEFI on all Arm-based machines running Windows 8, and many OEMs (original equipment manufacturers) will start placing the technology on x86-based machines as well. Linux observers expect that many machines will not run Linux at all, unless they have a UEFI trusted digital key.
Microsoft, through Verisign, is providing keys for third-party software to run in trusted mode on these machines, for a one-time $50 fee. The question the Linux community faces is how to provide keys for Linux distributions to run on UEFI machines in a way that does not lock out open-source software programs written by volunteers.
Over the past year, SUSE, Fedora and Canonical have all developed proposed solutions to this problem, mostly through the use of shims, or software workarounds and digitally signed kernels. This approach, however, has been met with criticism because it does not provide a way for the smaller or home-built Linux distributions to run on UEFI machines since each shim is built for its own specific distribution.
Now, the Linux Foundation's technical advisory board has proposed a possible solution.