Canonical will use Intel's efilinux in Ubuntu for UEFI secure boot

Tweet
Facebook
Google plus
Send to

LINUX VENDOR Canonical will drop Grub 2 in favour of Intel's efilinux as its bootloader in order to comply with Microsoft's UEFI Secure Boot.

Following Red Hat's Fedora project announcing its plans to ensure that its Linux distribution will not fall afoul of Microsoft's UEFI Secure Boot mechanism, Canonical has detailed how it plans on working with Microsoft's 'security feature'. The company will dispense with Grub 2, a Linux bootloader that it put significant work into, and modify Intel's efilinux bootloader to add a menu interface.

In an email to the ubuntu-devel mailing list, co-authors Steve Langasek, Colin Watson and Jeremy Kerr said Canonical has generated an Ubuntu signing key to use with UEFI, with the private key being stored on the firm's Launchpad servers. The authors said that this key will be used to sign bootloader images and distribute them in the Ubuntu archive.

For machines that come preloaded with Ubuntu, Canonical will store the Ubuntu key in firmware. The company will require machines that have "Ubuntu certified" labels to have the Ubuntu key stored in the UEFI signature database.

Canonical will not get into the business of signing third-party images according to the email. "We are not planning to provide an alternative to Microsoft's signing infrastructure, only an additional key; so we have no current plans to implement a signing service using the Ubuntu key," said the email authors.

Canonical said it will require the Microsoft key to be present on machines that are Ubuntu certified so users can install Microsoft's Windows operating system if they wish.

Although Canonical and Red Hat, two of the three largest commercial Linux vendors, have announced their plans to support Microsoft's UEFI 'secure boot' initiative, there's still no word on what Suse and the myriad other Linux distributions will do. µ