Submit A Tip Alternative Tip Form

Ubuntu to Use Signed GRUB2 Bootloader for Secure Boot

A signed version of GRUB2 that will enables Ubuntu to work with Secure Boot devices is to be added to Ubuntu 12.10.

This approach is different to the one Canonical previously announced in which they decide ‘for security reasons’ to use a custom non-GRUB based bootloader – a decision for which they were publicly admonished by the Free Software Foundation.

But, as is developments prerogative, that plan has come unstuck. Ubuntu 12.10 will now use a GRUB2 based bootloader.

So why the change?

Well, to be it succinctly, Canonical were wrong to be worried. The legal-come-security issues that made them wary of using GRUB2 were unfounded.

At the time they said:

“…in the event that a manufacturer makes a mistake and delivers a locked-down system with a GRUB 2 image signed by the Ubuntu key, we have not been able to find legal guidance that we wouldn’t then be required by the terms of the GPLv3 to disclose our private key in order that users can install a modified boot loader. At that point our certificates would of course be revoked and everyone would end up worse off.”

But that is not the case, as Canonical’s Jon Melamut explains:

“…the Free Software Foundation (FSF), who owns the copyright for Grub 2, …has stated clearly that Grub 2 with Secure Boot does not pose a risk of key disclosure in such circumstances.

We have also confirmed that view with our OEM partners, and have introduced variations to the Ubuntu Certification program and QA scripts for pre-installs to ensure that security and user choice are maintained on Ubuntu machines.”

Colin Watson added more detail in a posting to the Ubuntu Developer Mailing list:

“To mitigate the issues with preinstalled systems that we talked about previously, we’ll be adding compulsory test cases to ensure that Canonical validates that every system we test has an option to disable secure boot and an option to install user certificates; and we will retain fallback plans involving efilinux in the case of serious error, although we hope we won’t need to use them.

For Ubuntu 12.10, this will be based on GRUB 2.00; we will also use a number of Fedora’s patches against 2.00 that are relevant to secure boot.  I’ve just uploaded most of the necessary packaging, although we still have some details to iron out.  For Ubuntu 12.04.2, where 2.00 would be much too big a change to deliver in a standard update, this will either involve a sequence of targeted backports to GRUB 1.99, or a separate package just for this case if that turns out to be infeasible.”

Canonical say that they are ‘confident’ that everyone – from OEMs to users like you and I – are getting ‘the best, most secure, and safest solution with Ubuntu’s implementation of Secure Boot.’ 

And the Free Software Foundation seem happy too. They released a statement saying:

“We are pleased with Canonical’s decision to stick with Grub 2. We know that the challenges raised when trying to support true user security without harming user freedom — Secure Boot vs. Restricted Boot — are new for everyone distributing free software.

This is the situation for which GPLv3 was written, and after helpful conversations with Canonical, we are confident the license does its job well, ensuring users can modify their systems without putting distributors in untenable positions.”

So it’s good new all round.