Should Linux Users be Worried About ‘Secure Boot’?

With the release date looming for Windows 8, I’m beginning to get a little concerned about what UEFI’s “Secure Boot” is going to mean for Linux users. Up to this point, I haven’t paid too much to it, so as to avoid spontaneously sucker-punching my monitor, but soon enough, ignoring it might not be an option. So what exactly is it going to entail for Linux users? Are we going to reach a point where we have to decide between using either Windows or Linux on one PC?

According to the Free Software Foundation, it could get quite that bad. While not likely to affect those who build their own PCs, it could affect those who buy off-the-shelf models, such as those from Dell, HP and so forth. In order for companies like these to ship with a “Windows 8 Compatible” logo, Secure Boot will have to be enabled. It’s been said that companies will be able to allow the user to disable it if they choose to, in the same way any other option in the BIOS/EFI can be adjusted.

The gist of it is this. If an OS doesn’t have a proper security certificate, Secure Boot will block it from loading. Microsoft’s reasoning for enforcing Secure Boot is to prevent user PCs from becoming infected with bootloader rootkits or other sorts of nastiness. Those opposing Secure Boot say Microsoft’s true reasoning behind it is that many pirated versions of Windows take advantage of the bootloader to pre-activate copies. The FSF calls it a “guise for security”.

Another quotable statement: “Without a doubt, this is an obstacle we don’t need right now, and it is highly questionable that the security gains realized from Secure Boot outweigh the difficulties it will cause in practice for users trying to actually provide for their own security by escaping Microsoft Windows.“

Whether or not you like Windows, not being able to easily install a second OS is ridiculous. It takes away freedom from the user, which more often than not, is not what someone using Linux is going for.

Over the past couple of weeks, both Fedora and Canonical have opted for less-than-ideal solutions. In almost all cases, booting into either OS will require a bootloader equipped with a Microsoft key. If that key is removed, then neither OS will continue to boot. Buying a Microsoft key is not complicated (supposedly), and it only costs $99, making it a minor issue for big distros. But users wishing to purchase keys for other distros, or even these same distros, but modified, is hardly a great option. As usual, it’d become a matter of paying Microsoft to use a competing OS – totally nonsensical.

If I were better-versed in Secure Boot, I would have turned this news post into an article, but alas, I have some studying to do. As it appears though, installing Linux (or FreeBSD or any other non-Microsoft OS) isn’t going to be as easy with future PCs as it has been up to this point. FSF is convinced that Microsoft’s pushing of Secure Boot is nothing more than a guise for the real issue (piracy or locking people into Windows), and I have a hard time disagreeing. There are obvious advantages to a system like Secure Boot, but this current iteration doesn’t favor most people.