As you may recall, I wrote a blog about linux and the problems with UEFI secure boot a while ago. Since there have been some changes regarding secure boot in the linux world recently, this calls for an update.
My blog was mostly about the tendency of linux developers placing the importance of their software license (and Microsoft-hatred) above everything else. However, Fedora has stepped forward as a more pragmatic distribution, and they have found a solution to the secure boot problem. Namely, they simply wrote a bootloader that does nothing more than just load Grub as usual. However, because the bootloader now sits between the UEFI boot and Grub itself, only the bootloader needs to be signed with a key that is recognized by the UEFI secure boot.
They have decided to sign the bootloader via the Microsoft sysdev portal. It is not free, then again, what in this world is? You don’t get your hardware for free either. Developers have to make some investments in order to develop their software, even if it’s open source. The cost is a one-time fee of $99, which is hardly a big deal for any of the larger linux distributors.
I was pleasantly surprised to see that Linus Torvalds actually supported this move by Fedora. As Linus commented:
“I’m certainly not a huge UEFI fan, but at the same time I see why you might want to have signed bootup etc. And if it’s only $99 to get a key for Fedora, I don’t see what the huge deal is.”
Well, that’s the proper attitude. It might not be ideal (then again, what in this world is?), but it is a small price to pay to ensure that even people with a system where UEFI secure boot cannot be disabled, can run a linux distribution out-of-the-box.
There, problem solved, now was that so hard? I wonder how many linux developers will change their stance, now that their big Finnish leader has shown the way.