is this true

David Vincent dvincent at
Fri Sep 30 02:10:39 UTC 2011


That said, the problem would be relatively easy to solve if it wasn’t 
for certain peculiarities in the way Linux software is typically 
licensed. Linux vendors could certify a key to be used with UEFI secure 
boot and include this key in Linux boot loaders so they can pass this 
security checkpoint. The important thing here is that this key needs to 
stay secret, and the only way to make sure it stays secret while 
distributing it as part of Linux boot loaders is for it to be in binary 
form (no source code).

This is where we get to the core of the issue. Most commonly used Linux 
boot loaders, GRUB and GRUB2 are licensed under GPL, a license which 
denies embedding proprietary code in it, and requiring a secret key to 
function. GRUB2 is licensed under GPLv3 which makes this explicitly 
denied, whereas it is a gray area in GPLv2. As gray as it may be, 
however, exploiting it would run against the spirit of the license which 
is what fueled the strictness in GPLv3 to begin with.



More information about the ubuntu-ca mailing list