UEFI Secure Boot and Ubuntu - implementation

Matthew Garrett mjg59 at srcf.ucam.org
Sat Jun 23 03:21:33 UTC 2012

On Fri, Jun 22, 2012 at 12:04:29PM +0100, Steve Langasek wrote:


> we have not been able to find legal guidance that we wouldn't then be 
> required by the terms of the GPLv3 to disclose our private key in 
> order that users can install a modified boot loader.

Have you talked to the FSF about their position on this? They're the 
sole copyright holder of grub 2, so any position they'd publicly take 
would be pretty relevant in terms of potential legal action.

> Therefore, we will only be requiring authentication of boot loader
> binaries.  Ubuntu will not require signed kernel images or kernel
> modules.

How are you going to prevent your bootloader from being used to launch a 
trojaned Fedora kernel, for instance? This is the kind of decision that 
doesn't just affect Ubuntu, it has ramifications for the security model 
that other distributions use. This makes it impossible to implement any 
kind of signed userspace unless the user explicitly revokes the Ubuntu 
bootloader first or uses their own trust chain.

> As announced earlier today, we've generated an Ubuntu signing key for
> use with UEFI.  The private half of this key will be stored securely on
> our Launchpad infrastructure, which will be responsible for signing boot
> loader images and distributing them in the Ubuntu archive.

I'm not fully clear on this. If the bootloaders you distribute in the 
archive will be signed with your key, how do you get your key installed 
on existing systems? Or will there be two bootloader packages, one 
signed by Microsoft and one signed by you, with the first chaining to 
the second?

Matthew Garrett | mjg59 at srcf.ucam.org

More information about the ubuntu-devel mailing list