The main concern was that there are many UEFI motherboard manufacturers and getting the certificates included in each of them would not be an easy task for non-commercial open source communities since it would require a lot of time and money. All the binaries needed to be signed in with certificates from the binaries' vendor, and this was indeed a tough task. And this certificate which signed those binaries had to be imported to the UEFI, which would enable that particular operating system to function securely. The problem would arise when a hardware vendor would not allow disabling Secure Boot from the setup menu and does not install certificates from other operating systems.
In that case, the users who buy the computers with such capability will not be able to make use of open source Linux operating systems either through dual boot or single boot Linux since the secure boot feature would need the certificate from that particular operating system. The protests have taken form of Facebook pages like “Stop the Windows 8 Secure Boot Implementation” and campaigns like “Will your computers Secure Boot turn out to be Restrictive Boot” being created.
Until and unless the public key of each open source operating system was available to the hardware vendor, GNU/Linux users would fail to enjoy the combination of secure boot with the inherent security of Linux and if the option to disable the secure boot was not incorporated in that particular hardware by the vendor then life would certainly become very difficult for Linux users.
This secure boot initiative would prohibit tech people from implementing their own custom Linux flavors, and restrict them to using only what the manufacturer of the computer wants them to. The Certifying Authority (CA) would be incorporated by the computer manufacturer and he would ultimately decide whether a particular operating system has to be included or not.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.