Making UEFI Secure Boot Work With Open Platforms

May 05, 2013
"UEFI Secure boot” is a technology that offers the prospect of a hardware-verified, malware-free operating system bootstrap process that can improve the security of many system deployments. Linux and other open operating systems will be able to take advantage of secure boot if it is implemented properly in the hardware. UEFI is meant to replace the Basic Input/Output System (BIOS) firmware interface present in all IBM PC compatible personal computers.

Personal computers bearing the Windows 8-certified logo will be required to ship with Microsoft Secure Boot enabled. Microsoft Secure Boot is a component of Microsoft's Windows 8 operating system that relies on the UEFI specification’s secure boot functionality to help prevent malicious software applications and "unauthorized" operating systems from loading during the system start-up process.

Unfortunately, this has raised concerns that Microsoft Secure Boot will make it difficult to install Linux or other operating systems on a Windows 8 computer.

Linux foundation has published a document that offers recommendations on how Linux can be successfully installed on PCs certified by proprietary vendors such as Microsoft.

Excerpt from the document(PDF) ...

To enable proper operation with open systems, all UEFI secure boot platforms should ship in setup mode, with no Platform Key installed. This enables the Platform Owner to take control of the platform securely by installing their own platform key or allowing the Operating System install process to do so.

[Source : Linux Foundation]