The free software foundation has started a campaign to prevent restricted boot from becoming an industry standard in hardware. If you were living under a rock lately, restricted boot is exactly the kind of evil that will kill the PC, as we know it. Restricted boot is being sold as UEFI and although it is marketed as a security feature, it is a well-devised mechanism to create a vendor lock-in for Windows 8. That means, if your PC is secured with UEFI 2.2, you will not be able to install any operating system whose bootloader is not signed.
Although the original EFI specification was developed by Intel, it was done with the Windows OS in mind. With this move, custom kernels will be a thing of the past, as the kernel must be signed with the developer’s private key and the OEM should ship its PC with the required key alongside the Microsoft key.
Currently, the campaign by FSF has gathered 40,000 signers who support the FSF in this movement, and want to rid the world of this evil. The campaign’s appeal page goes here, and it outlines plans for the next year.
Currently, Ubuntu Linux 12.10 supports UEFI secure boot by loading GRUB though a workaround, and then proceeding with the boot. Beside this workaround, Canonical also has its private key, which will be used on certified OEM PCs. From what it seems, you need to be a big corporation to be able to fiddle with an x86 PC now.
The Linux Foundation also announced back in October that it would start working on its own version of a minimal UEFI bootloader signed with Microsoft’s key. However, it is still waiting for Microsoft to give them a signed pre-bootloader.
After a decade of development, GRUB2 has been released officially, and it brings some major improvements to GRUB. Though, it hardly caught anyone’s attention, as GRUB2 is already being used by most major distros for the last three years. Although the version used by these distros was a pre-release of GRUB2, it was more or less feature complete.
The release was announced on the GNU GRUB official mailing list:
I’m proud to announce the release of GNU GRUB version 2.00.
Since this version has a round number it has been paid special attention to, and hopefully, represents higher quality.
This is the first time we include an official theme (starfield).
This version also includes EHCI driver.
Support for using GRUB as firmware on Yeeloong was added in GRUB 1.99, and for 2.00 this support has been extended to Fuloong2F as well.
This is also the first time we release itanium and SGI mips port. Later is experimental due to problems encountered with its firmware.
This new release brings a new menu structure with submenus, a new theme for gfxmenu and support for new platforms. It also brings new drivers for AHCI, EHCI, EFI serial etc. Apart from these, there is support for new filesystems, performance improvements and better internationalization. However, as mentioned earlier, most of these features are already present in running versions of GRUB2.
There is an interesting discussion on Slashdot about the current state of vendor-lock in for hardware. On one hand, we have GPLv3 that restricts hardware locking, and on the other hand, there is Microsoft which is hell-bent on pushing secure boot and killing the Linux ecosystem on x86 systems. There should be fair laws safeguarding us from vendors and corporations forcing their decisions down our throat.