SecureBoot For Linux – What It Means For The Little Guys

In my last post about SecureBoot for Linux I was a lot more positive. Let me focus on why there’s more to it than a cool new feature.

SecureBoot is a security technique that prevents untrusted (unsigned) code from starting up before the operating system. Many rootkits start before the OS in order to bypass antiviruses and other forms of protection. SecureBoot will put a stop to this and it should be very effective.

When Windows 8 is released all “Windows 8 Approved” hardware will ship with SecureBoot meaning that only signed software, and that includes operating systems, can boot. So how does Linux fit into this?

Well, an unsigned Linux distro won’t be able to boot. That means they either have to get their own signatures onto the hardware by working with OEMs or they have to pay Microsoft to use their key. (Actually they pay VeriSign, Microsoft provides a subsidy.)

Yep, distro owners now have to pay VeriSign 90 dollars if you want your Linux distro to run. Now, that’s really not a huge deal for anyone running something like Fedora or Ubuntu – Fedora has already stated that they will be doing so. But what about smaller projects? There are hundreds of distros and not all of them are going to be able to just send out 90 dollars – they already have costs for maintaining and developing the system.

Maybe 90 dollars isn’t a huge amount of money but the sheer principal of having to pay VeriSign to run an OS that isn’t theirs to control is pretty backwards.

Look at Hannah Montana Linux. Yes, we can joke and laugh, it’s a bit silly but the idea is that there is a Linux for everyone. Someone out there thought “Hey, I bet some kid out there would really like this and I’m going to go for it” and it’s ideas like that that make Linux so amazing. There is absolute freedom. Anyone can set up their own distro and Microsoft shouldn’t be able to do a damn thing about it.

And yet something like Hannah Montana might not happen in a world dominated by SecureBoot systems. It stops being “this’ll be a fun project that some kids will benefit from.” SecureBoot outright prevents really great systems from being built. It limits that potential. Asking a user to install or dual boot Linux now means asking them to disable security features provided by Windows or the Distro owner has to pay VeriSign.

tl;dr Hannah Montana is the epitome of Linux and Microsoft is trying to kill it.