Ubuntu will use GRUB 2 for its Secure Boot implementation
In a blog post, Canonical's VP of Professional & Engineering Services, Jon Melamut, has announced that the company now plans to use GRUB 2 for its UEFI Secure Boot implementation in the next version of Ubuntu, 12.10 "Quantal Quetzal". This is a change from earlier plans of using an EFILinux bootloader. Canonical had originally shied away from GRUB 2 among concerns that the software's GPLv3 licensing could force it or its OEMs to disclose the encryption keys used in securing the boot process.
Back in July, the Free Software Foundation (FSF) had stated its interpretation of the licence, saying that it would be the hardware manufacturer's responsibility to divulge signing keys, not Canonical's. The FSF holds the copyright to GRUB 2 and publishes the GPL and other licences. Canonical had been in talks with the FSF back then, but decided to eschew GRUB for its distribution, nonetheless. In its most recent post, the company behind the popular Ubuntu Linux distribution now says that it is satisfied with the FSF's assurances and will use GRUB 2 in Ubuntu 12.10 and Ubuntu 12.04.2 LTS as its default bootloader.
Canonical also states that it has discussed this position with its OEM partners and adapted its Ubuntu Certification program accordingly. However, the blog post does not mention how the company plans to address the possibility that its OEM partners might be compelled to divulge the Secure Boot keys as a result of the GPL.
Meanwhile, Fedora and openSUSE have settled on using a "shim" bootloader upstream of GRUB 2 with a system that will allow users to boot the system with their own signing keys. The FSF had lauded this solution as it neatly sidesteps the key disclosure provisions in the GPL by giving users the opportunity to modify this part of the boot process without compromising the security of Secure Boot in the process.
- Free Software Foundation recommendations for free operating system distributions considering Secure Boot, a white paper by the FSF.