Last month the Linux Foundation announced their UEFI SecureBoot plans for dealing with Microsoft Windows 8 PCs. Their plans basically equated to legally obtaining a Microsoft key and signing a small pre-bootloader that in turn could chain load a predesignated boot loader that would in turn boot Linux or any other operating system without having to deal with the SecureBoot mess. The signed pre-bootloader will be available from the Linux Foundation web-site for anyone to use along with the source-code, albeit not their private key. The foundation is still working to obtain a SecureBoot key and their SecureBoot focus has just been for x86 hardware.
With Linux users wondering why the Linux Foundation isn't diving into some SecureBoot solution for ARM, James Bottomley wrote a lengthy explanation. The reasons that ARM SecureBoot isn't being actively pursued include:
- Windows dominates on desktop PCs where as in the ARM space Apple and Android are dominating. Nearly all desktop PCs from major vendors are Windows 8 certified -- thus the SecureBoot mandate -- where as right now in the ARM mobile/embedded space there isn't the Redmond dominance.
- All Apple iPhones and iPads -- most of the devices out there -- are already locked down. If the Linux Foundation were to attack Microsoft in this space, they would also need to attack Apple and there's very little chance Apple would become more open with their devices.
- A lot of Android devices are locked down too. However, at least in recent times, more Android vendors have become more open about allowing their devices to be locked / rooted in order to create a thriving mod community.
- Regardless of how much the phone/tablet vendor tries to lock down and secure a device, generally within a few weeks of any new product launch, the modding community achieves success in rooting the device.
Bottomley ends today's blog post with "if the Surface (or Windows phone) hardware is really enticing, I’ve no doubt we’ll see a Linux variant running on it in the near future regardless of UEFI secure boot." His post can be read here.