Microsoft designed Windows 8 in such a way that installing and booting Linux on systems with secure boot would turn out to be rather troublesome and a deterrent for novice Linux users. Almost all major Linux distribution vendors like Fedora, openSUSE and Ubuntu have come up with proposals that resort to different methods to tackle the problem. The Linux Foundation came up with a proposal of its own as well.
TLF proposed a signed pre-bootloader that will chain-load a bootloader which in turn will boot the desired operating system thus keeping Linux installations for novice users as simple as it were before. Further, this particular component is meant for small-time Linux distros which otherwise wouldn’t have the required expertise to develop their own system to tackle the secure boot issue. The pre-bootloader will be equipped with a ‘present user’ check thereby making it impossible for malicious users to use this as a vector for malware installations.
This was going as per plans up until James Bottomley, Parallels’ CTO disclosed that he has been having rather bizarre experiences with Microsoft sysdev centre. Bottomley, when asked about the status of the project, told Steven J. Vaughan-Nichols of ZDNet, “We’re all done and dusted with the signed contract with Microsoft and the binary ready to release. However, I’ve been having bizarre experiences with the Microsoft sysdev centre.”
Bottomley revealed that even though the loader has been signed by MS UEFI key, the folks over at Microsoft sysdev centre claim that it has been ‘improperly signed’ and that they would need some time to sort the issue out. “…now the Microsoft sysdev people claim it was “improperly” signed and we have to wait for them to sort it out,” said Bottomley.
“I’ve pulled the binary apart, and I think the problem is that it’s not signed with a LF [Linux Foundation] specific key, it’s signed by a generic one rooted in the UEFI key,” he added.
Bottomley believes that because of the fast approaching holiday season, chances are that it would be few weeks before he would be able to get his hands on a signed pre-bootloader that is fully functional.