Responding to a query from iTWire about what OpenBSD, widely recognised as the most security-conscious UNIX, would be doing to cope with "secure" boot, De Raadt said: "We have no plans. I don't know what we'll do. We'll watch the disaster and hope that someone with enough power sees sense."
Microsoft will launch Windows 8 exactly three months from today. The company has said that a "secure" boot process will be needed to boot the operating system on any platform, which means that keys will be used at two stages to recognise what is being loaded. The process is done through the Unified Extensible Firmware Interface, or UEFI.
There will be a mechanism to turn off this method of booting on x86 hardware; however, Microsoft has said that this will not be provided on the ARM platform.
|
"It would be interesting to see a bunch of consumer-unfriendly laptop vendors locked out of European markets, wouldn't it?"
He did not see any positives in the move. "I sense that disaster is coming, and hope that someone has the moral strength to do the right thing," he said.
"I fully understand that Red Hat and Canonical won't be doing the right thing, they are traitors to the cause, mostly in it for the money and power. They want to be the new Microsoft."
Red Hat's method of ensuring that PCs certified for Windows 8 can boot GNU/Linux, announced by its community distribution Fedora, is to sign up to the Microsoft developer program and obtain a key which will be used to sign a "shim" bootloader.
This shim would then load the GRUB2 bootloader which will boot the operating system kernel, which will also be signed. All kernel modules will be signed too. As the first key comes from Microsoft, it will be recognised by most PCs and laptops.
Canonical's plan for its well-known Ubuntu GNU/Linux distribution involves having a key which is distribution-specific in the firmware, and also a key vouched for by Microsoft.
CDs which are sold or distributed separately from hardware will need Microsoft's key to be present in the firmware to boot while bootloader images from the Canonical website will have Ubuntu's own key.