The folks behind the popular Fedora Linux operating system have good news and less good news for open source software enthusiasts. The good news is that they’ve come up with a method that will make it easy for anyone to install the next version of Fedora on hardware designed to run Microsoft Windows 8 without disabling the secure boot features Microsoft is insisting hardwaer makers include.
The bad news is that the method involves Fedora paying a one-time $99 fee for a digital signature from Microsoft. This will allow Windows 8 computers with x86 processors and secure boot enabled to recognize and boot Fedora — but it will make a lot of other things more complicated.
Users that want to develop their own kernels will either have to add support on their own firmware, or pay for their own $99 digital signature if they want to distribute those custom kernels. Drivers for graphics cards and other hardware could also need to be signed.
Red Hat and Fedora developer Matthew Garrett shared the strategy on his blog recently — and it’s generated a lot of comments, including many complaints that this move is a slap in the face of software freedom.
On the other hand, it’s not clear what alternatives there were. Microsoft has somewhere around a 80 or 90 percent market share in the personal computer space, and it’s Apple, not Linux, that makes up most of the rest. So it’s pretty much a given that if Microsoft wants Windows 8 computers to ship with UEFI secure boot features enabled, then most computer that ship later this year will have secure boot turned on by default.
Microsoft has confirmed that it won’t prevent users from disabling secure boot — but it will be up to hardware makers to decide whether or not to bother offering the option. Many users may also not be comfortable futzing around with firmware options.
So the easiest way to make sure everyone has access to alternate software such as Fedora is to register a digital signature for its operating system.
Another option would have been to work out deals directly with hardware companies — and Fedora has enough clout to get at least a few major PC makers on board. But that option wouldn’t necessarily be open to smaller Linux distributions and there’s no way to guarantee that all hardware makers would be on board. So rather than ask users interested in Fedora to only buy computers from certain companies, the Fedora team is basically using Microsoft’s digital signature tools.
Secure boot features will actually help make Linux-based operating systems like Fedora more secure, just as they will Windows 8. Basically the secure boot features prevent unsigned code from running before the operating system boots — and require the kernel and other software that interacts directly with a computer’s hardware to be signed.
But it still sounds like turning off secure boot when possible might provide the best user experience, even on operating systems such as Fedora which will support the feature.
Fedora 18 is due out this fall, around the same time that Windows 8 will launch.
Theoretically the Fedora team could take a similar approach toward Windows 8 devices with ARM-based processors,