That UEFI Secure Boot Thing

Yesterday Matthew Garret posted Implementing Secure Boot in Fedora, which was subsequently covered by Cory Doctorow in Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users’ computers.  I find myself somewhat torn by the whole affair.  I understand how the choice by Fedora to cough up $99 to have their shim bootloader signed by Microsoft can be seen as a sellout.  But at the same time, if your goal is to ensure your distro is bootable without forcing the user to screw around with their firmware settings, I think Fedora has probably made the least-worst choice, and I think other distros should also consider evaluating this approach.

Immediately, speaking purely practically, a single $99 payment by a distro to cover a (presumably) infrequently updated shim bootloader, and thus have Linux work with UEFI secure boot, is not terribly onerous.  Even if many distros did this, I’m not seeing it amounting to much of a revenue stream for Microsoft.  And it meets the stated goal (make Linux run on new hardware with minimum user effort or even awareness).  So that’s fine as far as it goes.

I’m far less happy about it from a political perspective, where this amounts to supporting another instance of what I’d call The Certificate Cartel, a term I used to apply to SSL CAs.

So, like I said, I find myself somewhat torn by the whole affair.