Why I hate Ubuntu: Reason #8

Ubuntu 8 - parody logo

Lately there's been a lot of noise on Secure Boot, AKA Restricted Boot. The short version is that with "Secure Boot" enabled, computers can only boot to systems signed by a CA recognised by the hardware.

Ubuntu's approach is to use their own key to sign their kernel, however in order to assure they never have to release their private key they've decided to drop Grub2 (GPLv3) and use a non free boot loader. This will help Ubuntu user's run their operating system on Boot Restricted machines but this will not help users who modify their Ubuntu at boot level or anyone that does not use Ubuntu or Windows 8.

In short, this solves nothing for the end users and makes Ubuntu part of the problem in restricting users, indeed one of the issues is that hardware manufacturers may include Microsoft's certificate (and/or Ubuntu's) but they may leave out the "bios" (UEFI) option to disable "secure boot" and hence lock the users into using the shipped OS only.

Mark Shuttleworth argues that they need to drop Grub2 as he fears that the FSF could force them to disclose their private key as part of the source code in certain cases. The FSF says they would not have to do that.

Ubuntu has done a lot to bring more users to use Free Software, however they are quite lenient and will ship proprietary drivers and sell non-free commercial software where practical and/or beneficial. It has been debatable as to whether this is good or bad, I've understood the reasoning without accepting; Make a practical alternative to Windows for user's who do not care about anything unless its shiny.

Ubuntu/Canonical has gained much weight, if they really cared about user freedom they would use that to work towards a more open and sustainable solution (would this mean disposable computers too ?), instead it looks as if they are trying out the user lock-in technique in an attempt to rival Windows using Microsoft's methods mixed with some Apple juice.

Update: I need to also add that the Ubuntu team has been a bit sketchy regarding the Grub2 licensing concerns and their fear of having to release the private key used to sign Grub.

In the UEFI Secure Boot and Ubuntu - implementation thread on the Ubuntu mailing list I found an interesting conversation about this:

Matthew Garrett wrote: Have you talked to the FSF about their position on this? They're the sole copyright holder of grub 2, so any position they'd publicly take would be pretty relevant in terms of potential legal action.

Colin Watson (Ubuntu) replied: I haven't been privy to all the mails on this, but in the ones I saw, the responses were distinctly equivocal at best. They certainly didn't say that we were safe, rather the reverse.

Yet on the FSF's page on Secure Boot which provides many clarifications (should read) they claim otherwise: No representative from Canonical contacted the FSF about these issues prior to announcing the policy.

In a Q&A with Mark Shuttleworth on The Register Tom Dial asked: Based on the statement by FSF that the GPL v3 licence on GRUB 2 would not require disclosure of the Ubuntu private keys for Secure Boot, will Canonical reconsider its approach to that?

Mark Shuttleworth replied: As nice as it is that someone at the FSF says they would not, we have to plan for a world where leaders change and institutional priorities change.

Is Ubuntu lying ? Are they just super paranoid ? Somehow I just think this is a business strategy, which brings me back to the fact that Ubuntu is a corporate operating system and I've always been wary of that.