Canonical has been researching on UEFI SecureBoot for quite some time and now they have proposed a new solution to implement it.
Intel's efilinux loader with some modifications will be used instead of GRUB 2 to add a relatively simple menu interface. So there will be no GRUB 2 by default on systems with secure boot enabled.
Rationale behind the decision:
- Microsoft's Windows 8 logo requirements say that there must be a way for users to disable secure boot or to install their own keys but in the event that a manufacturer makes a mistake and delivers a locked-down system with a GRUB 2 image signed by the Ubuntu key, then as per GPL requirements of GRUB 2, Canonical will have to disclose private key so that users can install a modified boot loader. If private key is disclosed, their certificates will be revoked. So GRUB 2 can not be the choice here.
- Intel's efilinux loader is much liberally licensed that could protect them from such accidents.
- GRUB Legacy with Red Hat's EFI patch stack can be an option but they really don't have much interest in resurrecting the old code.
- Using this method will only be requiring authentication of boot loader binaries. Ubuntu will not require signed kernel images or kernel modules.
- They hope that this method will also be able to make the first stage loader detect whether Secure Boot is enabled and otherwise chain to GRUB 2, to ensure that there are no regressions for those with UEFI systems that do not implement Secure Boot or that have it disabled.
- Machines that ship as "Ubuntu certified" will be required to have an Ubuntu key configured in their UEFI signature databases. But a standard Microsoft key will be present in the Ubuntu certification process meaning that an Ubuntu certified machine will be no more locked down than other machines in the market, and will be compatible with any UEFI binaries that can be used on a Windows machine.