#888 F18 Feature: UEFI Secure Boot - https://fedoraproject.org/wiki/Features/SecureBoot
Closed None Opened 11 years ago by rbergero.

Filing this ticket for procedural purposes so that it can be tracked through the feature process in the FESCo trac instance. Topic is currently being discussed in Board ticket #138 with Board & FESCo.

If FESCo would like to add this to the meeting agenda today as simply an ack of ticket received but no decision at this time, that is fine, or you can defer it till next week.


Replying to [ticket:888 rbergero]:

Filing this ticket for procedural purposes so that it can be tracked through the feature process in the FESCo trac instance. Topic is currently being discussed in Board ticket #138 with Board & FESCo.

It's being discussed with Board & FESCo? How? That Board ticket isn't viewable except to Board members...

Well, Board Members, everyone in fesco, and some poor soul in FAS whose initials are jwb. :D I'll get it corrected to jwboyer. It looks like everyone got added last week.

Robyn, I'm getting: Error: Forbidden TICKET_VIEW privileges are required to perform this operation on Ticket #138 on https://fedorahosted.org/board/ticket/138

tmraz: you're now added.

For the record, here's who is CC'd on the ticket currently:
mjg59, pjones, notting, kevin, mitr, limburgher, ref, jwboyer, tmraz, and mmaslano opened the ticket so she is on there anyway.

ref=richard fontana, I'll save everyone a trip to .fasinfo. :)

If there are other fesco folks not on this list that should be added, let me know. I noticed this morning that the FESCo wiki page didn't have josh on it and still had sgallagh, so we may have missed others as well.

Just did s/limburgher/limb in the ticket as well.

Adding jreznik to this ticket as he's the new PM, so he can keep track of status.

At today's Board meeting, jwb asked that the Board give FESCo some indication if they could go ahead with discussing and voting on this feature. We weren't ready to approve or disapprove it fully (last week's Board meeting, the participants decided to shelve their questions for a week as pjones and mjg went to a UEFI Summit where some of those questions might have been addressed). We were able to approve the following to try and keep the process moving forward though:

The Board is inclined to think that some variation of the Secure Boot Feature can be used by Fedora and not violate software Freedom. We would like FESCo to go ahead with approving or rejecting the Feature but would like it made clear that we would also like to review the Feature and give it an approval or rejection. Note that given the current information we'd probably propose tweaks and ask additional questions about it -- outright rejection seems unlikely.

Unlikely to be in the meeting. I am +1 to this feature.

From the 2012-07-23 FESCo meeting:
* AGREED: feature UEFI Secure Boot is approved (+:7, -:0 , 0:2 (t8m,
mmaslano) ) (jwb, 17:37:25)

The Board considered how Secure Boot and the Fedora Feature for dealing with
hardware that implements it matches up with Fedora's core values, whether it
conflicts with software freedom, the impression that it gives to the public,
and its ramifications for the wider project. The members were mostly in favor
of making it easy for end users to run on hardware that has the Secure Boot
feature enabled out of the box however they had some issues that needed to be
addressed:

1) Support the use case of a user who trusts Fedora but does not trust Microsoft. The user wants to remove the Microsoft key from their system but still use the Secure Boot feature of their hardware.
2) Independence of the distribution from a third party competitor. Relying only on the cooperation of a third party competitor for secure boot to work seemed unwise.

After much discussion, the Board voted to approve two ways that these concerns could be addressed. The Board would be willing to approve the Secure Boot Feature if either of these options were implemented for Fedora 18:

(1) Fedora 18 will include the specified method of booting on Secure Boot enabled hardware if the following changes are made:
- There must be a version of the Fedora install image which is bootable with Secure Boot on and the MS key not installed on the user's UEFI database. The resulting system must also be bootable with Secure Boot on and the MS key not installed.
-- This could be implemented with multiple signatures if that is ready in time or multiple images if it is not. The shim would need to be signed with a Fedora key in either of those cases. There may be additional methods of satisfying this as well, that the Board is unaware of.
- The documentation must be updated to reflect pbrobinson's concerns.
-- Eric Christensen has started compiling some of the available information into a document that could be helpful here but he would need help from the Feature Owners to fill in details and track changes to what Fedora is implementing: https://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/UEFI_Secure_Boot_Guide/index.html
- If this alternative is the preferred method but it cannot be implemented in the F18 time frame, the current Board would consider approving a two release plan where F18 would follow the second option (Secure Boot not supported by default) and F19 would follow this option. However, the Board does note that, like any Board decision, there will be turnover within the Board after every Fedora release and we can't absolutely guarantee the new Board won't revisit this.

Alternatively:

(2) For Fedora 18, support for out-of-the-box Secure Boot would be a non-default offering. This would mean that the microsoft-signed shim would not be used to boot the default media. The microsoft-signed shim could be installed by the default media but only if this was optional. Shimless installs as well as installs with a shim signed by a Fedora root key would be acceptable. The Secure Boot media (spin?) would be able to implement the feature owners' evolving plan as they see fit. The Board would have to reevaluate this for default in Fedora 19 but hopefully a working Fedora 18 spin would have an impact on the voting.

Would either of these work for the feature owners?

Not a fesco issue at present.

From the Proposal:
"""
There must be a version of the Fedora install image which is bootable
with Secure Boot on and the MS key not installed on the user's UEFI
database. The resulting system must also be bootable with Secure Boot
on and the MS key not installed.
"""

Clarification:
"""
For each architecture where secure boot is supported the Board is
asking for there to exist at least one method available to users to
install and run Fedora as outlined above. Providing a second Fedora 18
DVD or Fedora 18 Network Install CD would satisfy this condition.
"""

Login to comment on this ticket.

Metadata