Microsoft may have attracted some headlines and discussion on Slashdot for being a 'sponsor' at the Linux Foundation's Europe event LinuxCon. But this sponsor is not giving the Linux Foundation any special treatment when it comes to UEFI Secure boot.
If you remember the Linux Foundation earlier announced their workaround for the UEFI Secure boot for the Linux community. That's getting delayed.
He detailed the entire painful process to get a Microsoft signed key. While is extremely easy to pay $99 and get a Verisign verified key the rest of the process is quite daunting and challenging, which also requires one to use Microsoft technologies.
One has to sign a paper contract, which Bottomley calls quite onerous.
The agreements are pretty onerous, include a ton of excluded licences (including all GPL ones for drivers, but not bootloaders). The most onerous part is that the agreements seem to reach beyond the actual UEFI objects you sign. The Linux Foundation lawyers concluded it is mostly harmless to the LF because we don’t ship any products, but it could be nasty for other companies.
I have not looked into what these problems are but Bottomley writes that Red Hat's Matthew Garrett says that Microsoft is willing to "negotiate special agreements with distributions to mitigate some of these problems."
What these 'special agreements' are is not yet clear.
Once the paperwork is finished the more daunting task begins:
You don’t just upload a UEFI binary and have it signed. There are several stages and one stage requires the use of Silverlight (alas Moonlight doesn't work) so you do need to be on a Windows machine to create a signed bootloader for Linux.
Microsoft has also banned any GNU GPLv3 licences for these binaries.
When you get to this stage, you also have to certify that the binary “to be signed must not be licensed under GPLv3 or similar open source licenses”. I assume the fear here is key disclosure but it’s not at all clear (or indeed what “similar open source licences” actually are).
The foundation somehow managed to create and upload the file which had to go through seven stages and "unfortunately, the first test upload got stuck in stage 6 (signing the files)."
There were some email exchanges between Microsoft and Bottomley to sort the problem but at the moment the cart is stuck in mud.
We're still waiting for Microsoft to give the Linux Foundation a validly signed pre-bootloader. When that happens, it will get uploaded to the Linux Foundation website for all to use.