Hi, Following extensive discussions within Canonical, with our OEM partners, and with various other groups including the FSF, we've decided to use the GPLv3-licensed GRUB 2 boot loader by default on systems with UEFI Secure Boot, to match our behaviour on all other x86 systems.
To mitigate the issues with preinstalled systems that we talked about previously, we'll be adding compulsory test cases to ensure that Canonical validates that every system we test has an option to disable secure boot and an option to install user certificates; and we will retain fallback plans involving efilinux in the case of serious error, although we hope we won't need to use them. For Ubuntu 12.10, this will be based on GRUB 2.00; we will also use a number of Fedora's patches against 2.00 that are relevant to secure boot. I've just uploaded most of the necessary packaging, although we still have some details to iron out. For Ubuntu 12.04.2, where 2.00 would be much too big a change to deliver in a standard update, this will either involve a sequence of targeted backports to GRUB 1.99, or a separate package just for this case if that turns out to be infeasible. For more on the discussions leading up to this, see: http://blog.canonical.com/2012/09/20/quetzal-is-taking-flight-update-on-ubuntu-secure-boot-plans/ Cheers, -- Colin Watson [cjwat...@ubuntu.com] -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
