In order to get its Linux distribution to run on the nextgeneration of secured desktop computing hardware, the FedoraProject will obtain a digital signature from Microsoft, a developerfrom the project announced Wednesday. "This isn't an attractive solution, but it is a workable one,"wrote Matthew Garrett in a blog post on Wednesday. "We came to the conclusion that every other approachwas unworkable." [ Track the latest trends in open source with InfoWorld's Open Sources blog and Technology: Open Source newsletter . ] The next release of the open-source distribution, Fedora 18, due inNovember, will be the first version able to run on computers thatuse UEFI (Unified Extensible Firmware Interface), which requiresthe operating system to furnish a digital key before it can be runby the machine. With the growing adoption of UEFI among hardware developers -- largely at the behest of Microsoft -- the Fedora Project faced a number of alternatives, none of themcompletely satisfying, Garrett said. Fedora could ignore the request for a digital certificate. Thiswould require users to fiddle with their firmware settings, though,which would make the software less usable for those lesstechnically inclined. "The cause of free software isn't furtheredby making it difficult or impossible for unskilled users to runLinux, and while this approach does have its downsides, it doesalso avoid us ending up where we were in the '90s," Garrettcontinued. "Users will retain the freedom to run modified softwareand we wouldn't have accepted any solution that made thatimpossible." Another possibility: Fedora could produce its own key. Thisapproach, however, would require buy-in from each hardwaremanufacturer, which would be difficult to achieve and may result inlong lists of computers and components that would be compatiblewith Fedora. It would also leave out other, smaller, Linuxdistributions, such as Slackware, which may not have the resourcesto manage their keys. The Fedora Project also looked into producing a key for all Linuxdistributions. This approach, however, would end up costingmillions of dollars and take a lot of time, neither of which mostLinux distributors would have the resources to cover. In the approach Fedora chose, the organization would pay $99 tohave Microsoft sign the binary release of the Fedora distribution.Although the cost for the certificates would be less than $200 ayear for Fedora's twice-a-year release schedule, it still handscontrol of Fedora over to Microsoft, however nominally. With thekey, the machine can check if the binary version of thedistribution is identical to the one submitted to the key signer.Fedora engineers would then develop a bootloader -- a small programthat loads the operating system when the computer is powered on --that would provide the required Microsoft key to the hardware andthen hand over operations to the standard bootloader. Garrettcharacterized this software as a "shim," one that would only addminimal delay to the booting process of a computer. Garrett admits that even this approach has drawbacks. Some kernelfunctionality will be locked down. Also, kernel modules will needto be signed. Developers who compile their own kernel binary willhave to figure out a way to get it signed, either by applying tothe firmware company directly, or creating a shim similar toFedora's bootloader. Or, they can run their binaries on thosecomputers that don't require certificates. I am an expert from uv-led-lights.com, while we provides the quality product, such as China Led Plant Growing Lights , High Power UV Leds Manufacturer, DIP LED Lighting Source,and more.
Related Articles -
China Led Plant Growing Lights, High Power UV Leds Manufacturer,
|