Secure boot technology is now part of the new UEFI firmware specification. Given that Microsoft ®’s
Windows® 8 will require secure boot to be enabled by default, it is expected that the majority of
personal computer devices will ship with it enabled in the first quarter of 2012.
The UEFI specification for secure boot does not define who controls the boot restrictions on UEFI
platforms, leaving the platform implementer in control of the exact security model. Unfortunately,
Microsoft’s recommended implementation of secure boot removes control of the system from the
hardware owner, and may prevent open source operating systems from functioning. The Windows 8
requirement for secure boot will pressure OEMs to implement secure boot in this fashion.
We believe that restrictions that prevent users from exercising full control over their hardware is
not in the best interest of those users, and works against the spirit of open source software in
Therefore, we present a set of recommendations that will allow users the freedom to choose their
software, while retaining the security features of UEFI Secure Boot, and complying with open source
licenses used in distributions of Linux ®