But rather than use the popular GRUB2 boot loader, which is distributed under the strict GPL v3 licence and is a project of the Free Software Foundation (FSF), the Canonical team opted to use Intel’s more liberally licensed efilinux loader to boot the Ubuntu operating system.
According to Shuttleworth, this decision was taken because there is too much uncertainty surrounding the terms of the FSF's GPL v3 and its implications for Ubuntu's secret signing key.
If the private key is used to sign a build of GRUB2 and Canonical is later forced to publish its key to avoid a breach of the licence then the company enters a minefield: its key could then be used by anyone to sign and install malicious boot-time software on machines that trusted it. The disclosure could eventually lead to the revocation of Ubuntu's private key.
Shuttleworth explains why they ditched GPL Linux Loader
Posted on Friday, July 06 2012 @ 22:12 CEST by Thomas De Maesschalck