Free Software Foundation: Windows 8 secure boot requirement could lock out Linux
Oct 18, 2011 — by LinuxDevices Staff — from the LinuxDevices Archive — 4 viewsThe Free Software Foundation (FSF) has launched a campaign claiming that Windows 8-certified PCs might prevent users from booting into Linux. The mandatory “secure boot” facility in the systems' Unified Extensible Firmware Interface (UEFI) might better be called “restricted boot,” the organization claims.
Microsoft cheered Windows users in September when it demonstrated the upcoming Windows 8 operating system booting in eight seconds. Part of the technology behind the fast boots, however, could enable Microsoft and its PC vendor partners to block users from loading Linux on a Windows 8 PC, Matthew Garrett, a mobile Linux developer at Red Hat, wrote in a Sept. 20 blog post.
When secure boot is turned on, UEFI will only launch verified boot loaders
Source: Microsoft
(Click to enlarge)
To gain Windows 8 certification, PCs will be required to use the Unified Extensible Firmware Interface (UEFI) in revision 2.3.1 or later. This firmware includes a secure boot mode, intended to block malware such as rootkit infections. When this mode is turned on, the only boot loaders that will run are those whose signatures match those stored in a database within the firmware, according to Microsoft.
Garrett charged that this mechanism could not only keep users from installing alternative operating systems such as Linux, but also prevent them from using hardware — a new graphics card, for example — that didn't come with appropriately signed drivers. He further complained that there is no central signing authority for the keys employed in UEFI secure boot, effectively giving each PC vendor control over what software its products can load.
The Free Software Foundation enters the fray
More about Microsoft's response to the above, plus another riposte from Garrett, appears later in this story. Meanwhile, the FSF entered the fray Oct. 17, releasing a statement titled "Stand up for your freedom to install free software."
FSF Campaigns Manager Joshua Gay writes, "The FSF is concerned that Microsoft and hardware manufacturers will implement the system in a way that will prevent users from booting anything other than Windows. In this case, the FSF offers the more accurate name of Restricted Boot, explaining that such a requirement would be a severe restriction on computer users and, by giving only a remote third party control over what's authorized to run on their computers, not a security feature at all."
The complete statement, open for signing here, reads as follows:
"We, the undersigned, urge all computer makers implementing UEFI's so-called "Secure Boot" to do it in a way that allows free software operating systems to be installed. To respect user freedom and truly protect user security, manufacturers must either allow computer owners to disable the boot restrictions, or provide a sure-fire way for them to install and run a free software operating system of their choice. We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems."
Microsoft response avoided the dreaded L-word
In a Sept. 22 posting on the Building Windows blog, Microsoft Program Manager Tony Mangefeste responded to Matthew Garrett's Sept. 20 complaint. He wrote, "At the end of the day, the customer is in control of their PC. The security that UEFI has to offer with secure boot means that most customers will have their systems protected against boot loader attacks. For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision."
The Windows 8 tablet given to BUILD attendees let secure boot be turned off
Source: Microsoft
(Click to enlarge)
Mangefeste pointed out that the Samsung tablet presented to developers at the recent BUILD conference included Microsoft-designed firmware (above) allowing secure boot to be disabled. "Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows," he added.
In his posting, however, Mangafeste did appear to admit that a given OEM could make secure boot non-defeatable if it really wanted to. He also defends the lack of a central signing authority, as follows:
"Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems."
Steve Sinofsky, president of Microsoft's Windows and Windows Live division, added the following comment to Mangafeste's blog posting, again avoiding the dreaded L-word: "How secure boot works with any other operating systems is obviously a question for those OS products :-) We focus our boot loader on Windows and there are a number of alternatives for people who wish to have other sets of functionality."
Garrett fought back in a Sept. 23 blog entry, as follows: "What's interesting is that at no point [did Microsoft] … contradict anything I've said. As things stand, Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems."
Microsoft's claim that the customer is in control of their PC is only true if by "customer" they mean "hardware manufacturer," Garrett charges. End users would not be guaranteed the ability to install extra signing keys to securely boot the operating system of their choice, and — if secure boot is not defeatable — might be unable to swap graphics cards, network cards, SATA controllers, or other hardware, he adds.
Whether a counterblast from Microsoft is in the offing, it's too early to say. But ZDNet blogger Ed Bott weighed in Oct. 18, charging that the FSF has "a longstanding reputation for hysterical reactions to everything Microsoft does." PC manufacturers will enable a secure boot toggle because they have "no economic incentive to mess with the microscopic percentage of the PC market that uses Linux," and the support calls that would otherwise result would eat up their razor-thin profit margins, he claims.
Bott also quotes AMI, one of the largest makers of UEFI firmware, as saying that secure boot will be defeatable whenever a particular OEM so decides. "I would imagine that many OEMs will keep this option open to their users in order to appeal to a wider cross-section of users," a spokesperson is said to have added.
Eric Brown contributed reporting to this story.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.