Feeds

FSF takes Win 8 Secure Boot fight to OEMs

Punters urged to bombard PC makers

Mobile application security vulnerability report

PC makers are being lobbied to install Windows 8 on machines in a way that will afford users the freedom to boot Linux or any other operating system.

The Free Software Foundation (FSF) is urging PC users to sign a statement demanding that OEMs which implement Windows 8's UEFI Secure Boot do so in a way that allows individuals to disable it, or that the PC makers provide a "sure-fire way" to install and run an operating system of the user's choice.

The statement says that giving this choice will protect users' rights and security.

The FSF has also hinted at a boycott on buying Windows 8 PCs. "We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems," the FSF concludes.

Windows 8's Secure Boot was branded "Restricted Boot" by the FSF because "it would be a disastrous restriction on computer users and not a security feature at all".

The FSF's website became suddenly unavailable Tuesday morning due to "technical problems" once word of the campaign began to spread.

Secure Boot is a planned feature of Windows 8 intended to thwart a type of hack that targets the boot path; the idea is to ensure only signed "good code" will boot up.

Microsoft's system implements the Unified Extensible Firmware Interface (UEFI) firmware specification, only the system in Windows 8 would mean any Windows 8 PC that ships with only OEM and Microsoft keys will not boot a generic build of Linux.

The red flag was raised by Red Hat employee and tech blogger Matthew Garrett here and Professor Ross Anderson of Cambridge University here. Anderson said Secure Boot might violate EU competition law.

Microsoft, meanwhile, has shifted responsibility for Secure Boot to the PC manufacturers. In a blog response to the alarm, Microsoft ecosystem team member Tony Mangefeste wrote: "OEMs are free to choose how to enable this support and can further customize the parameters as described above in an effort to deliver unique value propositions to their customers."

However, it seems OEMs are not free to choose how to enable Secure Boot.

All About Microsoft's Mary-Jo Foley reports that at Microsoft's Build conference in California last month, Microsoft said support for UEFI Secure Boot is a Windows 8 certification requirement.

Meanwhile, on the Windows 8 blog in response to concern about UEFI, Mangefeste went on to claim: "At the end of the day, the customer is in control of their PC."

Responding to Mangefeste, Garrett called the rebuttal "entirely factually accurate", adding "but it's also misleading" – because the PC marker and Microsoft would maintain control over the keys needed to permit trusted code to boot on PCs.

"The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors," Garrett wrote in response to Mangefeste here. ®

Boost IT visibility and business value

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Apple gets patent for WRIST-PUTER: iTime for a smartwatch
It does everything a smartwatch should do ... but Apple owns it
For Lenovo US, 8-inch Windows tablets are DEAD – long live 8-inch Windows tablets
Reports it's killing off smaller slabs are greatly exaggerated
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
Seventh-gen SPARC silicon will accelerate Oracle databases
Uncle Larry's mutually-optimised stack to become clearer in August
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.