FSF takes Win 8 Secure Boot fight to OEMs
Punters urged to bombard PC makers
PC makers are being lobbied to install Windows 8 on machines in a way that will afford users the freedom to boot Linux or any other operating system.
The Free Software Foundation (FSF) is urging PC users to sign a statement demanding that OEMs which implement Windows 8's UEFI Secure Boot do so in a way that allows individuals to disable it, or that the PC makers provide a "sure-fire way" to install and run an operating system of the user's choice.
The statement says that giving this choice will protect users' rights and security.
The FSF has also hinted at a boycott on buying Windows 8 PCs. "We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems," the FSF concludes.
Windows 8's Secure Boot was branded "Restricted Boot" by the FSF because "it would be a disastrous restriction on computer users and not a security feature at all".
The FSF's website became suddenly unavailable Tuesday morning due to "technical problems" once word of the campaign began to spread.
Secure Boot is a planned feature of Windows 8 intended to thwart a type of hack that targets the boot path; the idea is to ensure only signed "good code" will boot up.
Microsoft's system implements the Unified Extensible Firmware Interface (UEFI) firmware specification, only the system in Windows 8 would mean any Windows 8 PC that ships with only OEM and Microsoft keys will not boot a generic build of Linux.
The red flag was raised by Red Hat employee and tech blogger Matthew Garrett here and Professor Ross Anderson of Cambridge University here. Anderson said Secure Boot might violate EU competition law.
Microsoft, meanwhile, has shifted responsibility for Secure Boot to the PC manufacturers. In a blog response to the alarm, Microsoft ecosystem team member Tony Mangefeste wrote: "OEMs are free to choose how to enable this support and can further customize the parameters as described above in an effort to deliver unique value propositions to their customers."
However, it seems OEMs are not free to choose how to enable Secure Boot.
All About Microsoft's Mary-Jo Foley reports that at Microsoft's Build conference in California last month, Microsoft said support for UEFI Secure Boot is a Windows 8 certification requirement.
Meanwhile, on the Windows 8 blog in response to concern about UEFI, Mangefeste went on to claim: "At the end of the day, the customer is in control of their PC."
Responding to Mangefeste, Garrett called the rebuttal "entirely factually accurate", adding "but it's also misleading" – because the PC marker and Microsoft would maintain control over the keys needed to permit trusted code to boot on PCs.
"The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors," Garrett wrote in response to Mangefeste here. ®
COMMENTS
Of course it's a security feature
It secures Microsoft's revenue stream.
Agreed. I used to work at a local retail/repair shop where we also built new PCs. In theory, we could put whatever OS we wanted on the system, but if we put anything other that Windows on our new-build machines, we would lose our "discount" and any hope of being able to sell the machines at a competitive price (already difficult since we used quality hardware with solid manufacturer's warranties as opposed to the flimsy crap in the big boys' systems).
So... of course you can disobey MS, but you'll go out of business if you do. Unfortunately, they can say they weren't "forcing" us since, in theory, we could do whatever we wanted. In practice, you obey Redmond or go bankrupt....
Point A
"Prevent older versions of Windows booting on those machines"
I think this, more than anything else is Microsoft's plan. The last thing they want is a repeat of the Vista debacle where users buy shiny new machines and then install XP.
Pah...
Just step back and think for a second:
If MS prevent the installation of OSes other than Windows 8 on OEMed hardware they will
a) Prevent older versions of Windows booting on those machines
b) End up in massive Anti-trust cases in many different areas
c) Piss off corporate users who want the ability to install what they want on their hardware
They will no allow any of these things to happen, if they did the share-holders would require heads to roll at the very top of the company.
Time to alert the EU?
If PCs start shipping with no way to update the keys or disable Secure Boot (I'm thinking physical jumper or something would be the way to go, harder to attack) then it is time to call in the EU and have MS hammered once again for abusing its market position.
That MS are using OEMs as puppets to further entrench their OS as the only player in the market is pretty disgusting. But then they have form for sock-puppeting to get what they want: ISO - I am looking at you.
It already pisses me off that I have to pay £30 over the odds for a PC because of the way MS force manufacturers to include Windows and allows OEMs to no longer honour refund requests.
Oh and before someone brings up Apple (and no, I don't own one) let me just point out one thing - Apple are not a monopoly in the PC market.
