Matthew Garrett ([personal profile] mjg59) wrote,
@ 2011-09-23 07:57 am UTC
Entry tags:advogato, fedora
Microsoft have responded to suggestions that Windows 8 may make it difficult to boot alternative operating systems. What's interesting is that at no point do they contradict anything I've said. As things stand, Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems. But let's have some more background.

We became aware of this issue in early August. Since then, we at Red Hat have been discussing the problem with other Linux vendors, hardware vendors and BIOS vendors. We've been making sure that we understood the ramifications of the policy in order to avoid saying anything that wasn't backed up by facts. These are the facts:
Microsoft have a dominant position in the desktop operating system market. Despite Apple's huge comeback over the past decade, their worldwide share of the desktop market is below 5%. Linux is far below that. Microsoft own well over 90% of the market. Competition in that market is tough, and vendors will take every break they can get. That includes the Windows logo program, in which Microsoft give incentives to vendors to sell hardware that meets their certification requirements. Vendors who choose not to follow the certification requirements will be at a disadvantage in the marketplace. So while it's up to vendors to choose whether or not to follow the certification requirements, Microsoft's dominant position means that they'd be losing sales by doing so.

Why is this a problem? Because there's no central certification authority for UEFI signing keys. Microsoft can require that hardware vendors include their keys. Their competition can't. A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's. No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer. Microsoft's influence here is greater than even Intel's.

What does this mean for the end user? Microsoft claim that the customer is in control of their PC. That's true, if by "customer" they mean "hardware manufacturer". The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC.

If Microsoft were serious about giving the end user control, they'd be mandating that systems ship without any keys installed. The user would then have the ability to make an informed and conscious decision to limit the flexibility of their system and install the keys. The user would be told what they'd be gaining and what they'd be giving up.

The final irony? If the user has no control over the installed keys, the user has no way to indicate that they don't trust Microsoft products. They can prevent their system booting malware. They can prevent their system booting Red Hat, Ubuntu, FreeBSD, OS X or any other operating system. But they can't prevent their system from running Windows 8.

Microsoft's rebuttal is entirely factually accurate. But it's also misleading. The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows. The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft are misusing to gain tighter control over the market. And the truth is that Microsoft haven't even attempted to argue otherwise.

(Read 193 comments) - (Post a new comment)
(Flat) (Top-level comments only)

Re: Bug-free firmware?


(Anonymous)
2011-09-25 09:50 am UTC (link)
How much do you want to bet they will use this for anti-piracy? And then we can have more people waste their time running pirated Windows instead of getting a proper Linux installed and start doing something USEFUL.

I've been using Gentoo for over 4 years and Linux for at least 5. I use it 90% of the time. My MacBook is my laptop on the go. I use the Terminal a lot and ssh my servers to work with them. Things like sshfs, etc are installed too. I also use my Mac to test Qt applications I make in Linux, and develop iPhone apps (some of which I code in Linux; sometimes the cross compiler messes up).

Mac OS X is secure, and not just by obscurity:
1) Every application downloaded from the web (and not the Mac App Store, where apps are all signed) will warn the user EVERY time it is run if it is not signed. Using the terminal is the only way to disable this. So, most users don't. Numbers are showing that Mac users want to use the App Store (which is close to a package manager but not quite there yet), and they do not download from random sites. Paranoia mode is good here. As you know on iPhone, this situation is enforced and this is how 99% of the user base wants it (including me). I'm willing to bet App Store only on OS X is the future with a developer mode so we can actually make things. This is what people want, not some make up boot loader protection nonsense. Only an OS as badly designed as Windows would need that. Microsoft is desperate to hire good coders, but only bad ones worship MS and go work there these days.
2) Application Entitlements (which is new to Lion and taken from iOS). Basically, the real question here is why have we allowed applications in the past to do anything they wanted (at your user level)? Why do they just get access to the video camera, or the network card, etc, without question? With Application Entitlements, an application specifies what it needs access to (such as camera, GPS, etc), and the user is told about this. I think this would be an awesome thing to implement in Linux just as much.

These 2 are ways the user gets to be informed in a friendly way before they decide to let their system get potentially hosed.

3) UNIX-based, POSIX certified. Need I say more? It is not some exotic proprietary OS. It is a fine-tuned Mach kernel and a FreeBSD-based userland (Apple even provides patches to FreeBSD to this day).
4) Safari web browser. A secure, WebKit-based, standards-based web browser (that you could say has little market share therefore it's 'obscure'). The big development is that it is not the only one (out of Qt, Google, Gtk, etc) and so most of what Apple does to WebKit benefits everyone (and WebKit work by Apple is primarily driven by OS X needs; you know about ?) and vice-versa. Compare IE's track record with Safari. Sure, you can get another browser on Windows. On both OS's, 90% of the users do not.
5) Sources available for review (including WebKit's base, CoreFoundation, etc). Ignorant folk might think this is dumb. http://opensource.apple.com even gives you iPhone development tools, libraries, etc. (And no, Apple is NOT obliged to make them work on Linux!) People use these things and people send Apple patches too. The kernel is no longer open source, if that makes you feel safe for some reason. Is any code from Windows available to review without an NDA? Hardly any.
6) Certain actions require typing a password (NOT just pressing a button!), such as: installing a new application to /Applications (depending on what the application needs to do), installing apps from the App Store, changing settings in System Preferences (all of which can be locked down at the user's discretion).

I won't be surprised if Windows 8 is nothing more than a slight upgrade, some artificial crap (like not including certain features in 'lesser' versions), and a huge WinSxS directory for backward compatibility (just like Vista and 7). Moving forward? Yeah, right. More like status quo as always.

Secure boot might help MS, but it's a very bad band-aid for an aging operating system that let's face it, is obsolete. Microsoft sure likes playing this retrofitting game.

Regarding keys for Linux booting, I do not feel like having some 'commission' who gets to make/have/get keys, even if it were for Linux and free OS's. Even a benevolent dictatorship is still a dictatorship (Gentoo Foundation nor Apple are my gods/kings/who I worship/work under). We should not need that. Regardless, what we should have are secure and non-secure environments in all OS's. The 'locked down' OS is fine, as long as it provides a backdoor (root) only the owner can use, and a developer mode. That doesn't require keys on boot up, it just requires a stricter kernel and a stricter user land (limitations on memory access, application/library hashes, etc). And of course developer mode, which just lets us gain a few more privileges so we can work faster while we need it.

(Reply to this)  (Thread from start)  (Parent)  (Thread


Re: Bug-free firmware?


(Anonymous)
2012-02-16 02:02 pm UTC (link)
"How much do you want to bet they will use this for anti-piracy?"

I sure hope they do as this might boost Linux adoption a lot in poor countries ;)

(Reply to this)  (Thread from start)  (Parent


(Read 193 comments) - (Post a new comment)
(Flat) (Top-level comments only)