UEFI secure booting (part 2)
Sep. 23rd, 2011 07:57 am![[personal profile]](http://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mjg59Microsoft have responded to suggestions that Windows 8 may make it difficult to boot alternative operating systems. What's interesting is that at no point do they contradict anything I've said. As things stand, Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems. But let's have some more background.
We became aware of this issue in early August. Since then, we at Red Hat have been discussing the problem with other Linux vendors, hardware vendors and BIOS vendors. We've been making sure that we understood the ramifications of the policy in order to avoid saying anything that wasn't backed up by facts. These are the facts:
Microsoft have a dominant position in the desktop operating system market. Despite Apple's huge comeback over the past decade, their worldwide share of the desktop market is below 5%. Linux is far below that. Microsoft own well over 90% of the market. Competition in that market is tough, and vendors will take every break they can get. That includes the Windows logo program, in which Microsoft give incentives to vendors to sell hardware that meets their certification requirements. Vendors who choose not to follow the certification requirements will be at a disadvantage in the marketplace. So while it's up to vendors to choose whether or not to follow the certification requirements, Microsoft's dominant position means that they'd be losing sales by doing so.
Why is this a problem? Because there's no central certification authority for UEFI signing keys. Microsoft can require that hardware vendors include their keys. Their competition can't. A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's. No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer. Microsoft's influence here is greater than even Intel's.
What does this mean for the end user? Microsoft claim that the customer is in control of their PC. That's true, if by "customer" they mean "hardware manufacturer". The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC.
If Microsoft were serious about giving the end user control, they'd be mandating that systems ship without any keys installed. The user would then have the ability to make an informed and conscious decision to limit the flexibility of their system and install the keys. The user would be told what they'd be gaining and what they'd be giving up.
The final irony? If the user has no control over the installed keys, the user has no way to indicate that they don't trust Microsoft products. They can prevent their system booting malware. They can prevent their system booting Red Hat, Ubuntu, FreeBSD, OS X or any other operating system. But they can't prevent their system from running Windows 8.
Microsoft's rebuttal is entirely factually accurate. But it's also misleading. The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows. The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft are misusing to gain tighter control over the market. And the truth is that Microsoft haven't even attempted to argue otherwise.
We became aware of this issue in early August. Since then, we at Red Hat have been discussing the problem with other Linux vendors, hardware vendors and BIOS vendors. We've been making sure that we understood the ramifications of the policy in order to avoid saying anything that wasn't backed up by facts. These are the facts:
- Windows 8 certification requires that hardware ship with UEFI secure boot enabled.
- Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option.
- Windows 8 certification does not require that the system ship with any keys other than Microsoft's.
- A system that ships with UEFI secure boot enabled and only includes Microsoft's signing keys will only securely boot Microsoft operating systems.
Microsoft have a dominant position in the desktop operating system market. Despite Apple's huge comeback over the past decade, their worldwide share of the desktop market is below 5%. Linux is far below that. Microsoft own well over 90% of the market. Competition in that market is tough, and vendors will take every break they can get. That includes the Windows logo program, in which Microsoft give incentives to vendors to sell hardware that meets their certification requirements. Vendors who choose not to follow the certification requirements will be at a disadvantage in the marketplace. So while it's up to vendors to choose whether or not to follow the certification requirements, Microsoft's dominant position means that they'd be losing sales by doing so.
Why is this a problem? Because there's no central certification authority for UEFI signing keys. Microsoft can require that hardware vendors include their keys. Their competition can't. A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's. No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer. Microsoft's influence here is greater than even Intel's.
What does this mean for the end user? Microsoft claim that the customer is in control of their PC. That's true, if by "customer" they mean "hardware manufacturer". The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC.
If Microsoft were serious about giving the end user control, they'd be mandating that systems ship without any keys installed. The user would then have the ability to make an informed and conscious decision to limit the flexibility of their system and install the keys. The user would be told what they'd be gaining and what they'd be giving up.
The final irony? If the user has no control over the installed keys, the user has no way to indicate that they don't trust Microsoft products. They can prevent their system booting malware. They can prevent their system booting Red Hat, Ubuntu, FreeBSD, OS X or any other operating system. But they can't prevent their system from running Windows 8.
Microsoft's rebuttal is entirely factually accurate. But it's also misleading. The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows. The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft are misusing to gain tighter control over the market. And the truth is that Microsoft haven't even attempted to argue otherwise.
![[identity profile]](http://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
Re: This has anti-trust implications
Date: 2011-09-26 05:01 pm (UTC)Re: How many...
Date: 2011-09-26 05:04 pm (UTC)no subject
Date: 2011-09-26 05:07 pm (UTC)Re: How many...
Date: 2011-09-26 05:08 pm (UTC)That's easy: yes. If anything it's people in your position who will raise enough of a financial uproar to get this changed.
Re: Huh?
Date: 2011-09-26 05:51 pm (UTC)Re: Huh?
Date: 2011-09-26 05:56 pm (UTC)Do you think OEM's will be ready to lose money
Date: 2011-09-26 07:23 pm (UTC)Seriously, who gives a sheet.
Date: 2011-09-26 11:25 pm (UTC)OEMs can still tailor their hardware to Linux if the userbase is there. I guess this is the inflection point for you all; you all boast about how superior Linux is, well, let's see if the numbers back it up.
Let it be
Date: 2011-09-27 05:17 am (UTC)My family, the company I work for, and I, will purchase Linux certified machines, or at the very least PC's with the ability to disable UEFI. Some of these people prefer Windows machines and that is fine, after all, it's all about preference and control.
Come Windows 9 there will be a lot of hell bent customers that can't upgrade, and will be forced to purchase new machines, or maybe not an issue with how cheap they will be. Regardless, it's asinine decisions that makes Microsoft the Titanic it is. Without a major shift in decision makers, it will sink, just not fast. Sadly though, the US government will probably claim them too big to fail and give them a healthy multi-billion dollar cash infusion.
Re: I think your problem
Date: 2011-09-27 05:41 am (UTC)Re: Let it be
Date: 2011-09-27 05:43 am (UTC)You idiot Microsoft fanboys are missing the core issue. It's about having control over the products you pay for, not about being able to load Linux. The Vendors will love it, because you won't be able to upgrade your hardware piece meal. Microsoft loves it, because when your forced to buy a new machine, they sell another unit.
On a mobile note. Want to maybe run Android, or Google Chrome on that Win8 tablet you bought, not going to possible. Don't want that tracking app, or battery wasting bloatware app running, won't be able root your phone/tablet to get rid of it.
Pull your heads out of your asses and recognize this effects you, the consumer, whether you run Linux or Windows. It's not about security, it's about vendor lock-in and forced early obsoletion of the devices you own and paid for.
Re: I think your problem
Date: 2011-09-27 05:43 am (UTC)Re: So I guess CoreBoot is dead?
Date: 2011-09-27 05:53 am (UTC)Maybe your employer (I assume Microsoft) should actually look do some research before sending you to post that stupid post. They are a member of the UEFI.
However because your employer has market control, they can require OEMs and manufactures not to have a disable switch.
Mac dominance
Date: 2011-09-27 06:03 am (UTC)Most people are sick of having problems with Windows, having to pay for anti-virus software and the slowness of windows of new hardware.
Re: Source based distro's?
Date: 2011-09-27 11:21 am (UTC)Re: Appealing to the wrong authority
Date: 2011-09-27 11:26 am (UTC)- Most users can't install Windows themselves.
Despite the prowess that we all have that causes us to believe that an OS install is no big deal, fact is that most people wouldn't even know where to begin to install an OS.
Re: Appealing to the wrong authority
Date: 2011-09-27 11:54 am (UTC)1) MS does not have any contract with any OEM to, as you say "deliver no PC without an OS/Windows on it." That practice was outlawed (for MS) a decade ago.
2) You say "When Windows 8 starts shipping, the UEFI on all OEM PCs, as mandated by Microsoft, will require a CA key to install Linux. Practically speaking, the bottom line is, MS is indirectly but effectively preventing Linux from being installed on any PC that comes with Windows 8." This statement appears to hinge on the unstated assumptions that only a Win8 key can be loaded into the UEFI config, and additionally that the UEFI will be configured such that the system owner cannot add keys or shut off the secure boot function. None of these assumptions make much sense. UEFI easily supports both multiple keys, and the ability to turn off the secure boot function.
Since it is to any vendor's benefit to make every system appeal to as many buyers as possible, it's quite likely that OEMs will do what they can to not lockout other operating systems. Why would they leave money on the table when it is very easy to include an off switch (software or hardware) or to add signing keys from any other OS maker who deigns to provide them?
no subject
Date: 2011-09-27 02:42 pm (UTC)Secure booting prevent rootkit malware which infects your bootloader or BIOS. The firmware will authenticate the signature of the code. If there is any tampering, it will refuse to boot.
The concept of secure boot is a good idea, but this fiasco shows how dangerous it can be if abused.
Re: Requesting a article on UEFI Secure Booting
Date: 2011-09-27 02:45 pm (UTC)Re: Boo hoo
Date: 2011-09-27 02:47 pm (UTC)Nonsense. Enforced Windows bundling is stuffed into consumers throats. Buying Windows 8 PC indicates nothing, because most probably that PC won't be even sold without Windows preisntalled.
no subject
Date: 2011-09-27 02:51 pm (UTC)Practice shows otherwise. Microsoft enforces Windows bundling (i.e. Windows tax: http://en.wikipedia.org/wiki/Windows_ref
Re: You are fighting this the wrong way.
Date: 2011-09-27 02:53 pm (UTC)They don't care. Their approach always was - get new hardware for new Windows.
Question
Date: 2011-09-27 06:23 pm (UTC)Chris Brandstetter
Re: Question
Date: 2011-09-27 07:16 pm (UTC)Re: So it is just FUD
Date: 2011-09-28 02:34 am (UTC)