Free Software Foundation petitions against Windows 8 secure boot

The Free Software Foundation is asking the public to sign a petition against the use of Secure UEFI boot in Windows 8 machines.

The controversy over Microsoft's required use of a new secure boot specification continues to grow. The Free Software Foundation has stepped in, asking the public to sign a petition against Secure Unified Extensible Firmware Interface (UEFI) if the PC manufacturer doesn't let the PC owner turn it off or install software on their machines such as wiping out Windows 8 in favor of Linux.

See previous articles: Next-gen boot spec could forever lock Linux off Windows 8 PCs; and Some W8 PCs won't turn off secure boot, Red Hat warns

Free software advocates have gone on the offensive before Windows 8 PCs ship. As I previously reported, Windows 8 PCs will boot super fast in part because of the next-generation UEFI boot specification. The latest UEFI, released April 8, includes a secure boot protocol which Microsoft requires in order for Windows 8 PCs to be included the Windows 8 logo program. Secure UEFI is intended to thwart rootkit infections by requiring keys before allowing executables or drivers to be loaded onto the device. Problem is, such keys can also be used to keep the PC's owner from wiping out the current OS and installing another option such as Linux.

PC manufacturers can install secure UEFI in such a way as to allow users to turn it off. Or they can take a shortcut and simply make it the only way a device will boot. Sources at Red Hat have said that some PC manufacturers are already far along in their W8 device development and didn't include the "off" switch for secure UEFI. If that's the case, the only way for a user to install drivers or operating systems is if they are on a pre-approved list (they ship with the public key) or the user is given access to the private key, and has the technical know how to use it. Getting a public key for all Linux distros is problematic at best but even so, that doesn't help the user who wants to install a customized Linux distro to a former W8 PC if UEFI isn't implemented in a way that gives control to the user.

For this reason, the FSF writes:

When done correctly, "Secure Boot" is designed to protect against malware by preventing computers from loading unauthorized binary programs when booting. In practice, this means that computers implementing it won't boot unauthorized operating systems -- including initially authorized systems that have been modified without being re-approved. This could be a feature deserving of the name, as long as the user is able to authorize the programs she wants to use, so she can run free software written and modified by herself or people she trusts. However, we are concerned that Microsoft and hardware manufacturers will implement these boot restrictions in a way that will prevent users from booting anything other than Windows. In this case, a better name for the technology might be Restricted Boot, since such a requirement would be a disastrous restriction on computer users and not a security feature at all.freedoms.

... It is essential that manufacturers get their implementation of UEFI right. To respect user freedom and truly protect user security, they must either provide users a way of disabling the boot restrictions, or provide a sure-fire way that allows the computer owner to install a free software operating system of her choice. Computer owners must not be required to seek external authorization to exercise their

 

This isn't the first attempt by a free software group to ensure that UEFI is implemented with an off switch. A few weeks ago, Members of Linux Australia  petitioned the Australian Competition and Consumer Commission (ACCC) on the matter.

Readers have commented on my previous blog posts on this topic that they think the situation is a tempest in a teapot. Says a reader with the user name visomvet,  "Bah. I'm convinced Linux folks will see for themselves that this won't be a problem. Always with the pessimism."

I think visomvet is probably right, but only because of the high visibility Windows 8 Secure UEFI is getting from the free software advocates. Now that people are watching the issue, PC manufacturers will be motivated not to take shortcuts.

Here is the link to the FSF's petition where interested readers can sign to show their support.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT