Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will Secure Boot Cripple Linux Compatibility?

Posted by Unknown on from the security-through-totalitarianism dept.

MojoMax writes "The advent of Windows 8 is drawing ever nearer and recently we have learned that ARM devices installed with Windows 8 will not be able to disable the UEFI secure boot feature that many of us are deeply concerned about. However, UEFI is still a very real danger to Linux and the freedom to use whichever OS you chose. Regardless of information for OEMs to enable customers to install their own keys, such as that published by the Linux Foundation, there are still very serious and as yet unresolved issues with using secure boot and Linux. These issues are best summarized quoting Matthew Garrett: 'Signing the kernel isn't enough. Signed Linux kernels must refuse to load any unsigned kernel modules. Virtualbox on Linux? Dead. Nvidia binary driver on Linux? Dead. All out of tree kernel modules? Utterly, utterly dead. Building an updated driver locally? Not going to happen. That's going to make some people fairly unhappy.'"

4 of 545 comments (clear)

  1. "Freedom" by bonch · · Score: 4, Interesting

    Would someone interested in Linux on these particular tablets be able to order one from a vendor with Linux (or no operating system) pre-installed? I couldn't find information on whether or not OEMs are restricted from selling pre-installed Linux versions of the tablet. The SoftwareFreedom website says "any ARM device that ships with Windows 8 will never run another operating system, unless it is signed with a preloaded key or a security exploit is found that enables users to circumvent secure boot." The phrase there is "ships with Windows 8," which suggests to me that Custom Boot-enabled versions could ship without Windows. Admittedly, I have a hard time seeing it as a freedom issue, as these are just tech gadgets at the end of the day. I'd rather it was framed as an inconvenience argument, not a freedom one.

    1. Re:"Freedom" by Microlith · · Score: 4, Interesting

      So is Apple

      Apple does not sell its OS to 3rd party hardware vendors and dictate how to lock down the device.

      nothing is stopping Linux tablets from coming to market, in fact there are lots of them out there now

      There are, but how long until MS ramps up the pressure to push Android out of the market via legal and possibly illegal means?

      If you buy a 'Designed for Windows 8' device it's no different than buying an iPad with regard to the operating system.

      Sure it is. The vendor is being forced by the OS supplier to set the device up in a way that precludes alternatives, and leveraging their monopoly platform to do it.

      I doubt there are many people out there who bought an iPad and are complaining that they can't install Linux on it (me included), so why should it be any different for these 'Designed for Windows 8' devices?

      Yeah, minorities should ALWAYS be ignored. Only the masses should ever get what they want, everyone else can go fuck themselves. Right?

    2. Re:"Freedom" by Darinbob · · Score: 4, Interesting

      There are some cases where secure bootloaders are valid. Ie, so that only owners can modify their devices instead of just anyone who has physical access (electricity meters), rented or leased equipment (broadband routers), and so forth. Sometimes the device requires a level of trust as part of its design and the owners insist on knowing that the firmware has not been tampered with, such as encrypted routers.

      Additionally there is often a market need to create a secured device to prevent or discourage third party sales or hacking. I've seen this activity common in medical equipment where there can be an active trade in in Russia or China of buying old machines and reimaging them and there's no opportunity to sue (yes a murky issue as you buy software features separately from hardware, but the end-user is legally forbidden from putting their own software on in many countries). If I go in for radiation therapy treatment I want to know positively that the hardware/firmware/software has passed FDA scrutiny.

      The issue here with Microsoft and Apple is that they are huge players in the market and they're not doing this to just niche devices. With MS specifically they have a known guilty track record of antitrust activity. MS isn't going to require signing of all third party apps, they specifically want to make sure there is no competition for the operating system

      It would be better overall to allow the consumer to turn on and off the trust levels on the devices. If the operating system boots up and notices that it's not on a secured system then it can just warn the user instead of refusing to boot. This way you can make things more secure without denying the consumer their right to use the equipment in any manner they want.

  2. Re:Simple solution by SeaFox · · Score: 4, Interesting

    No, he's being serious. If you buy then and then return them opened, the store can't resell them as brand new and lose money.