Slashdot Mirror
Richard Stallman Speaks About UEFI
An anonymous reader writes "Despite weaknesses in the Linux-hostile 'secure boot' mechanism, both Fedora and Ubuntu decided to facilitate it, by essentially adopting two different approaches. Richard Stallman has finally spoken out on this subject. He notes that 'if the user doesn't control the keys, then it's a kind of shackle, and that would be true no matter what system it is.' He says, 'Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot.' Stallman adds that 'this is not a security feature. This is abuse of the users. I think it ought to be illegal.'"
All those Win8 machines people are going to kick to the curb, and places like RE-PC won't even be able to make sell them as "boot only" boxes ready for another OS because the boot is locked down at the hardware level.
The Hardware is crippled for the sake of Microsoft. Period.
Secure boot is Microsoft's attempt to maintain computer OS market share as their influences is being stripped away by the likes of Google (Android) and Apple (iOS). With HTML5 on the way, we will have WEB based applications that rival desktop versions, and run on ANY device. The OS is just a layer to get to where the real work gets done, information exchange.
AND the worst part is, secure boot doesn't actually fix the problem it pretends it solves. It can't. This is the whole DRM of DVD's and BluRay all over again. Look at how well that is working out.
DRM is broken by design.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
But I couldn't boot into my OS.
Richard's story, The Right To Read, has already sort of predicted this move.
Despite what people say about Restricted Boot, it opens up the world of computers to a whole new set of attacks... by megacorporations like Microsoft.
It's not that simple. Many users don't know what UEFI or Restricted Boot are. If they see a Certified for Windows 8 logo on a computer when they're buying it, they don't know that means extra restrictions for them.
Not everybody cares about computers, which is why Restricted Boot is so bad.
If Microsoft got what it demands, that ARM devices that runs Win 8 be permanently locked, then the only option that I have, as a consumer, is to NOT BUY THAT DEVICE
No point of supporting dictatorial regime, be it political dictatorial, or hardware dictatorial
Muchas Gracias, Señor Edward Snowden !
How? Is not the user free to make the decision whether or not to purchase the product? Yes he is.
Why, yes. Instead of buying a $50 'made for Windows' motherboard they'll be able to buy a $1000 'made for Linux' motherboard with is exactly the same hardware with the 'Windows Lockin' disabled.
Manufacturers should be free to do whathever they want with the devices they create. If they want to lock them, fine. If they want to lock them because a carrier asks? fine, lock it for that carrier or ignore the carrier. It's still their choice
I also can understand hardware requirements for a licensed OS, such a certain button layout, screen resolution, etc. Those make sense and ensure it runs as intended. The same way, Microsoft can make their own devices and lock them and it's their choice.
But manufacturers being forced by to lock the devices by the mobile OS supplier? That's abuse!. It's Microsoft abusing their desktop PC monopoly power, patents, etc. against the OEMs. What is MS afraid of, people installing Android or Ubuntu on their newly acquired devices?
Yeah, and RMS was talking non-sense yesterday. What is the world coming to ...
Yesterday? I'm a big fan of RMS - since before the beard - but the day he doesn't talk non-sense will be news.
You're welcome.
It must have been something you assimilated. . . .
Many users don't know what UEFI or Restricted Boot are.
Then what are the odds that those users will ever want to install another OS besides Windows?
the only option that I have, as a consumer, is to NOT BUY THAT DEVICE
There is no way to run Windows RT applications if you do NOT BUY THAT DEVICE. What do you recommend for people whose job involves running a Windows RT-exclusive application? Or do you expect such applications not to exist?
No point of supporting dictatorial regime, be it political dictatorial, or hardware dictatorial
Tell that to anybody who has ever bought a video game console.
It depends on what restrictions are added later. Most people don't realize how important their freedom is until after it's gone.
Let me explain ... me I just bought an wireless access point ... and I have no intention at all of using it
as an access point. I want a device with a set of excellent antenna's, great rx sensitivity and it has to
have monitor mode so I can capture raw 802.11 frames and I have to be able to make it send arbitrary
802.11 frames as well.
Yeah I found a great little device for doing just that ;-)
Thankfully this device is not locked down with a secure boot loader !!! I did have to open it up and access
the serial port on the board to load dd-wrt (an alternative linux distribution for wifi routers) but it was *easy*
and the chipset it has is a.) linux supported and b.) the chipset and the linux driver support monitoring
and injection.
IF SECURE BOOT COMES AROUND WE WONT BE ABLE TO DO THAT ANYMORE!!
If the router had had a secure boot scheme I would have had to first work hard on getting around that. JTAG. ... the ARM
Glitching, and in a few years from now even these techniques might not work anymore. In FACT
chips do have a jtag interface but now there's SECURE MONITOR MODE for jtag meaning you have to first
do a cryptographic challenge/response sequence before you get access to the chip via JTAG.
WTF!! I FUCKING OWN THIS BOX WHO THE FUCK ARE YOU TO KEEP ME FROM USING IT AS I SEE FIT, YOU SCUM!!
Anyhow here's the game plan that's been decided in the back room .... There will be secure boot on commodity hardware.
Vendors who are in the club will get their code signed easily. For a while small fries will also get their code signed for a
fee. The consumer will have the impression that there is still choice, Linux is not going to go away tomorrow, a signed and
authorized kernel will be available.
However, you will find that you're going to be locked out more and more out of your system. At some point you will not be sure
anymore what is running in the background and what backdoors are introduced into the system. You will have to trust a kernel
image that is given to you encrypted and that may contain all sorts of things.
It's the future they want. The ability to access/erase/modify your data, activate your microphones and video cameras, prevent you ... and they will detect that you tried and put you away.
from doing anything they don't want you to. Sure there will be exploits for a while and ways to regain access however limited or temporary
but as the game plan advances.. give it another 10-15 years at the rate tech is advancing and it will be VERY HARD TO IMPOSSIBLE for
YOU small fries to do anything about it. Maybe someone with millions of $$$ can hack their devices but you with a small salary will
not
Well that's their game plan .... Now YOU!!!! need to do something about it!!!
IT STARTS WITH SAYING NO TO ARM AND BROADCOM HARDWARE
IT STARTS WITH INFLUENCING BUYING AT WORK.
IT STARTS WITH GETTING RID OF THEIR STOCK
IT STARTS WITH CALLING THEM UP AND BUGGING THE SHIT OUT OF THEM
IT STARTS WITH EDUCATING EVERYBODY ELSE AROUND YOU.
Enough all caps. But yeah to drive the point home.
It starts with easy things and yes.. the way freedom is going away it may well end someday with a whole lot of violence, blood and tears ...
Enough. Think this one through. Do you want to spend the rest of your life with locked down ipads never sure if
they're watching you with it, too scared to type anything 'radical' into it, too locked down to do what you want
while the box has the 100x the power tech has to do but is using that to make your life hard and miserable???
Help me out here, I don't want this kind of future.
You can buy a locked cell phone for "$50" with a 2-year service commitment at $60/month, or the same phone unlocked for $500. The unlocked phone is of course a much better deal most of the time.
Unless the month-to-month service is also $60 per month.
Is not the user free to make the decision whether or not to purchase the product?
Sure, one is free to choose not to buy a computer with Restricted Boot. Once all computers sold to the general public come with Restricted Boot, one is free to choose not to buy a computer at all. But without a computer, how would one participate in Slashdot?
Any time I see a response to the tune of "... so and so is free to make a choice about such and such", I also think that there is no such thing as "free to choose" if one does not/can not/will not understand the finer details involved in that choice.
I can only freely choose to not buy this if I understand what does and does not work and how it can/will impact me. Most typical computer purchases are not made with this level of understanding.
-- Humans, because the hardware IS the software.
And your point then is what?
Ah, you're a loon. That explains it.
If Microsoft got what it demands, that ARM devices that runs Win 8 be permanently locked, then the only option that I have, as a consumer, is to NOT BUY THAT DEVICE
No point of supporting dictatorial regime, be it political dictatorial, or hardware dictatorial
The elephant in the discussion is the iPad, an ARM based device with a locked bootloade. No one wants to talk about making it illegal, only Windows RT tablets must be outlawed, Apple is free to do whatever they want. Say you bought an iPad on Slashdot, automatically get +5 for not choosing a PC with Windows. But guess what? Apple bans Firefox from the iPad while you can even install Linux on a PC.
This space for rent.
Then what are the odds that those users will ever want to install another OS besides Windows?
Linux install today: put the CD in the drive, boot up, select 'install', click 'OK' a couple of times. There's rarely any need to touch the BIOS.
Getting them to figure out what motherboard/BIOS version they have so you can send them just the right screenshot?
I thought you already had to do that to get the machine to boot from a CD or USB flash drive instead of the hard drive. At least Secure Boot will probably be called "Secure Boot" in all English-speaking markets.
He may be dogmatic, but he's also right WAY more than he's wrong. All of open source owes him a lot.
How hard will it be to replace a BIOS? If the OEM's are smart they will make it easy and not tell M$. Then they will be able to sell the boards after M$ has gone on to something else.
Having to work for a living is the root of all evil.
But since when does Microsoft get to lock down at the hardware level what software can or can't run on devices created by companies they don't, e.g., Dell, HP, Lenovo, etc.?
Microsoft does so with copyright. Manufacturers that refuse the lockdown aren't licensed to make and distribute copies of Windows RT.
it was fun while it lasted but open source just can't compete with the cathedral.
No shit!?! I mean... Arduino? Raspberry Pi? (should wait for time to confirm it, but anyway... Ouya?) Seems like a progression to me in open hardware.
Questions raise, answers kill. Raise questions to stay alive.
What's more, when Windows pukes on itself and the non-power user takes it to "my computer friend" who proceeds to want nothing more to do with it since no rescue discs will work
There should be less need for a "rescue disc" with the "refresh" feature of Windows 8. It wipes the Windows folder and reinstalls any Metro style applications obtained from the Windows Store.
If the parable of the boiling frog is counterfactual, as you claim, what metaphor for bringing restrictive policies into the Overton window should people adopt instead?
Linux install today: put the CD in the drive, boot up
Unless you've correctly configured the BIOS settings, the PC will skip the CD drive and boot the operating system installed on the hard drive.
the slippery slope argument is a logical fallacy
Logical fallacies work only in the case where all premises are known with certainty. Where premises are not knowable with such certainty, or where premises change over time with a change in culture, fallacies become heuristics.
The one thing I like (well, one of many) about ThinkPenguin.com is they don't ship CPUs with "Trusted Computing" technology or hardware with other types of restrictions. What most people don't realise is all the major manufacturers are shipping systems hostile to GNU/Linux already. They don't allow you to swap out the wireless cards in many of them. It's a problem getting worse because the manufacturers are making money on the aftermarket sales of replacement parts. When you can only get one or two incompatible wireless cards for your laptop your stuck of propritary software.
That's why I will never get another computer by a major manufacturer again. The only exception is if ThinkPenguin or another freedom friendly company (yet to know of one) becomes a major force in the market.
Which brings up another issue. I'm sick of being sold "GNU/Linux" systems that aren't free software friendly and humorously advertised as such. I should be able to install a free operating system and not just Ubuntu or Linux Mint.
Yeah, I totally want to replace my 3.3GHz quad-core i5 system with an ARM that's a tiny fraction of the speed, just because Microsoft lock me out of the new motherboards.
This is blatantly false. No PC boots from the CD by default. You always have to change the setting.
Weird. Mine do and always have.
not offering an *acceptable* solution
It is still valuable just to state what is not acceptable.
The certificate Microsoft uses to sign their boot loader gets compromised.
Microsoft revokes their key.
Suddenly every Windows OS fails to boot properly.
Nobody can fix it, because nobody can change the keys.
Every windows machine is now an expensive paperweight.
Thus begins the year of the Linux Desktop.
> Windows tablets would be the cheap end of the market
There seems to be the idea that:
Apple desktop = expensive. Windows PC = cheap.
Therefore:
Apple tablet = expensive. Windows tablet = cheap.
There is no evidence for this, except contrary evidence that Windows XP and 7 Slates were more expensive than iPads by quite a margin. In fact the unwillingness of OEMs to build Windows 8/RT tablets leading to MS having to build their own Surface seems based on the fact that they (OEMs) could not build any that would be competitive pricewise with iPad given they would have to give MS $80.00.
MS may well have to subsidize Surface, they will _not_ be cheap.
With x86 tablets, they will be even more because the i5 is way more than an ARM SoC.
Since they turned over Intel Architecture for Macs they use UEFI you can disable it and install Windows. I'm supposing the "PC" implementation will be similar. So I don't see any problem here.
Although I did have a mac where you had to hold down a key while booting to boot from CD.
Not Obama, the unseen hand.
Some large percentage of people who buy computers don't care about or even don't want Linux. The few of us who might buy a motherboard that specifically lets us bypass secure boot, or has facilities for signing other OS's will vanish behind them. Computer makers really have little reason to cater to us. They will do whatever they must to create the most sale-able machine
Not the best product. The product most attractive to the largest population. That population consists of people who just want to surf, email, twitter and don't give a hoot what OS they are using. So the $50 locked down motherboard will win over the $100 Free one. It runs windows; check!
No. Most computers allow the user to press a key (ESC, F12, or other) to boot from another device without going into BIOS
I've got better things to do tonight than die.
... and not offering an *acceptable* solution ...
"And as long as the user controls which keys they are, then it’s a security feature" (from the fine article) - how is this unacceptable?
It's NOT a conspiracy... it's a plot.
This is blatantly false. No PC boots from the CD by default. You always have to change the setting.
This is blatantly false: "No PC boots from the CD by default. You always have to change the setting."
FTFY
When our name is on the back of your car, we're behind you all the way!
I understand Microsoft's reasoning for having a secure bootloader (helps protect against rootkits), however, their approach is flawed. A much better way that comes to mind is something like apple's appstore model. Pay $99/year for a developer license and you can load your own bootloader. While critics probably don't like this idea, I've ran across enough rootkits in my time to believe a locked bootloader is a necessity.
There's a lot of talk about frogs on this issue but very little about accusing people of "thought crimes", which is what most of the frog posts boil down.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
He also apparently doesn't like haircuts. This is, naturally, highly relevant to the value of his views on software.
Yeah, I totally want to replace my 3.3GHz quad-core i5 system with an ARM that's a tiny fraction of the speed, just because Microsoft lock me out of the new motherboards.
ADHD much today?
TFA quote:
Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys;
Questions raise, answers kill. Raise questions to stay alive.
Psst - don't ever refer to cathedral & bazaar concepts as free software - they are open source. In ESR's book, he explains well why his group laid off the term 'Free Software' and went for 'Open Source'.
Maybe he should compose a new St iGNUtius hymn? (Sorry, didn't mean to Apple-ize his avatar)
Precisely - anyone who navigates the GNU site will see everything that's been written about OpenBoot, CoreBoot and UEFI. A more useful exercise would have been talking people into buying Lemote laptops and changing their computing lifestyles to live completely in Emacs, and make Lisp and Scheme the only programming languages to know.
Someone will just make a warm boot utility that will run after the secure boot. So all that will happen is that the machine will take longer to boot.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Given the density of NOR flash these days - and no, I'm not talking about SSDs - can't any vendor just throw the Linux kernel into the BIOS, and then have everything else - from x11 and up - on the HDD/SSD? That way, the booting experience will be smooth w/o needing to have GRUB or GRUB2, and beyond that, everything will be on the hard drive. Note that this assumes that only 1 OS is on the computer (which is the way I generally prefer it - I don't have any computer share OSs.
Oh look, an ad hominem agains Richard Stallman. Never seen that before.
What have you got against greasy fries? I took it as a compliment to his taste
Yeah, I totally want to replace my 3.3GHz quad-core i5 system with an ARM that's a tiny fraction of the speed, just because Microsoft lock me out of the new motherboards.
You may disagree, but I honestly think that buying much slower (though also much cheaper) ARM hardware is a lesser evil than being unable to choose what operating system I run on new fast hardware.
Precisely - anyone who navigates the GNU site will see everything that's been written about OpenBoot, CoreBoot and UEFI. A more useful exercise would have been talking people into buying Lemote laptops and changing their computing lifestyles to live completely in Emacs, and make Lisp and Scheme the only programming languages to know.
As long as there's a browser and some porn sites...
Shanghai Shunky Machinery Co.,ltd is a famous manufacturer of crushing and screening equipments in China. We provide our customers complete crushing plant, including cone crusher, jaw crusher, impact crusher...
Interesting but I haven't got my Windows 8 ARM device delivered yet.
Can one view porn under Emacs?
i think eating toe jam should be illegal
Laughed aloud. Mod up!
No, it will be called "Booting Protect" in some BIOS, and "Secure Enable (Enable/Disable)" in others.
By whom? Which vendors plan to rename the feature from the official title that the UEFI spec uses?
Golden China appears to be an NES clone. It was only in the 2000s that the NES became fully cracked and understood to the point where a startup could make and distribute software for it, and only in the 2000s that Nintendo's patents expired throughout the developed world. So please allow me to amend my statement: "Tell that to anybody who has ever bought a video game console within 20 years after its launch."
At boot time you can press a key to choose the boot order for that session
Motherboard manufacturers that want to sell products to enthusiasts who care about their freedom should recognize that trying or installing an operating system is one of the main reasons why an end user would want to turn off Secure Boot temporarily. So the ideal BIOS would include, right next to the single-session boot medium selection box, a single-session Secure Boot checkbox.
Techrights definitely has some good content to bring to light a lot of things that happen in the background that we don't see often enough. It's good to hear Stallman's take on the Secure Boot saga. Based on his opinion and the information posted so far, there's nothing to worry about as it can be disabled. Even though Fedora and Ubuntu will use the technology to make it easier for users, it's a temporary fix at least. As Stallman pointed out, the system keys can be modified by the user so that is a good thing, even though I (like he) considers UEFI Secure Boot a form of removable malware.
You can buy a locked cell phone for "$50" with a 2-year service commitment at $60/month, or the same phone unlocked for $500.
Sure
The unlocked phone is of course a much better deal most of the time.
Afaict this depends completely on where you live and your usage patterns. In many places you end up effectively paying for the subsidised phones whether you accept it it or not.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Most users don't care if they are abused. Many willingly throw large wads of cash into a system which supports their abuse. So it goes.
Join the Slashcott! Feb 10 thru Feb 17!
The acceptable solution is the status quo.
Give me Classic Slashdot or give me death!
That's all very well and good.
It isn't, however.
So where do we go from here?
File under 'M' for 'Manic ranting'
To dismiss something as "wrong because it's a fallacy", without making an attempt to show how it is wrong, is also a fallacy.
Let me clarify what some people are saying about how Microsoft can't demand locked BIOS because of anti-trust laws.
They are wrong. MS can demand secure boot. As long as there is a way for other comercial companies to get into this scheme, they can't be accoused of monopolizing the market.
And why would they? Secure boot won't prevent Google from releasing another TV OS. Won't prevent Apple from selling more iPads, won't even prevent System 76 from selling Ubuntu. But your S76 laptop won't have the DRM hardware module to run Netflix and your PVR that does have it won't install another OS.
Freedom will be isolated to specific machines to be easily ignored while all useful applications will be restricted to a "safe zone". That is, safe from user's freedom.
But... the future refused to change.
However, PC motherboards are not subsidized products.
/* No Comment */
This is how RMS works, though. Any piece of technology (or other product/service) that is not 100% open and artificially restricts its usage in any way is automatically the devil.
/* No Comment */
C-x M-c M-titties
/* No Comment */
I can't imagine anyone deciding to make a native Metro app and only compile an ARM version
Some company that has only the mobile rights to a video game, perhaps?
Let me take your statement to what I believe to be its ultimate conclusion: "Nobody should accept a job reviewing video games for strictly curated platforms." In this market, where for example all living room video gaming platforms are strictly curated (and the Ouya is met with heavy skepticism), how is such a position tenable?
I guess this is probably going to be flamebait. I am sad to see Red Hat / Fedora go, although only for nostalgic reasons. They were Ubuntu before Ubuntu came along... Pretty from word "go," quick to add GUIs, robust enough for power users, accessible to newbies... but also like Ubuntu, from the day it attracted its very first non-enthusiast Linux user some weird monster took over. From 5 or 6 onward it was a crappy distro with a very broken installer, full of CPU-hogging (beagle) and/or utterly broken (abrt) services, racing to adopt things that weren't ready yet (PulseAudio) ...
So much quality effort pushed into a free OS distro that totally rocked for a while, but then it just turned into a slaptastic circus. Even RPM was so broken for a while, a couple years back, that it had seemed to have zero fault tolerance, and would get stuck state files every time the package list was corrupted. Which seemed to be often. It hit a point where I switched back to Windows because Fedora had made me hate Linux on the desktop.
Ubuntu pissed me off the past 8 months as they seem to have stopped UX testing on desktops entirely, but now I'm just back to Debian :)
Also a bit sad about my title, why does it seem like Linux + money = evil?
Every trollism an AC posts is prefixed, in my mind, with "A. Coward whined, in a weak and cowardly voice:"
The reason I do is because unless what I am doing is hurting someone, I should have free reign to install whatever I want on my system. It doesn't matter if it's not a Microsoft product or what. Sure, software should go through some refining to get rid of bugs, but Microsoft isn't the best at refining software either. They are good at bullying people.
Often the mobile version of an application and the PC version of the same application are very different, to the point of a review of one version not being valid of the other. This is especially true of video games, where different platforms have graphics at different detail levels, different input methods, and possibly even exclusive missions that use some input gimmick available only on one platform. Even within mobile, the differences can be vast; compare the DS and PSP versions of a game for example.
Besides, most people will probably write WinRT (Metro-style) apps using a managed language, like C# or Javascript.
True, a port using JavaScript would be good for a port of an existing application made with PhoneGap. But as shutdown pointed out, unmanaged code is more likely for a port of an iPad application consisting of an Objective-C view of a C++ model, where the developer wants to share the model between the iOS and WinRT versions to avoid a line-by-line rewrite that would introduce bugs in the model. And is C# as fast as C++ for games and the like?
MicroFAIL is now abusing trusted computing technology in a blatant and desperate attempt to lock out competing operating systems for PCs. They have no claim to the PC architecture itself and should not be allowed to make it proprietary in order ot advance their own monopolistic agenda. When will the ignorant userbase wake up and realise that MicroFAIL are criminals who refuse to play fairly and are a serious threat to ones privacy and freedoms ? In this day and age people do NOT need Microsoft products to get real work done. There are plenty of free alternative operating systems to Windows and if your requirements are modest then one does not need MicroFail Junkware at all. Do your homework and don't be fooled by MicroFAIL spin and propaganda.
My latest PC still has a windows on, mostly because the oem license wasn't that expensive (admittingly, if i wouldnt take it i'd had to pay an extra 50 euro assembly fee). But, it made me purchase a windows license just in case. And/or to play a game.
Well, that game runs about equally well under linux. The last time i booted windows was more than a month ago, and only for 15 minutes. Most of that time spent because of the funky updates, which i let it download just to reboot into a sane OS after.
If the next PC would be a 'single boot', no way i need a windows license. It'll run any of my favo distro's, but no Windows, because that'll require secure boot. -Yes, i plan to use my current PC quite a few years to come-
Lot of friends of mine are seriously interested in running linux, i help them where i can. When time comes, they'll also be rightfully pissed when they notice their hardware is crippled. Or maybe got permanent *n*x fans before that.
MS may think the market for linux is small, they also may underestimate the need. And the 20% geeks that actually want to -at least- dual boot.
So go ahead. Do it. I'll happily pay 50 euro extra for my next mobo to have an 'alternate' bios. If any, it only drives me away from using NT. I don't need it for any task expect for trying that casual game that found a new way to bug wine, anyways.
Conclusion: if MS wants to sell me a license, they'd better offer dual boot option. Else no sale for them. Not that they really bother, but just in case, let them take their pig. I'm quite sure the soup will be aten less hot then it's served atm, even if i think it's a quite troublesome development and indeed has more to do with vendor-lock in, drm, crippling hardware and limiting users, than it has with security.
A glitch a day keeps the bugs away.