Slashdot Mirror
Free Software Foundation Campaigning To Stop UEFI SecureBoot
hypnosec writes "The Free Software Foundation is on an offensive against restricted boot systems and is busy appealing for donations and pledge in the form of signatures in a bid to stop systems such as the UEFI SecureBoot from being adopted on a large-scale basis and becoming a norm in the future. The FSF, through an appeal on its website, is requesting users to sign a pledge titled 'Stand up for your freedom to install free software' that they won't be purchasing or recommending for purchase any such system that is SecureBoot enabled or some other form of restricted boot techniques. The FSF has managed to receive, as of this writing, over 41,000 signatures. Organizations like the Debian, Edoceo, Zando, Wreathe and many others have also showed their support for the campaign."
Hasn't Ubuntu made GRUB a SecureBoot boot loader? How isn't this sufficient?
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
I like the straight jacket clipart - It reminds me of how this is all just insanity.
Secure Boot is a good thing people! It means I can actually lock out my machines so they'll only boot linux and never windows!
It's already commonplace, and almost no one noticed.
There's nothing that can be done. Regardless of which half of the Party is in power, no one's going after the monopolists.
It should be mandated that any restriction on a general purpose computer has to be stated clearly as such on the packing, otherwise it would a intentionally concealed defect.
Richard, it's a nice sentiment, but what are the alternatives? Signing something saying I won't buy a UEFI-enabled system is basically saying I've doomed myself to the stone age. Every company is switching over. Nobody's going to go for that in the long term, anyone signing that is doing it just to make a statement. Eventually, their decrepit pre-UEFI system is going to fry, and they're going to go looking for a new one.
Rather than do something useless like a petition, which have a very low success rate on the internet, why not give us something useful: Like a list of motherboards and builds that do not have UEFI and sport otherwise modern hardware and features?
#fuckbeta #iamslashdot #dicemustdie
The secure boot crap could be an antitrust issue.
German goverment has spoken abit about it
http://www.h-online.com/open/news/item/German-government-advocates-security-in-the-hands-of-users-1753715.html
I'm pretty sure your shift key is broken. Possibly, your comma key as well
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
screw it ill start getting parts and building my own and i bet that will make me a ton a cash
so go on microstupid and apple keep it up your making me flush with doh i love you idiots er guys
Huh?
If anything, the FSF should push to have how UEFI handles its signature database, and who handles signing, fixed so that it isn't so wholly Microsoft centric. You can tell because it puts key acquisition and installation in the hands of the system vendors, and the only one they'll independently acquire with any regularity is Microsoft's. And as a result everyone goes to them for signing.
If key handling were decentralized and standardized across all vendors, and adding your own key wasn't mutually exclusive with other keys (as it effectively is now,) then it probably wouldn't be such a problem. Hell, if they included a system-specific key installed on each platform and a hardcopy of the key, that would probably eliminate most of the concerns expressed here.
Unfortunately, doing this would likely require them becoming a promoter ($200,000) and contributing code out the ass to see it happen. As it stands the only OS vendor at that level in the UEFI Foundation is Microsoft. All the Linux vendors are Contributor or lower and can't possibly have a voice as loud as Microsoft. Net result a perfectly good security concept gets twisted into a Microsoft-specific hazard.
neckbeards, unite!
WÌÌfÍ--ÍSÌÒÍ...Í...ÌHÌÍfÍÍÍ--ÍÍÍ
What about severs and web hosts / ECT.
Windows 7 UEFI secure boot??? enterprise use is way to big for that to get locked out.
Where is HP and DELL in this???
Supermicro??
Tyan??
Linux in Medical Devices (do really want MS windows to be the only choice there??)
http://blogs.windriver.com/medical/2011/11/using-linux-in-medical-devices-what-developers-and-manufacturers-need-to-know.html
Don't work towards freedom, but allow the work itself to be freedom.
- Dogen Roshi
Desktop motherboard manufacturers know that in the past and in the present that following the dictates of Microsoft is how to survive. But those days are mostly over. I doubt any of the MB manufacturers are going to stand up and fart in Microsoft's face and say NO. But I suspect they know the trend is moving away from Microsoft and with the Linux noises that companies like Valve are making that Microsoft will only get weaker. Thus they will probably pretend to put UEFI onto the motherboard but make it really really easy for anyone with the capability to install linux to turn it off. So I suspect that the motherboards will soon come with UEFI enabled by default (maybe) but that you can either go into the bios and turn it off or short a jumper.
Other options would be to leave a weakness in the system so that it is easily hacked and thus bypassed; this way they can meet the letter of Microsoft's law but not at all the spirit. And of course they don't need to make a hole, they know people will find a hole and they won't bother patching it. But I just don't see the manufacturers coming out and directly attracting Microsoft's rage. Plus companies know that all kinds of businesses will want to put a whole range of products on their systems from oddballs like DOS with many wanting XP, Vista, and Windows 7. It wasn't that long ago that I saw an ATM running OS/2. I suspect the guts of the ATM were newish.
But in the near term Microsoft is going to ask "Who farted?" and the various manufacturers are going to pretend that they didn't.
All that said, Microsoft's worst nightmare would be for a company to start releasing Motherboards/Machines with UEFI disabled as a feature and telling the world that smart discerning high-end customers buy systems without UEFI and that the drones buy what the suits at Microsoft tell them. What microsoft seems to forget that while computer nerds running things like Linux are not a significant market share in and of themselves they are who guides, or outright chooses what systems get picked. Minimally how many slashdoter's are involved by their families when they are picking machines. Without starting a religious war about my personal tastes I can say that when people around me are buying a system I give them a fairly narrow range of choices that if they stray from I won't take their "urgent" calls at 10pm when things are going wrong a month later. "Oh your poorly designed laptop that sucks cooling air in only from the bottom overheated when sitting on the sofa and now you need your data pulled from its carcass? How about no." So while people like us probably only represent 1% of the market we probably influence 30+% of the market. So if we don't like UEFI the manufacturers will soon find that we have a bigger vote than simplistic market surveys might otherwise suggest. So even if they totally cave to MS I suspect cracks will appear fairly quickly.
Let's put on our thinking caps folks. Return Oriented Programing is an exploit engineering technique that uses the existing signed and/or encrypted code to create the exploit code. That means Secure Boot is defenseless to stop this type of exploit. If the application or OS code has mistakes in it then a function pointer on the stack, or in the heap (read/write memory) can be overwritten and be used by exploits via return oriented programming, and SecureBoot won't help one bit -- The code that's running is signed and/or encrypted. So if the Application or OS code isn't secure (which it won't be) then SecureBoot is pointless. What that? It won't be able to infect a boot sector? Well, if you've got malicious code running on your system then there exists an exploit vector that cane simply be re-exploited next time you boot up. See? Pointless.
Ah, but what if the Application and OS code could be written to be secure against stack smashing and undesired code pointer manipulations? Well then, there wouldn't be any exploit vectors that you needed SecureBoot to protect you against. See? Pointless.
Well, I say "Pointless", but what I mean is useless from an end user perspective. I don't mean to gloss over the only real use SecureBoot has: To prevent you from installing your own OSs and Applications, and having control over your own computers.
Any American's thought of starting a thing on the White House Petition thing? Get 25k American's and Obama has to comment on it. Would have thought that would be a cheap easy way to raise some awareness on the topic.
http://blog.karit.geek.nz/
I'm supportive of this campaign, but I'm turned off by their $50.00 USD minimum for individual donations. I don't have a lot of spare income, but will often donate $5 or $10 to what I think is a good cause. I've always assumed that if enough people do likewise, my small contribution will add up to something significant.
The only reason I can think of to justify a minimum contribution amount would be if they are issuing receipts for tax deductions and there is some cost involved in doing so. Even if that case, however, they could simply have a statement that says tax receipts won't be issued for donations below a certain amount.
As for OS's that won't run with UEFI disabled. I have no use for them.
File under 'M' for 'Manic ranting'
So can FSF design/modify UEFI/Secure Boot that locks out proprietary (non-free) software?
A man spends the first half of his life accumulating stuff, the second trying to get rid of it all.
windows 8 stink as well hurts ms a 7 boot loader will help alot of this may be DOA as it will be a hard sell with a MB that can only boot windows 8
I'm pretty sure your shift key is broken. Possibly, your comma key as well
Punctuation isn't free. You and your "I'll use it 'cuz I got it" attitude doesn't fly in our txt/140 world.
UEFI doesn't solve any sort of security problem, and like a lot of solutions it is so obvious it was done to secure Microsoft's monopoly you have to be a moron to not see it.
BIOS based systems are fine, and they have been fine for a long time. What we need, is an OpenBIOS, adopted industry wide, not UEFI.
UEFI is crap.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
This is TCPA Round Two
1,000,000 signatures would be 1/3 of 1% of the US population, if the US population was only 300 million.
500,000 would be 1/6 of 1%.
We'll continue being generous and assume this 41,000 is in fact 50,000, so it's 1/10th of 1/6th of 1% of my very generously underestimated US population model.
To put it another way: Nobody cares.
41,000 isn't even a small drop in the bucked.
The reality is that people can go out and buy a PC and install Linux on it with no problems - so why should they care?
I support FSF in most things, but this is an important feature.
Rootkits are a very real problem, and SecureBoot is a good step towards eliminating them.
As long as there is some way for the user to disable it, I'm happy. Although it could be a bit tricky to achieve that without breaking the security model. Perhaps a hardware switch that can only be accessed by removing a few screws from the case...
Yes, saying they don't want my measly $20 or $40 doesn't really endear them to me. The cause is good, but I will look for other ways to support it where my meager contribution would actually be appreciated.
What do distros where signing isn't an option do? I would think that a good portion of LFS and Gentoo users chose it because it gives them control over what they put on their systems, not because of any perceived speed benefits.
Aren't they a little late to the party?
This post is a little misleading. We think Secure Boot is OK so long as computer makers implement it in a way that it still allows a user to control his or her own computer. What we don't want computer makers to do is implement UEFI in such a way that a user is unable to sign their own software (e.g. bootloader) AND they are unable to turn Secure Boot off -- we call such an implementation Restricted Boot (because we want to emphasize that it instead of providing security, it exists to restrict a user from controlling his or her own device). We hope that computer makers will choose to implement UEFI in a way that truly does provide security and control, and many are implementing Secure Boot in this way.
Joshua Gay
Licensing & Compliance Manager
Free Software Foundation
it always has been: in the community.
when they kicked around ACPI as a standard that intentionally didnt 'just work' on linux, we made it work.
when dvd was a big-two game, the community came together again and made that work as well
when windows mandated the wholly superfluous 'windows' key we simply coopted it to our own desires. Awesomewm, for example.
absolutely tireless effort was spent making sure every iteration of broken windows continued to be supported as a dual-boot option in Grub.
We engineered solutions for their docs, excels, and even the very programs that ran only on windows in the form of Wine.
secure boot could come, and against it will stand a threat that microsoft has consistently underestimated: Hackers. We cannot be lobbied against, or coded around. there is no NDA we recognize or understand. Im not saying UEFI shouldnt be stopped, just that if and when it comes, we have been ready since the dawn of the kernel to make it do what we want it to do.
Good people go to bed earlier.
Spammers start a petition against DomainKeys to stand up for their freedom to spam.
Programmers start a petition against CheckStyle to stand up for their freedom to format as they please.
Anonymous starts a petition against virus checkers to stand up for their freedom to infiltrate systems.
Drivers start a petition against radar/laser guns to stand up for their freedom to travel at whatever velocity they want.
Drunks start a petition against breathalizers to stand up for their freedom to get a buzz.
Students start a petition against grades to stand up for their freedom to learn what they want to learn.
Citizens start a petition against taxes to stand up for their freedom to keep what they earn.
All these things like SecureBoot are tools. Sometimes they are useful. Making them mandatory may cause problems, but their mere existance isn't necessarily something to protest. In fact, I believe Microsoft HW certification requires x86 system to ship with the ability for the user to disable SecureBoot UEFI. Only in WinRT is secure boot required. The common rational for this dichotomy is that the WinRT ecosystem is more like a cell-phone captive tablet consumer product where it is not common for users to be able to install their own software as the HW is often captive or subsidized.
41,000 isn't even a small drop in the bucked
Lets compare it so something more tangible and relevant, where are the 41,000 requesting this feature...with this particular solution?
I suggest just keep purchasing motherboards from your favorite vendor and returning any which have this defective by design UEFI feature.
So if the Application or OS code isn't secure (which it won't be) then SecureBoot is pointless.
SecureBoot is about booting securely, anything after the boot is up to the OS to handle.
I hear the OS/Apps can be by exploited, so no point in using a firewall.
SecureBoot can protect you against against physical access.
I am not saying SecureBoot is the best implementation, but the basic idea of it is good. We need some form of DRM system that the user can manage to protect their system from physical access or general boot exploits.
freetards
I know adding "tard" to the end of thinks magically makes you cleverer than they are. It doesn't
But I love the irony of you defending Microsoft an abusive multiple offending monopolist, a nasty company by every measure, has shenanigans, by recent favourite by this awful awful company is to hirer Mark Penn who unlike you is a professional shit slinger, who has has a department to match “strategic and special projects” http://www.nytimes.com/2012/12/15/technology/microsoft-battles-google-by-hiring-political-brawler-mark-penn.html?_r=0 what a nice man
neckbeards, unite!
I like the way that ad hominem works better than rational discussion. The sad fact is I was watching an article a video about replacing Ballmer...and the main reason given was he wasn't telegenic (I had to look it up). Have we really reached a stage where what we look like is more important than what we are. I do think you would benefit a little more if you looked at he issues in hand.
UEFI in itself is not a "bad thing", but how it is implemented is, most definitely! I think that MS is using this initiative to lock manufacturers into an MS-centric environment, and that IS a "bad thing"... :-(
You're confusing things. The FSF is not Linux. The Free Software Foundation cares about promoting free software - be it through Linux or not. There are other free kernels, although Linux is the most famous.
The FSF is not against secure boot technology. What they're against is using secure boot to secure a single monopolistic company's (Microsoft) marketshare to the detriment of everyone else. UEFI is not secure boot, it is DRM.
We need some form of DRM system that the user can manage to protect their system from physical access or general boot exploits.
Sounds familiar...
Once upon a time in a far-away land of fantasy, the great mechanical wizards of the Blue Tower toiled away with their spellbooks and tools day and night until they produced a novel machine. This machine was incredible, able to condense several books' worth of information into one circle of a magically-imbued fabric. Since only the wizards would be able to read the magical inscriptions, they also produced a machine, granted with the power of induction, to read the fabric's tales, and write new tales onto the cloth as well.
It was quickly apparent that this fabric would be fragile, and much valuable information could be damaged if a particularly important piece of fabric was reused. To solve both problems, the fabric was carried in a hard shell that only the reading and writing machine would open. Writing would only be allowed if a particular part of the shell was intact. In this manner, kings and nobles who had their important information stored could simply pierce the shell, and the fabric would be reasonably safe from accidental harm.
We should start working on making something like this real. Each user could just load up one of these fabric disks with keys they want to allow, and use some kind of toggling switch to enable or disable writing. Linux advocates could hand out key disks with their distros, and users could be reasonably safe from harm. The only real attack vector is physical access, at which point the attacker could just pry the case open and pull the drives.
You do not have a moral or legal right to do absolutely anything you want.
posting a inflammatory rant off topic doesnt make you look any smarter. I am not defending microsoft, I just happen to notice every time FSF gets worked up there's always a required "donation".
How you magically tie this in to being a YAY GO MS post is beyond me, and your ongoing blather about some nytimes writer is pointless in context
I like you Osgeld, I admire a man prepared to defend a Mega-corporation fearlessly. I love the way you tried so hard to create something nefarious against an organisation that relies on donations...asking for Donations like Freebsd and Wikipedia, or lets be honest these people produce something of value, Richard Stallman is who he is because he created a compiler that produced faster binaries than the competition at a time when they cost thousands of dollors...and gave it away...and yet your painting this organisation in a bad light compared to Microsoft...the shits who can't even pay TAX, the stuff the feeds roads; hospitals; schools. Seriously love what you do for Microsoft.
Linux OSes promote themselves on their security but they're against one of the things that is designed to circumvent stuff like infected bootloaders because they'll have to do a little bit of additional certifying of their OS bootloader?
Yes, because network/computer security is all about infected bootloaders.
I just donated $10 via paypal.
Microsoft: I hope you trust me, OEMs.
OEMs: Of course.
Microsoft: I need your help, men. I want you to be the eyes, ears, and voice of UEFI. OEMs, I'm appointing you to be my personal representatives on the UEFI Council.
OEMs: We? Masters? We're overwhelmed, sir. But the world of open source prospers without this disease. They will never accept this.
Microsoft: I think they will. They need you, more than you know.
If you only knew the power of proprietary software lock-in, backdoors, spying. (Laughter)
I was going to mod you up but then I read your final sentence:
We need some form of DRM system that the user can manage to protect their system from physical access or general boot exploits.
Secure Boot is *not* (necessarily) DRM. It all comes down to who controls the keys. If the owner controls the keys then Secure Boot is a good thing. If the owner does not control the keys then Secure Boot is a form of DRM and it is a bad thing. If the user/owner has control and can use Secure Boot to protect their system then it is not DRM.
The big danger of Secure Boot is that, unlike conventional DRM, it can be actually be made secure. This could then be leveraged to make unbreakable DRM. This is the looming threat of Secure Boot.
I agree with you that Secure Boot can be a good thing. IMO the FOSS community should embrace Secure Boot, provided that the user/owner has control of the keys. IMO the fight should not be over whether to use Secure Boot or not, the fight should be over who has control of the keys. This is an easier battle for us to win because there are simple real-world analogies for key control that the general public can understand.
We don't see the world as it is, we see it as we are.
-- Anais Nin
you have the freedom to get a buzz just not on the road driving a car.
Drivers start a petition against radar/laser guns to stand up for their freedom to have a fair reading not a false reading.
Students start a petition against grades to stand up for their freedom to learn what they want to learn. More classes should be pass / fail and not pass by just cramming for the test with little to no idea on what the class covers.
Also they should freedom to learn what they want to learn with out all the forced classes.
virus checkers should give you the right to put any software that you THE USER wants to put on the white list with no forced black list.
again where the heck are you getting this YAY GO MS attitude from?
personally, fuck them both
You have personally attacked the integrity of the FSF, on behalf of Microsoft. So no lets not "fuck them". You see lots of people do not *agree* with the FSF, or think their views are misplaced, or have alternate views, but everybody is 100% in agreement that "win, lose or draw" for the past 27 years they have had a preference for promoted the universal freedom to create, distribute and modify computer software, you might not agree with it, but it has never and I repeat never been to line their own pockets...the astonishing irony is you use this to defend Microsoft so money grubbing they got to have a $ in their name.
The reality is this topic is about limiting *ALL* users(and developers), by locking their platform down, to turn it into a glorified electronics device, and squeeze some extra billions out of its crumbling monopoly.
and Adobe too. I just went to find an Acrobat to register
a Gov. complaint, and there is nothing free. When I am too poor.
The bastards are relentless, and winning. And SOOO wrong.
We need an "Occupy Software" also.
John Eadie [JE46] http://www.c-art.com `one of these days the dogs aren't going to eat the dog food' - Bill Joy
The petition isn't against Secure Boot. It's against what they term "Restricted Boot", which is using the standard in such a way that machines would be sold that the manufacturers would only allow to boot Windows, and that the user would have no control over it. This article is a horrible summary of the petition and misinterprets it completely. Here is the actual pledge:
We, the undersigned, urge all computer makers implementing UEFI's so-called "Secure Boot" to do it in a way that allows free software operating systems to be installed. To respect user freedom and truly protect user security, manufacturers must either allow computer owners to disable the boot restrictions, or provide a sure-fire way for them to install and run a free software operating system of their choice. We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems.
Love 'em or hate 'em, Apple is a bulwark in this case by not supporting secure booting on Macs. As a major global vendor, enjoy using them as a base of operations as you oppose UEFI.
"We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
Nevertheless, you did exactly that IMO. Please allow me to reiterate for the benefit of others:
Technical solutions as proposed above are irrelevant, because the fundamental problem here is that I SHOULDN'T HAVE TO FIND A GODDAMN EXPLOIT TO RUN MY OWN CODE ON MY OWN COMPUTER!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
So many morons here are posting about how UEFI is bad.
UEFI is a successor to BIOS. It is good. It is practically necessary if you want to run modern hardware properly.
SecureBoot is good. It prevents rootkits and other shit that fuck with the boot sector.
Not allowing users to change their trusted keys for SecureBoot is bad. All x86 systems certified for Windows 8 require that users are able to change the keys.
Non issue.
Can someone explain how secureboot is supposed to stop a compromised windows install from loading, since windows started using its own boot manager?
Wouldn't secureboot only be checking the signature of the windows boot manager, and not what in turn it was booting i.e. windows or linux?
again where do I praise MS?
I'm sorry I thought you were holding a one man army smear campaign using made up unsubstantiated (and ridiculous) rumours against the FSF who are naturally against *Microsoft* in restricting the running free software on commodity hardware in a thread that deals with that. The bottom line is your behaviour has been appalling, and a deliberate action in stopping the FSF getting funding, for what most see as a good cause.
From my perspective the problem with secure boot is if such a technology even exists it is more likely to be mandated to be implemented in an oppressive manner by government(s) as a means of enforcing state control over all computing.
Its existance means at some much sooner future point this is something that becomes practical to legislate as it can be trivially implemented for all systems sold in a given region.
None of these campaigns are against the mere existance of secure boot itself. I think this is a mistake regardless of its chance of having any impact.
Except that you look like a dork if you don't use capitals to begin sentences.
People who use things like "freetard" don't realize it but they basically end up with a mindset none to different from racists.
Its nothing like racism is just old fashioned bullying which does rely on aggression and hate. More "Mean Girls" and less "mississippi burning"
This seems to be addressing a problem that doesn't exist. The only thing SecureBoot appears to be "securing" is vendor lock-in.
No thank-you, please go away.
one simple observation without going off on a witch hunt?
Oh did you thing think suggesting people were frothing at the mouth...or calling the retards...or accusing them of taking money under false pretences, because they provide an alternative to the software your running is not acceptable.
Abusive ad hominem is black and white, and has nothing to do with cause. The sad fact is you are still attacking the FSF. I'll keep an eye out for your username
xxx
And OMFG, you can turn off SecureBoot and/or make any key and/or signature whichever way you want it to be.
Precisely according to the UEFI spec as it requires.
MS has EVERY right to lock their own ARM's and such proucts down, and they will do exactly that.
But public mobo makers and third-party chinese ARM'ers and tablet'ers never will.
So this whole thing is TOTALLY and FALSELY blown out of proportion and only applies to people insisting on buying MS-Windows products, for which they'd never want to run any other OS in the first place... precisely because they're self-defined MS-Windows fans. So even they don't care about this.
Everyone else is simply not going to buy MS products.
It's that simple.
http://usa.asus.com/Motherboards/AMD_Socket_FM2/F2A85V_PRO/
Yes, saying they don't want my measly $20 or $40
I have no idea where you saw that. The header of the page clearly says:
Start your membership today with a $10 donation
And yes, you can donate just that.
Dilbert RSS feed
FSF is not against Secure Boot, just against implementations that remove the control from the user.
Dilbert RSS feed
SecureBoot is a standard that allows the end user to limit their system to only booting signed code. Next thing you'll be complaining about SSL and how it can also limit the end user from working with untrusted sources.
The same marketing babble all over again. Sometimes I wonder whether it's Microsoft shills all around or just people are so stupid.
Yeah, from a purely theoretical and technical perspective you are right. The problem arises when one or more of the following things are true:
- there is (in practice) one involved party who controls the only viable root keys to the whole scheme (check)
- the existing implementations of UEFI "BIOS" are as complex as an operating system in its own right, developed in the closed and with as many opportunities of security holes and bugs as a (squishy, new, untested) operating system (check)
I have no words to express how an incredibly fuckingly stupid idea all that thing is.
(Yes, having a possibility to cryptographically check the boot record from the boot ROM seems basically desirably and sound).
....it doesn't do anyone any good to be spreading FUD! If you actually spent some time researching this topic, you will find that what you said isn't entirely true. Take the Dell Latitude 6430u that comes with Windows 8. You can disable secure boot in BIOS. I refer you to page 44 of its owners manual....
Well, I don't have a 6430u, but I just looked at page 44 of the owner's manual. It's written in gobbledygook language with double negatives and obscurity about what exactly is being enabled/disabled.
What's more, one of the controls 'described' on the page has a big warning that it's for one-time use only and "Activate and Disable options will permanently activate or disable the feature and no further changes will be allowed".
Maybe I could navigate that path to freedom if I had plenty of information from elsewhere, but that 'owner's-manual' page looks like it's exploiting complexity and obscurity to hinder the use of freedom.
It's unfair to call 'FUD' when information about available features has been obscured to the point of incomprehensibility.
-wb-
What you describe is an almost nonexistent problem to begin with. SecureBoot is merely security theater... at a price.
In practice, it must be destroyed or it will be abused. The fact that you called it "DRM" (it's not, but...) should make you want to destroy it just for that reason.
It is like the RFC's "SHOULD" whereas they use "MUST" in that it MUST come with SecureBoot on on purchase. The user doesn't have to be ABLE to turn off secure boot, but it is written down as something that should be allowed anyway.
So, the customer has borked his Restricted Boot install of Windows and want his files back, what now?
You can go "You should have saved those files to your network-drive", try to explain what UEFI is to the user (he wont understand) etc. End-result: he wont get his files back no matter what.
" GPL is most certainly not about universal freedom by definition"
Really.
And freedom is by definition not universal freedom by definition SINCE YOU AREN'T ALLOWED SLAVES.
Truly you are a giant arsehole and the sooner shite like you are dead the better humanity will be.
What evil people never seem to grasp is that the underhanded tactics they employ come with grave vulnerabilities and blowbacks.
Even if it is just a statement that changes nothing, I still signed the petition. No reason not too. What was interesting is they asked for a confirmation email so I signed it with my throw-away hotmail account. Lo and behold, the hotmail filters put my confirmation email from the EFF right in the Junk folder.
Well played, Microsoft, well played.
"This is horrible! Don't you see how horrible this is?"
How I wish!!!
If only the FSF, instead of ranting all the time against everybody in the computer industry, would put together its own plans for its own FSF platforms, it would be worth admiring. For starters, they could make a VLIW CPU - make its HDL source code available under GPL3, and have an internal design team working on that. Then on the firmware side, they could make GRUB2 an essential part of that CPU's firmware, so that it is inseparable from it. On the software end, start working seriously on HURD, and port that on this CPU. Then on top of HURD, have whatever they want running - Emacs, x11, GNOME3 or GNUSTEP - and run with it.
Have 2 versions of this CPU - one like Itanium, which would make this perfect for servers, and another like Transmeta, which would make it optimal for laptops and tablets. Implement them, and then start producing laptops like the Lemote Yeedong, and tablets, and start selling them w/ the gnu logos. Push this in stores or distribute them in whatever way they prefer. At least, that way, the FSF will have a positive contribution to society, instead of all the bellyaching they keep doing about others like Red Hat, Debian, Canonical and others in the Linux business.
Piracy has to die... and this is just one small step toward that death ... I predict that soon all software will be distributed using an AppStore like system with strong cryptography that will make copying irrelevant ... No possibility to copy stuff (software, movies) between devices ... no piracy ... get used to it you freeloaders
...when desktop PCs will be locked down as tight as iOS toys. People thought RMS was nuts when he foretold it in Right to Read, people thought I was being paranoid when I warned it was imminent a few years ago. And now it's on our doorstep and when our current computers are no longer usable for whatever reason we'll be forced to open the door, so every idiot who bought or recommended a curated computing device leading up to this, please take a look through the peephole at the harbinger of the end of open computing while I say I Told You So.
"When information is power, privacy is freedom" - Jah-Wren Ryel
I don't see an issue here.
"Godfather of Linux, Linus Torvalds has weighed in on the issue of Windows 8 and that rather unsavory secureboot problem:
I'm certainly not a huge UEFI fan, but at the same time I see why you might want to have signed bootup etc. And if it's only $99 to get a key for Fedora, I don't see what the huge deal is. ZDNet ...
It isn't mandatory for manufacturers to allow the option to disable secureboot, and it isn't beyond the realm of possibility that some manufacturers will not allow that option as a way to avoid support calls they don't know how to answer."
The real issue is that Linux "today" doesn't have the OEM support to ship Linux only machines. Dell tried it, Walmart tried it and people simply didn't buy the product in large enough numbers to make an impact on the market.
The FSF isn't helping themselves or the Linux community through this campaign. It's just exposing the extremely low interest in Linux as a Desktop operating system e.g. there's nothing stopping OEMs from shipping Linux machines except for the Linux community itself - which has too many weak UI variants sitting on the same kernel that don't appeal to the masses. We're not talking enthusiast users, we're talking about mom and pop (the folks with the credit card) who would buy Jr. his Linux system.
The Linux community has a problem, itself.
"OpenBSD founder Theo de Raadt has slammed Red Hat and Canonical for the way they have reacted to Microsoft's introduction of "secure" boot along with Windows 8, describing both companies as wanting to be the new Microsoft."
Again Linux community has a problem, itself.
Think about it for a second. The FSF is asking for people to sign a petition to force OEMs from using Secureboot because it troubles dual boot Linux installations? Seriously the FSF is asking OEMs to pick up additional support costs, asking corporations and end users to open vulnerabilities...
The FSF would better serve the community by working on standards for an OpenSource hardware platform, or better yet one specific for Linux desktops.
I stand corrected, and should learn not to take someone else's word for it, but check for myself.
Although we're talking donation, not membership - you still can change the size of a donation, but it comes pre-filled in at $100, which still comes off as rather greedy. In FSF terms, you have to "opt out" of giving $100, and we know their stance on opt-outs, and would do well to follow it themselves.
M$ (or anyone else) preventing anyone from loading an OS of their choice is *the definition* of anti-competitive. M$ knows it got off easy when the DOJ let them go without breaking them into two different companies- apps and OS. Think they're going to try to sit on the public's face and fart again? Think they want another drink at the fountain? I don't think so. FSF rocks it in a million ways and that reminds me it's the time of year to give a charitable tax deduction gift to them, but in this one instance, they're fighting the last war IMO.
M$ is sending their astroturfers and paytards to spread FUD against free software. M$ will stop at nothing to totally eliminate free software. The only way to prevent malware is to get rid of the DRM infested non-free software from M$ such as Windoze Vista, Vista 7, and Vista 8, then replace it with free software such as GNU/Linux. Get a distribution that is only has free software included. M$ knows this and that is why M$ forced hardware manufacturers to use unsecure boot. M$ designed it to extend their illegal monopoly, not to prevent malware. The federal government needs to grow a backbone and punish M$ for being a convicted monopolist, not slap them on their wrists as they have before.
--
Friends don't help friends install M$ junk
Friends do assist M$ addicted friends in committing suicide.
I did a Live boot test in the store prior to purchase.
:>)
Yep. When I was buying/recommending a laptop for my parents, I took a live-boot-usb stick with me to the staples and asked if I could try to boot the candidate laptops up with my live-boot-usb stick (knoppix 7.0.2 in case you're wondering). Two out of four of the laptops did not let me have the option of using F12 or F2 to set the boot drive at startup. The two that did were older, so this UEFI crap is only going to get worse. I let the staples computer guy know why we were not buying the laptop that wouldn't boot up off of the usb port. I hope that the complaint along with voting with (my parents') wallet helps to send a signal up the chain, but we need people/groups like te EFF to really send the message out and effect a change.
Isn't Ubuntu supposed to be on 5% of computers in 2013? If that is true there's no reason to fear.