Free Software Foundation Campaigning To Stop UEFI SecureBoot

hypnosec writes "The Free Software Foundation is on an offensive against restricted boot systems and is busy appealing for donations and pledge in the form of signatures in a bid to stop systems such as the UEFI SecureBoot from being adopted on a large-scale basis and becoming a norm in the future. The FSF, through an appeal on its website, is requesting users to sign a pledge titled 'Stand up for your freedom to install free software' that they won't be purchasing or recommending for purchase any such system that is SecureBoot enabled or some other form of restricted boot techniques. The FSF has managed to receive, as of this writing, over 41,000 signatures. Organizations like the Debian, Edoceo, Zando, Wreathe and many others have also showed their support for the campaign."

Antitrust in EU?

The secure boot crap could be an antitrust issue.
German goverment has spoken abit about it
http://www.h-online.com/open/news/item/German-government-advocates-security-in-the-hands-of-users-1753715.html

Re:I have no problem with UEFI as long as....

[EdZ]

Bullshit.
1) Windows 8 runs perfectly fine without Secure Boot
2) For a manufacturer to provide a computer with Windows 8 pre-installed, or to label their product as compatible with Windows 8, they MUST allow end-user modification of the bootloader keys. If they don't, then no Windows 8 for them, as per MS' own hard certification requirements.

Re:Concealed defect

[Missing.Matter]

Any x86 machine must also include the ability to turn secure boot off as well, according to ms win8 certification guidelines.

Re:Grub?

[Microlith]

If you don't like it, disable it.

On systems where you can. Microsoft is already leveraging it on ARM against the owner of the device. This is completely unlike SSL.

You can also add your own certs.

Through a painful and convoluted process.

Ever work in the real world?

I have, have you? I deal with UEFI and vendor-to-vendor, board-to-board inconsistencies daily. IT hardware also costs many thousands more than consumer level hardware.

Any hardware manufacturer that ruined the above would be committing business suicide.

That's fine. All this has to do is hinder the adoption of other platforms and force everything through Microsoft. That's what they've always wanted, really.

Re:Grub?

[man_of_mr_e]

Because Microsoft is a UEFI promoter, no Linux companies have representation at that level.

A quick perusal of the UEFI members shows several Linux companies, and a number of hardware vendors that contribute to the Linux kernel, including Red Hat, IBM, Canonical, Cray, etc...

Re:Grub?

[andrew3]

The article confuses Secure Boot and Restricted Boot. The linked FSF page clearly explains the difference.

The only "issue" is how to manage the certs.

Correct, and that's why the FSF is opposing Restricted Boot, not Secure Boot.

Re:Grub?

[blind+biker]

Because Microsoft is a UEFI promoter, no Linux companies have representation at that level.

A quick perusal of the UEFI members shows several Linux companies, and a number of hardware vendors that contribute to the Linux kernel, including Red Hat, IBM, Canonical, Cray, etc...

The post you replied and "corrected" is still accurate: only Microsoft has promoter status.

Re:Concealed defect

[Kjella]

How is going into your motherboard's menu and disabling SecureBoot not easy?

Well you could read the link I just posted and find out, but in case you didn't getting into the BIOS wasn't obvious, he had to ignore a big red warning and after doing that he had to enable legacy boot, then a specific legacy device, then hold a secret button while rebooting to boot into it. If that's your understanding of easy, have you ever had the feeling other people perceive the world differently than you?

Re:Grub?

[Alsee]

If you don't like it, disable it. You can also add your own certs.

Oh really?

Microsoft confirms UEFI fears, locks down ARM devices

On x86 systems Microsoft needs computers to be compatible with older versions of Windows. On x86 systems the Microsoft Hardware Certification says that manufacturers must include an option to disable UEFI SecureBoot, and must allow the owner to load his own keys. However on systems with an ARM processor Microsoft doesn't need to worry about hardware being compatible with versions of Windows because there are no versions of Windows for ARM. On ARM systems Microsoft has mandated that MANUFACTURERS ARE FORBIDDEN TO INCLUDE ANY OPTION TO DISABLE UEFI SECUREBOOT. On ARM systems Microsoft has mandated that MANUFACTURERS ARE FORBIDDEN TO INCLUDE ANY POSSIBILITY OF OWNERS LOADING THEIR OWN KEYS.

Microsoft has made it crystal clear that they can and will use UEFI to lock computers AGAINST their owners and to anti-competively lock out any possibility to load alternate operating systems when they do not have to worry about compatibility with older versions of Windows.

Currently ARM processors are primarily used in smartphones, however at least one manufacturer, Qualcomm, has announced they will be manufacturing ARM based PCs. Microsoft has mandated that owners of these PCs be denied any possibility of disabling the system and denied any possibility of loading your own keys.

Microsoft has announced the Windows 7 End Of Life date to be January 14, 2020. On that date Microsoft is no longer concerned with x86 computers being compatible with pre-UEFI operating systems. On that date Microsoft can drop the "Disable SecureBoot" legacy support. On that date there is every reason to expect Microsoft take their ARM-style no-legacy-support terms and impose them on all PC manufacturers.

Your "If you don't like it, disable it" is already false on some systems today, and there is good reason to suspect Microsoft may forbid it on all systems in a few years.

-