FSF Does Want Secure Boot; They Just Want It Under User Control

Yesterday, we ran a story with the headline "Free Software Foundation Campaigning To Stop UEFI SecureBoot." It's more complicated than that, though, writes gnujoshua: "We want computer manufacturers to implement Secure Boot in a way that is secure. If a user can't disable Secure Boot and they are unable to sign their own software (e.g., bootloader, OS, etc), then we call that particular implementation 'Restricted Boot.' We don't want computer makers to implement Restricted Boot. We want them to implement Secure Boot and to provide a way for individuals to install a fully free OS on their computers. Many computer makers are implementing UEFI Secure Boot in this way, and we want to continue encouraging them to do so." The complete text of the statement they'd like people to sign reads: "We, the undersigned, urge all computer makers implementing UEFI's so-called "Secure Boot" to do it in a way that allows free software operating systems to be installed. To respect user freedom and truly protect user security, manufacturers must either allow computer owners to disable the boot restrictions, or provide a sure-fire way for them to install and run a free software operating system of their choice. We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems."

What problem does it solve?

[Gothmolly]

What problem does Secure Boot solve, other than Microsoft's "other OS" problem?

Re:What problem does it solve?

[Great+Big+Bird]

In days gone by a 'boot sector virus' was a real danger. This would seemingly prevent that.

Re:What problem does it solve?

[macemoneta]

The boot sector issue has already been solved by most BIOS by (optionally, under user control in the BIOS configuration) preventing writes to the sector. The only time you need to unlock it is when you want to update the bootloader (relatively rare). I'm still at a loss for the value-add presented by secure boot.

Re:What problem does it solve?

The value is that it's DRM. Obviously this has no value to any computer user, but it has value to the people who try to force the proprietary OS on you (Microsoft).

Re:What problem does it solve?

[AmiMoJo]

Many viruses modify either the OS bootloader or low level drivers (SATA, PCI bus etc). By loading so early in the boot process they have full and unrestricted access to the entire machine, making them excellent and difficult to remove rootkits.

This isn't just a Windows problem either, all operating systems are vulnerable to the modification of core boot files.

Re:What problem does it solve?

[Billly+Gates]

Many viruses modify either the OS bootloader or low level drivers (SATA, PCI bus etc). By loading so early in the boot process they have full and unrestricted access to the entire machine, making them excellent and difficult to remove rootkits.

This isn't just a Windows problem either, all operating systems are vulnerable to the modification of core boot files.

One of the only cool things about Windows 7/8 do is have protected kernel paths combined with signed drivers in x64. This makes the job of a rootkit much harder and is one of the only arguments to give for die hard XP users who are chaining their old systems by their ankles for life afraid to upgrade.

It is not about DRM at all and is not used. A signed bootloader with the kernel path and device drivers prevent the next aulurion worm/rootkit from taking shape as nothing untrusted can run from the kernel.

It is great for corporate customers. If this could be used for gnu/Linux the situation would be great for security.

Re:What problem does it solve?

[segedunum]

1. It heads off anything else that is good enough being installed on to PC hardware that Microsoft deems threatening.

2. It's a lovely form of DRM Microsoft is probably salivating at. It means that future hardware can explcitly refuse to install previous versions of Windows even if it is possible.

3. Manufacturers will probably love it because there is the possibility that they can enforce what hardware can or can't be installed in the system. The net result is that hardware will have an artificially shorter life from now on and things will get a whole lot more expensive for users and for any prospective entrants into the hardware business. In fact, it will be downright impossible. Expect this to turn into one God-awful mess.

4. Everyone talks about Linux and other operating systems, but it will have an interesting effect on virtualisation. Microsoft has long been deeply uncomfortable about non-Microsoft systems running Windows virtual machines. The net effect is that these days you can run NT, Windows 2000 or Windows 2003 and prolong their life on new hardware by virtualising. With 'Secure' Boot Microsoft gets to dictate what hypervisors will run on hardware in future and they'll be able to control the life of their current and future operating systems. Expect to install Windows 8 on Windows Server 2015 with Hyper-V? Nope, sorry. Windows will probably also end up refusing to run as a guest on any hardware it doesn't like.

Basically, it's the end of the PC platform. I don't know whether Microsoft realises it but we'll all look back on this as the beginning of the end for them.

Re:What problem does it solve?

[segedunum]

This makes the job of a rootkit much harder and is one of the only arguments to give for die hard XP users who are chaining their old systems by their ankles for life afraid to upgrade.

It's not a case of being afraid to upgrade. It's the fact that users, companies and organisations have software and infrastructure that runs and is tested on XP and there is zero benefit to them changing it. Kind of like how a great deal of mainframe code is still written in COBOL. There is no benefit to rewriting it and people do not have the time or the resources. You might not like that but that's the real world.

It is not about DRM at all and is not used. A signed bootloader with the kernel path and device drivers prevent the next aulurion worm/rootkit from taking shape as nothing untrusted can run from the kernel.

Anything can be deemed to be untrusted, that's the problem. I'm afraid the rootkit/virus/security angle to this stuff is just an excuse, plain and simple.

It is great for corporate customers.

It's a disaster for corporate customers. They face a future of new hardware refusing to boot existing versions of Windows or any other operating systems, enforced upgrades and a spiralling in costs, licensing and otherwise. A rootkit is the least of their worries.

Re:What problem does it solve?

[oneandoneis2]

The most important one is that it can gaurantee that the software you're running is the software you THINK you're running.

Simple example: Someone nasty gets access to your Linux box and installs a rootkit. This includes a modified version of "ps" that won't show the rootkit process(es), making it harder for you to notice it's there.

If you use a Linux machine that's set up to take advantage of the hardware, you could have it set to, say, only allow software that was signed by Canonical to run on it. This would mean that all your Ubuntu software would work fine, but the new version of 'ps' our malware installed, that wouldn't run. This would alert you instantly to the fact that someone has installed malicious software, and allow you to get rid of it.

Of course, we all use more than just Ubuntu's own packages, so you'd also want it to allow software that you personally signed with a secure key (i.e. one that ISN'T kept on the machine so the bad guy can snag it) - otherwise you wind up in an Ubuntu "walled garden". So it's important that you can say who you trust to provide software you can run on your machine.

It's actually a nice idea, (I'd certainly like my next PC to take advantage of it) but unfortunately one that gets constantly overrun with paranoid hype about it being designed to kill FOSS.

Re:What problem does it solve?

[rudy_wayne]

What problem does Secure Boot solve, other than Microsoft's "other OS" problem?

Actually, it doesn't even "solve" that problem. Secure Boot is only a potential problem on computers running Windows 8. Once you buy that computer, Microsoft has already collected their "Windows Tax" so even if you install some other OS, it has no effect on Microsoft. They already got their money. This is one of Microsoft's biggest problems. The monopolist mentality is so deeply entrenched that they spend an enormous amount of time and money on stupid crap that is of absolutely no benefit to them.

More importantly, however, why exactly would you buy a computer with Windows 8 on it just so you can wipe it and install something else? That makes no sense.

Re:What problem does it solve?

[Billly+Gates]

This makes the job of a rootkit much harder and is one of the only arguments to give for die hard XP users who are chaining their old systems by their ankles for life afraid to upgrade.

It's not a case of being afraid to upgrade. It's the fact that users, companies and organisations have software and infrastructure that runs and is tested on XP and there is zero benefit to them changing it. Kind of like how a great deal of mainframe code is still written in COBOL. There is no benefit to rewriting it and people do not have the time or the resources. You might not like that but that's the real world.

It is not about DRM at all and is not used. A signed bootloader with the kernel path and device drivers prevent the next aulurion worm/rootkit from taking shape as nothing untrusted can run from the kernel.

Anything can be deemed to be untrusted, that's the problem. I'm afraid the rootkit/virus/security angle to this stuff is just an excuse, plain and simple.

It is great for corporate customers.

It's a disaster for corporate customers. They face a future of new hardware refusing to boot existing versions of Windows or any other operating systems, enforced upgrades and a spiralling in costs, licensing and otherwise. A rootkit is the least of their worries.

I posted comments here debating slashdotters who feel anyone still running an old IE at work deserves to be hacked who do not understand corporate IT. Like the mainframes platforms of old there are solutions for them. Citrix and MS terminal servers are just 2 to run older software.

I have also seen consumers who feel XP is the best OS ever made and that Windows 7 must be a Vista as slashdotters called it Vista 2.0 and think that just because it runs on 128 megs of ram make it a supperior product over anything else etc.

Why upgrade what works fine?

The fact of the matter is new hardware does not like XP very well. I read stories of help desk spending a week hacking .ini files and reverse engineering Windows 7 drivers to run on XP for these users! USB 3, touchscreens, tablets/netbooks with strange chipsets and digitizers, and other things already do not have XP drivers nor support. XP is on life support for only the corporate laptops that are $$$ for Dell and HP units. These will get EOL'd and you are screwed as they wont run XP anymore by 2014.

It is a security risk, and the rest of the world who does not have your requirements are moving on. Already Office 2003 is not fully compatible with the newest .docx files in Office 2013 and sometimes Office 2010.

Worms are a constant problem and the situation under XP is getting drastically worse! Did you read about hte newest malware targetting the XP versions of Ie 8, 7, and 6? Who are you going to get support from after next year?

It is time to consider Hyper V, Windows Server 2003 terminals, and Citrix similiar to rally and x3700 IBM terminal software for these must have apps before it is too late. I disagree that a corporate customer wouldn't love to have documents time bomb, lock and encrypt files, and prevent software that is unathorized to steal keystrokes at bootup. Secureboot and drming of some Office files would have its benefits keeping confidentiality.

I know it is an uneccesary cost for you but come on? 12 years is a FUCKload A LOT of time and you can't expect everyone to stop innovation to service you. As it is we can't even move to HTML 5 yet due to XP. Most do not run 15 year old software and there are options so your users can move on and still run these old apps. It costs money too for Ms and everyone else to backport everything to so many browsers and operating systems and your helpdesk will love the malware and fake AV popup calls go down from a more secure browser/OS. Those ancient VB and IE 6 apps do not need internet access from your Citrix terminal program.

Re:What problem does it solve?

[mjg59]

BIOS boot sector protection has never prevented writes to the MBR unless you're running DOS - any actual OS uses direct hardware access instead of using the BIOS, and so it can't be blocked. It'd be possible for the BIOS to complain that the MBR's been modified, but it has no way of verifying that the partition boot code or the actual bootloader are still secure. Unsurprisingly, malware authors take advantage of this - https://support.kaspersky.com/viruses/solutions?qid=208280748 has a list of modern bootkits.

Re:What problem does it solve?

[mjg59]

It's not DRM. You can turn it off in the firmware and there's no way for the OS to know that you did.

Re:What problem does it solve?

[DigiShaman]

It prevents rootkits from hijacking the OS at bootup. For example malware acting as a hypervisor with your real OS running under it.

Re:What problem does it solve?

[AmiMoJo]

It's not a case of being afraid to upgrade. It's the fact that users, companies and organisations have software and infrastructure that runs and is tested on XP and there is zero benefit to them changing it. Kind of like how a great deal of mainframe code is still written in COBOL. There is no benefit to rewriting it and people do not have the time or the resources. You might not like that but that's the real world.

The key difference is that people tend not to use their mainframe running COBOL code to browser the internet at lunch time. Software for XP tends to be end-user software, on vulnerable workstations.

Windows 7 does provide a full XP virtual machine as well.

Re:What problem does it solve?

[VortexCortex]

The BIOS exists in the mother board's firmware. When you turn on the computer the BIOS is what is first executed. BIOS is what searches for drives that are bootable by looking for a first sector with 0x55 0xAA @ byte positions 510 & 511 (offset from pos 0, the first byte). If you tell the BIOS not to allow writes to any boot sectors then there can be no writing to the OS bootloader which starts off in that boot sector. That sector's 512 bytes (minimum) get loaded at seg:off 0000:07C0h on x86 systems, and the code begins executing in 16 bit real mode. In that 466 bytes of data (512 - 2 - 64 for partition table) it's a pretty tight fight, but I've managed to squeeze in a hash algorithm and a fingerprint along with the loader code for my own OS. If my boot sector is write protected, then it can't be modified, and it can verify the early environment kernel it loads hasn't been tampered with as well. From my early kernel I can perform signature verification of all other code loaded -- From drivers and applications to even other OS's sectors (for multi-boot). Signatures are either embedded in the executable as part of my extension to ELF or in a separate table in the case of the multi-boot OS sectors. Furthermore, the /boot/ system can be stored on read only media, such as a CD ROM, to prevent any tampering when the OS isn't running (you can do this with Linux too). This is how I secure even x86 systems w/o the option to disable boot sector writes -- Boot a CD that boots the OS.

EFI requires a FAT 32 file system to store your boot data within. Other FATs like FAT16 are supposed to be supported, but in my experience only FAT32 works reliably. This is nice because the BIOS can load your whole early kernel image into memory, set up protected mode and begin executing the kernel image at its desired memory location without requiring you to write bootstrap loader that does this. EFI sucks a bit because I'll miss the old real mode and the ability to install old OSs like DR DOS & DOS 3.1, and miss all those classic graphics modes, but that's a lot of baggage (service interrupts) for BIOS to have to support, and it's all a bit buggy anyway from BIOS to BIOS...

UEFI, SecureBoot, adds the requirement that the boot image be cryptographically signed with a key stored in the firmware. However, what good does it do to cryptographically sign the kernel image and verify it at boot if the OS doesn't take over and cryptographically verify all the low level drivers, etc? It's not any good, that's what. So, the OS has to support that same sort of signature system that I can achieve on an x86 without UEFI's help, given that BIOS lets me disable writing to the boot sector, or I boot from a read only media (CD/DVD).

There's nothing preventing EFI from having an option one could enable to prevent changes to the bootable sectors while the system is running. Drives would have to support a "mark read only" standard for sectors that the EFI or the OS itself could use to prevent changes to data on disk. The point is that the same exact benefits UEFI provides can be provided by simply setting sectors "read only" at boot -- No signature chains required in the damn BIOS at all. OS code will be responsible for verifying its own signature chains anyway, so the OS could be written in such a way that it's early kernel doesn't ever need to be modified -- Public Key Crypto could be used in the 1st stage kernel to allow any 2nd stage to be verified once the 1st stage is loaded, and different signed 2nd stages could be created for kernel upgrades. To keep the whole system secure only the 1st stage would need hardware write only protection. Additionally, the write-only method would allow any OS be installed without requiring clumsy crypto-key management -- End users could set a BIOS flag: Allow new OS Installation During Next Boot: [ON | OFF] much easier than looking up and entering a huge hex key -- What are the chances you'll mistype one char? Ugh, THAT's going to raise the bar to i

Re:What problem does it solve?

[BitZtream]

And then the tiny ass bootsector loads another unchecked block of code that can easily be tampered with.

The boot sector is .... 512 bytes. That is bearly enough code to do anything useful, it is infact NOT enough space for the code required to boot my FreeBSD machine which has its root on ZFS, as such that process is two stage (well more than that in actuality) and the boot sector really just points to another boot block in an known location that the bios doesnt' give a flying fuck about.

There isn't enough room in the boot sector to verify the next stage is the expected one, hell there isn't enough space in the boot sector to store the fraking public key needed let alone the code and hashes.

You utterly fail to know anything about which you speak.

SecureBoot allows the system to boot from known binaries every time, no worries about a root kit.

Doesn't make the system un-hackable, but it gives you a known-good starting point, and that goes a long way.

Boot sector protection doesn't do shit in that respect.

Re:What problem does it solve?

[segedunum]

I posted comments here debating slashdotters who feel anyone still running an old IE at work deserves to be hacked who do not understand corporate IT.

You feel free to debate other 'Slashdotters' as much as you like to fit your own arguments. There are other browsers available on XP besides IE since Microsoft claims they can't upgrade it.

Like the mainframes platforms of old there are solutions for them. Citrix and MS terminal servers are just 2 to run older software.

More complexity and more expense to continue running exactly what users were running before. The corporate world has no time for it. However, we still have forty year old COBOL code calculating our bank balances every day and people are not going to be rewriting what they have in .Net to run on a newer platform. There is only so much Microsoft can squeeze from that lemon.

The fact of the matter is new hardware does not like XP very well.

Well it wouldn't would it, you idiot? That's why corporations are virtualising old versions of Windows, but this presents Microsoft with a dilemma. Previously they depended on perpetual hardware upgrades but virtualising Windows allows corporations to continue functioning as normal and upgrade hardware pretty much forever. Enter 'Secure Boot'. Hardware that doesn't have the keys to boot 'foreign' hypervisor platforms and hypervisors implementing Secure Boot that have keys only to boot what they feel like.

These will get EOL'd and you are screwed as they wont run XP anymore by 2014.

People will care little. I know of people running NT 4, many virtualised, on closed off networks because they have applications on there that would take a great deal of time and effort they don't have to upgrade. Iit is simply the way the real world is.

It is a security risk, and the rest of the world who does not have your requirements are moving on.

The numbers in the corporate world who are still running XP tell you otherwise. They aren't moving on.

Already Office 2003 is not fully compatible with the newest .docx files in Office 2013 and sometimes Office 2010.

That's not anyone's problem but Microsoft. No one cares in the corporate world. Many have mail merges and Office BASIC tied into Office 97. They won't be rewritten. They already have all their documents in the old binary doc format and have no time to do conversions or find out if a new version of Office will actually open them.

Did you read about hte newest malware targetting the XP versions of Ie 8, 7, and 6?

The moral of the story? Don't use IE.

Who are you going to get support from after next year?

People are not phoning Microsoft up every day of the week getting support to keep their systems running. Things are a known quantity.

It is time to consider Hyper V, Windows Server 2003 terminals, and Citrix similiar to rally and x3700 IBM terminal software for these must have apps before it is too late.

More complexity the corporate world dislikes. However, those who have needed to virtualise and and run terminal sessions have been doing so. The trick with that though is that you don't need a magical desktop environment to run web or remote applications.

I disagree that a corporate customer wouldn't love to have documents time bomb, lock and encrypt files, and prevent software that is unathorized to steal keystrokes at bootup.

I thought this wasn't about DRM? ;-) Any experience of corporate IT tells you these are accidents waiting to happen. All you'll get is a load of support calls asking you why something doesn't work.

I know it is an uneccesary cost for you but come on? 12 years is a FUCKload A LOT of time and you

Re:What problem does it solve?

[BitZtream]

EFI sucks a bit because I'll miss the old real mode and the ability to install old OSs like DR DOS & DOS 3.1, and miss all those classic graphics modes, but that's a lot of baggage (service interrupts) for BIOS to have to support, and it's all a bit buggy anyway from BIOS to BIOS...

FYI, EFI is more than capable of presenting a BIOS environment to the next stage of the boot process, ask any mac owner.

Re:What problem does it solve?

Wrong.

1. You can turn it off on x86 - not on ARM

and the biggy:

2, Windows can tell if it was booted in secure mode or legacy mode.

So basically you couldn't be more wrong. Congratulations.

Re:What problem does it solve?

[BitZtream]

I posted too soon :/

It should also be noted that 'boot sector protection' as implemented doesn't work unless you're using BIOS calls to do the write. Once you're using direct hardware access like every OS on the planet does, BIOS doesn't have any part in the process and thus is a non-starter.

Re:What problem does it solve?

[Gaygirlie]

I haven't seen a virus or other malware in YEARS that modified the kernel, bootloader or drivers. The ones I have seen have just attached themselves to the system once the kernel and its drivers are already loaded, and thereby Secure Boot wouldn't do a diddly good against those, and these kinds of viruses/malware packages are a dime a dozen.

Re:What problem does it solve?

[segedunum]

The key difference is that people tend not to use their mainframe running COBOL code to browser the internet at lunch time. Software for XP tends to be end-user software, on vulnerable workstations.

You're missing the point. Corporations have desktop software that they completely rely on that was written for the NT4/Windows 2000/Windows XP era as the desktop market expanded within business through the 90s and early 00s. That reached a critical mass some years ago. I hate to burst peoples' bubbles on this but companies do not spend vast sums on having dedicated teams of people continually upgrading Microsoft software and rewriting their own software to run on new platforms nor do they care about people telling them how vulnerable their desktops are. Their current dektops are a known quantity. Microsoft is going to find that out the hard way as they try and squeeze the lemon further over the next few years.

Re:What problem does it solve?

[segedunum]

-- Whoosh Re-read carefully. I'm afraid you're not arguing anything by giving us an astroturfed commercial for Windows 2012.

Re:What problem does it solve?

[mjg59]

How does Windows know whether it was booted in secure mode? It makes the EFI GetVariable() call. Which is a function pointer handed to it by the firmware. Which you can modify if you're running untrusted code. So, no, Windows can't tell.

Re:What problem does it solve?

[Rockoon]

If my boot sector is write protected, then it can't be modified, and it can verify the early environment kernel it loads hasn't been tampered with as well.

You speak later about booting from read only media, but thats part of the problem. Even if you prevent a specific boot sector from being written to, that doesn't tell you or the kernel anything about which bootsector was loaded and executed... and therefore the kernel cannot know that it has, or ever had, full control.

Re:What problem does it solve?

[Billly+Gates]

I prefer not to be called an idiot since I have been fairly civil.

Since you went on how virtualization is bad because it adds complexitity you then defended the use of old software by using virtualization. Which is it?

I understand and work in corporate IT. I also do not want to be around sometime in a year and a half from now and explain to the CFO why his new laptop can't run XP nor his mission critical app and we have to go buy used pcs from craigslist because we wanted to save money now and not plan for the future for the last 12 years.

If you have old stuff you have 2 choices. Virtualize or upgrade? The rest of the world will not wait nor care about your problems. Ask anyone over 35 who has worked in I.T. and they will tell you upgrading was part of the job and just because you hadn't done it in 10 years does not mean it is the new norm and something you never ever do. They were like cell phones in the 1990s.

Point is your employer only cares about making money. However, costs do not go away because we cover our eyes and ears saying no no no. Virtualization and that extra layer is part of the job. XP is going bye bye and newer software wont run it nor will your hardware and your support goes go down by upgrading to Windows 7. Disagree all you want but that is the price of doing business.

Re:What problem does it solve?

[KingMotley]

There's nothing preventing EFI from having an option one could enable to prevent changes to the bootable sectors while the system is running.

Well except that you make way too many assumptions. Like EFI will intrinsically (magically) know how all bootable devices past, present, and future work. And it has, and can maintain complete control over all known and unknown interfaces to those devices at all times, and scrub all the calls to those interfaces to prevent any attempts to write to the boot sector. Also, it would magically retain that control whether attached or unattached to the machine (USB stick, Sata Dock). Many of those are either impossible, limiting, and/or silly.

And any of those would cause a problem with your solution. None of those are new vectors. Have we not learned anything in the past 30+ years of computing? Apparently you haven't.

Re:What problem does it solve?

[KingMotley]

#4 is false. How do propose that Windows will detect that it's not being virtualized if the host doesn't want it to know? Did you think that somehow there is magic dust that makes it so that VMs can't virtualize a UEFI boot environment, secure boot and all?

Re:What problem does it solve?

[Pix64]

Expect to install Windows 8 on Windows Server 2015 with Hyper-V? Nope, sorry. Windows will probably also end up refusing to run as a guest on any hardware it doesn't like.

Basically, it's the end of the PC platform. I don't know whether Microsoft realises it but we'll all look back on this as the beginning of the end for them.

Wow this is bullshit. Windows 8 runs fine WITHOUT secure boot. Windows 8 runs fine ins a virtual machine.

Re:What problem does it solve?

[mjg59]

Please describe how Windows can accurately determine whether it was booted in Secure Boot mode or not. For an encore, describe how Trusted Computing can limit the code you can boot. As far as I know, single machine local attestation is an unsolved problem.

Re: What problem does it solve?

[Eskarel]

Just to put this out there yet again, .NET WORKS PERFECTLY FINE ON WINDOWS 8. Microsoft allowed managed C++ to access the new Windows RT runtimes, and the RT framework only allows a subset of the .NET framework, but all your old apps run just fine outside the metro stack regardless of your development methodology.

Yes, if you want to run your local apps locally on a surface RT some redevelopment will be required, but given your local app is probably shockingly bad under a touch interface it probably needs redevelopment for surface anyway, and converting it will be no worse than putting it on an iPad or android tablet, and in the best case might actually be fairly simple. For that matter your app is probably a web application and requires nothing at all unless you're upgrading your server and using an appallingly old version of NET.

Re:What problem does it solve?

[spitzak]

The GetVariable() call returns a decryption key that the hardware calculated. If secure boot is turned off then it returns the wrong value. Your patched version cannot return the correct value because you do not know it.

Actually the "value" is the state of the decryption chip, not anything that can be read. Either you have to get the decryption chip into the same state (supposedly impossible unless you know the master key, which would just let you sign a bad copy of Windows anyway), or you would have to find a *lot* of bugs in Windows to exploit to read and save all the decrypted data and then patch it so every attempt to decrypt returns the right data.

Re:What problem does it solve?

[mjg59]

"The GetVariable() call returns a decryption key that the hardware calculated"

No it doesn't. It returns a 1 if the firmware claims to have booted securely, and a 0 if not. You're thinking of Measured Boot, not Secure Boot.

Re:What problem does it solve?

[hairyfeet]

Rootkits and the ability to use the built in VM capabilities of modern chips to put malware in a hypervisor? Might want to look up some of the recent black hats, "blue pill" would be a good place to start, where a researcher created malware that using the VM features of the chips made it pretty much impossible to detect or remove since while the OS thought it was running on the chip itself it was actually running on a VM.

People seem to act like its still the early 90s and most malware is just geeks being douchebags...nope, its a billion dollar business supported everything from spam and email scams to child porn. Yep you read that right, some scumbags are using malware as a way to make distributed stores for their child porn so they can sell access to these stores without risking getting caught with incriminating video on machines they own, sick shit.

And the part that pisses me off is there is NO REASON why Linux can't work perfectly fine in secureboot, all it will take is Torvalds and friends not scratching fucking itches every 3 damned minutes and instead have a more sane schedule, like say 1 kernel release every 2 years. that way they can simply get the kernel signed and the key added to secureboot and tada! You're done. Companies like red hat that don't shit out a new kernel every 10 minutes aren't gonna have a problem with this, but God fucking forbid that things in Linux not be so fucking bleeding edge that the CDs have stigmata, can't have that.

Here are the facts, 1.- You can get the kernel signed just like RH and SUSE to allow secureboot, 2.-If you want to be bleeding edge you can always turn it off, 3.-The ARM systems are subsidized by MSFT and are no different than an Apple product in that you can't run other OSes on them, who gives a shit as WinRT is a failwhale and there is so many multicore Android units you can do what the fuck you want to do on it ain't funny.

In the end its a tempest in a teacup, you can bypass if you don't want the feature, if you do quit shitting out new kernels every 10 minutes...what is so hard about that? Is Linux so damned rickety and unstable the whole ecosystem will fall apart if Torvalds can't shit out a new kernel every couple of months? After his little primadonna rant the other day I say Torvalds can either play by the rules or bypass secureboot and STFU, last thing the world needs is another entitled ass making things worse for the rest of us because God fucking forbid he might actually have to change the way HE does things..

Re:What problem does it solve?

[Tough+Love]

What problem does Secure Boot solve, other than Microsoft's "other OS" problem?

Secure Boot satisfies Steve Ballmer's compulsive need to piss on the shoes of antitrust regulators.

Re:What problem does it solve?

[Tough+Love]

I don't know whether Microsoft realises it but we'll all look back on this as the beginning of the end for them.

It's the continuation of the end. The beginning of the end was when Minimsft was captured and lobotomized.

Re:What problem does it solve?

[Runaway1956]

WTF does DRM have to do with security? DRM is anathema to security. The person who owns the device should OWN IT. DRM allows outside parties to tell the device what is permissible, and what is not permissible. Allowing outsiders any access to my device, however indirectly, is contrary to security.

If DRM is a subset of security, then the Tea Party is a subset of the Democratic Party. The Westboro clan is a subset of the gay rights movement. Chavez is a subset of capitalistic investors.

Dude - we get enough wishy washy nonsense from politicians. We really don't need that in a tech discussion.

Re:What problem does it solve?

[Runaway1956]

"The rest of the world will not wait nor care about your problems. "

I, for one, don't give a small damn about corporate IT's petty little problems.

I'm a private individual, maintaining a small number of machines. I climbed on the 64 bit computing wagon when it was still very new. As soon as Microsoft made a 64 bit Win XP available, I downloaded it, bought the hardware to run it, installed - and ran into a brick wall with driver problems.

That is exactly when I made the switch to Linux. I downloaded the then-current version of Suse, installed it, and had zero problems.

Since then, I've been 64 bit, and haven't looked back. I only screw around with Windows in Virtual machines.

All of this was moderately costly to me, a private individual. New, current technology hardware has never been cheap.

Today, 64 bit hardware is cheap, cheap, cheap. The corporate world can buy hardware that is 3 or 4 generations old, and STILL run 64 bit operating systems, and 64 bit software.

Again - I have no sympathy for the corporate world, or their IT departments. They enslaved themselves to Windows - specifically Windows XP and IE6 - all those years ago. Those idiots who conspired to be locked into Microsoft specific operating systems and browsers need to be flogged, keelhauled, and then be made to walk the plank today.

I have zero empathy for any of them.

It's past time for the boards of these corporations to understand that computer tech moves forward, continuously. And, they need to understand that if they are to remain competitive, they MUST keep up, or at least trail along with hardware and software that is only a couple generations old.

That calls for an investment, on their part. Rewrite the software, of develop new software. I don't give a rip which they do. It's probably smarter to develop new, and to get into the forefront again with both hardware and software. But, they don't need to be on the bleeding edge. Just get rid of the crap that has been obsolete for half of a decade.

Everyone in the US is worried about this "Fiscal Cliff" thing.

Wake up, Corporate America. You're facing an IT cliff. Or, don't wake up. Walk over the cliff, and I'll not mourn you. The survivors will adapt real damned quick, at great expense, and the rest of you will die.

Again - no sympathy. Die, you unwashed heathens.

Re:What problem does it solve?

[Runaway1956]

Please, see my post above. No one gives a small damn about ancient software designed for long obsolete hardware. If private citizens can cough up the money to keep their hardware and software up to date, so can corporate America.

Keep up, or die.

That's a real problem in America today. We keep ailing corporations afloat, at any cost. Screw them - let them die, and allow the newer generation to come up with their own solutions to today's problems.

If a corporation has "mission critical software" then they are doing things all wrong to start with. Software is just a tool. If you don't plan on purchasing new tools when the old tools wear out or become obsolete, you go under. That applies to craftsmen, as well as to IT people.

Re:What problem does it solve?

[Billly+Gates]

It does affect your quality of the web. Notice things are so much better on your iphone or droid with gradients and pretty icons in HTML 5 and css glory. You move your browser with your finger and it smoothly goes up and down?

hmm why aren't your Linux boxes can't do that?

The answer is the corporate users holding the web back. Firefox and Chrome do not support smooth scrolling as easily because they must support XP. They do OpenGL but it does not accelerate all the functions because of the way XP era hardware was designed 11 years ago.

No gradients in okcupid? Hmm, the PHBs there noticed IE 8 users so that was dropped. I guess you have an inferior experience as well.

Wow the games look so much nicer on an older PS3 than the pc why is that? XP level DirectX 9 doesn't do things like mult tasking 3d tasks like DirectX11 can, but PC Game developers can't use it yet, why? You guessed XP.

The list goes on and on.

Yes, corporate America does not give a shit about this or your needs. But they can't expect both of us and every hardware maker, Microsoft, and software developer to stop time so the CFO can get his bonus this year. We have been doing that for years and I think upgrading every 10 years seems reasonable. Don't you agree?

Yes, investments have costs just like their trucks and equipment. The fallacy that a PC is a PC and runs the same as 2001 is wrong. The reason being is the internet is not the same as 2001 nor or the demands of hteir workforce. Many are expected to use the web for business to business communication and do what at home from mobile devices. Having .docx files not be fully compatible is embarrasing. It gets worse with Autocad and other PDF files.

That is lost business! If a customer or vendor can't read your PDF files because they are on 11, and you are on 7 it is lost revenue. Idiots.

If it isn't broken ... ok fine get a VM and run Citrix. Any IT manager and employee who does not do this is incompetent. If management says no document the hell out of it so when the axe comes you are not terminated. Intranet developers are raising prices now the last holdouts. It would have been cheaper if they upgraded 3 years but nope it is easier to put fingers in your ears and go yayaya I CAN"T HEAR YOU.

Re:What problem does it solve?

[betterunixthanunix]

It is not about DRM at all

Not at all you say? Not at all about DRM...then what happened here:

https://www.softwarefreedom.org/blog/2012/jan/12/microsoft-confirms-UEFI-fears-locks-down-ARM/

A signed bootloader with the kernel path and device drivers prevent the next aulurion worm/rootkit from taking shape as nothing untrusted can run from the kernel.

It also ensures that users cannot do this sort of thing:

http://www.evilavatar.com/forums/showthread.php?t=7650

Or even something as simple as this:

https://en.wikipedia.org/wiki/Decss

See, the distinction here is subtle. If the user can modify their kernel, but only when their computer is a special "modify the bootloader" mode (or if the user can sign their own bootloader etc.), then the security argument makes sense. If the user cannot, then there is no security argument, because forbidding the user to modify their own system has nothing to do with security -- unless by "security" you mean "DRM."

If this could be used for gnu/Linux the situation would be great for security.

...and that is a case in point. If this could be used for GNU/Linux it would be great for security; it cannot be, because this is not about the security of the user, but rather the security of privileged "media partners" and other companies. The security that "Secure Boot" is meant to provide is security against secret keys being copied out of RAM by some teenager using a debugger, or cheating in MMOs by people who modified their kernels to defeat anti-cheating technologies, or people who might try to use their computers in ways they were supposed to pay extra to do, and so forth. The adversary in the "Secure Boot" security model is the user of the computer , and that is the problem.

Re:What problem does it solve?

[betterunixthanunix]

WTF does DRM have to do with security?

Obviously you have not met many security engineering researchers. I have news for you: DRM is a form of computer security. DRM is what computer security becomes when you want to prevent a computer's owner from using their computer in certain ways.

Who do you think is being hired to design DRM systems? What kind of person do you think would come up with an idea like this:

https://torrentfreak.com/how-the-mpaa-knows-where-movies-are-pirated/

Let's put it this way: Vader was seduced by the dark side of the force

Re: What problem does it solve?

[Billly+Gates]

I think the grandparent was referring to MS Access 97 addons and intranet apps made by Oracle where they are holding the company hostage for $200,000 to upgrade with hefty monthly premiums.

Most do not own the source code anyway but they have so damned part of the business processes that it can't be removed PERIOD.

However, there are ways to go forward like virtualization and upgrading. Any company that big can get the budget to upgrade and it is embarasing when you have to turn away business clients because your version of autocad is too old to read their files or because they can't read your security ridden obsolete PDF files which were created using PDF 7 and they have a more modern version.

That is lost money.

Anyway some code will never go away, but cost accountants and their IT manager need to fucking grow a pair and realize any asset needs maintenance costs. You can get away with it for 5 years maybe ... but 11?! Come on, everyone else is moving on and MS wont support your ecosystem anymore. Not because they are evil greedy cocksuckers but because people want newer features like smooth scrolling in their desktop browsers that IPhone users have that can't exist in any OS because the code has to be XP compatible.

It is embarrassing that my Galaxy S1 has cool smooth graphics with my finger, yet my PhenomII with Windows 7 with an ATI 5750 is semi smooth and flickers and the sites still feed me HTML 4 and CSS 2.1 instead of CSS 3 and 5 like my phone.

I think IE 8 is still reasonable to keep using. Same with Windows 7. But after 2014 or 2015 it is time to move on. 5 - 7 years behind is reasonable wouldn't you agree?

Re:What problem does it solve?

[disambiguated]

You have the right idea, but you're mistaken about the details.

A rootkit doesn't install a modified version of ps, it modifies the system calls that ps uses. That way the rootkit is able to hide its processes from any program that enumerates processes. (There's much more to it of course.)

That also makes it easier to defend against. There's no need to prevent the user from running whatever userland code they want. All you need to do is ensure that the kernel you are running is the one you THINK you're running (as you put it.) Once you've verified the kernel, then you can trust the kernel to verify userland software (if desired).

In fact, you don't have have to protect the entire kernel, just a small portion of it that is responsible for loading and verifying the rest.

That's exactly what Secure Boot does, and it is an idea that is long overdue.

The ONLY issue is who controls the keys.

Re:What problem does it solve?

[disambiguated]

You feeling alright? :)

You're right. There's no reason why Linux can't work perfectly with (and benefit from) secure boot.

There's also no reason why doing so should require less frequent kernel releases. It doesn't require anything from Torvalds. Whoever builds your kernel just needs to sign it, and the end user just needs a way to say whether or not they trust that signer (e.g. a way to add Canonical's keys to your firmware.)
(Compiling the kernel from sources would require support from the entire toolchain, but that's another issue. That would require something from the kernel maintainers: they would have to sign the 'official' sources. But it would take much more than that...)

Re:What problem does it solve?

[Dahamma]

WTF does ownership have to do with DRM?

"Ownership" of hardware or software is orthogonal to DRM. DRM is just a mechanism for controlled access to digital content, regardless of whether the hardware or the content is owned, leased, rented, subscribed, or loaned.

Re:What problem does it solve?

[Runaway1956]

DRM grants third parties access to my computer. It permits third parties to control what my computer may or may not do. It's MY computer. Why in the hell should any third party be permitted to decide that I may or may not view an image, a video, or listen to music? Whether I bought that content, pirated it, or stole the DVD off of a store shelf, it is now here, on MY COMPUTER. Anyone who believes they have the right to police my computer can just bugger off.

The concept of "ownership" implies that I can do whatever the hell I want to do with my own possessions.

I own my home, I own my computer, I own everything in my home.

Anyone who is worried about what is happening in the privacy of my own home, on my own computer, might better occupy themselves with whatever gay couples are doing behind closed doors.

Re:What problem does it solve?

[smash]

No, DRM does not access your computer. Your computer presents content to a third party for validation. The OWNER of the photograph, movie, etc wants to verify that you paid for it. If you don't like that, then find alternative content.

Secure boot is a different, but complimentary technology. Secure boot ensures that code signing or DRM applications have not been compromised by software loaded earlier in the boot sequence. This is necessary to ensure that requirements for signed code (e.g., drivers) are not circumvented. The lack of code-signing integrity enforced by the boot loader is how the DRM in Vista was broken.

So long as the user can turn it off (they can) and so long as the ability to upload your own keys (you can) exists, I have no problem with secure boot.

Re:What problem does it solve?

[smash]

No, it can't tell if you have loaded something earlier in the boot sequence to lie to the operating system.

Re:What problem does it solve?

[smash]

+1 to this, already commented in discussion though. I am 35, and also work in corporate IT :D

Re:What problem does it solve?

[smash]

Again - I have no sympathy for the corporate world, or their IT departments. They enslaved themselves to Windows - specifically Windows XP and IE6 - all those years ago. Those idiots who conspired to be locked into Microsoft specific operating systems and browsers need to be flogged, keelhauled, and then be made to walk the plank today.

LOL. In the real corporate world (evidently where you have not spent much time), it goes something like this:

• Department head evaluates application to perform business task, based on operational requirements
• Department head purchases license for application to perform above business task
• IT is given the task of integrating it and ensuring it continues to run

Newsflash: IT does not drive software acquisition. IT is seen as a department to enable the rest of the business to get shit done. Rest of business (including the CFO, typically) does not care how mission critical app X is supported, they just want it to work. It is what they pay IT for, in their view.

Change will typically not occur unless you can demonstrate a critical need (lack of vendor support) or cost benefit that will outweigh the cost of change.

Re:What problem does it solve?

[smash]

BIOS never used to be able to boot from SCSI, CD or USB either, and we now do that on a regular basis...

Re:What problem does it solve?

[smash]

Even if they do shit out kernels every 10 minutes, so long as the vendor has a code-signing key, there's no problem.

Re:What problem does it solve?

[KingMotley]

And we've been trying to solve problems with trying to boot from machines with multiple SCSI adapters installed since 1986, mostly because of BIOS limitations and they still haven't been completely fixed. Multiple adapters trying to install their boot roms so they they can be seen and bootable by BIOS only to find out that there isn't any addressable space left. 26 years later, and the problems still exist. It's just getting worse because desktop boards are becoming more and more packed with features that need support at boot time (Multiple raid controllers, Multiple USB hosts, Firewire, etc).

Is it possible to fit new devices and continue down the BIOS path? Sure. And you can set up a new standard in BIOS so that it can do page swapping and all kinds of other stuff to fix many of these limitations. Just like how we did way back in the day with XMS/EMS/QDPMI memory pre-32-bit OS's. And you'll take a performance hit for all devices as you manually cram all that stuff into your little 1MB area of memory and try to intelligently swap stuff in and out of that as needed.

Or.... We can stop pretending this is 1984 and build something new that doesn't suck.

Re:What problem does it solve?

[AmiMoJo]

If you tell the BIOS not to allow writes to any boot sectors then there can be no writing to the OS bootloader which starts off in that boot sector.

Not true I'm afraid, modern operating systems that talk to the hardware directly rather than using BIOS calls will ignore this setting.

There's nothing preventing EFI from having an option one could enable to prevent changes to the bootable sectors while the system is running. Drives would have to support a "mark read only" standard for sectors that the EFI or the OS itself could use to prevent changes to data on disk.

So nothing but a change a to the SATA standard and the requirement of having a new HDD that supports the feature. Plus the whole point about rootkits is that they have equal power to the BIOS/EFI/OS, and besides which they don't always target the bootloader anyway. Many variants of the fake anti-virus scam that was rife a few years ago targeted the legacy IDE driver, for example, so protecting the bootloader wouldn't help.

OS code will be responsible for verifying its own signature chains anyway

Wouldn't help. One of the tricks rootkits use is to present the OS with a valid signature when verifying a driver, but then let it load an infected copy or replace the code with their own in memory. That is one reason why they are hard to detect - when an antivirus scanner reads the driver file from disk it gets the clean copy and does not see an infection.

However, what good does it do to cryptographically sign the kernel image and verify it at boot if the OS doesn't take over and cryptographically verify all the low level drivers, etc?

Fortunately they thought of that and SecureBoot will verify bundles of low level driver files as well. Otherwise, as you point out, it would be useless for any OS that doesn't use a huge monolithic kernel.

I mean, FAT32 is Microsoft's Proprietary File System, and parts of it are patented: Short to Long name mapping, for example.

Which is why no long file names are required, and everything that needs to be implemented can be done so with patent-free open source code. That is why FAT32 is so common in embedded systems and consumer products - widespread compatibility, free implementations and no patents to worry about.

Re:What problem does it solve?

[hairyfeet]

Feeling fine, and sadly what we have seen is a shitload of "passing the buck" between the distro makers and kernel maintainers which is why only a few seem to have their shit together enough to figure this out.

At the end of the day let me make this perfectly clear NOT HAVING SECUREBOOT IS A BAD IDEA because with modern chips being sooo fucking powerful AND having full VM capability frankly its getting easier and easier for blackhats to use a bootloader hack to just fucking lie to the OS or even dump the whole thing in a VM where no scanner, online or off, will ever touch it. Don't believe me? Go to TPB and download "Win 7 SP1 all versions" in your choice of 32bit or 64bit, its using a bootloader hack that lies to the OS and tells it that whatever board you have is actually an OEM board from the same maker, it'll even dump a nice wallpaper from the board OEM on the desktop on first boot. The OS passes WGA, no way to catch it since its loading before the OS and lying to the OS about the hardware underneath.

So yeah, Intel didn't just pull this out of their ass or as a favor to MSFT, its because they went to black hat and saw how it was becoming trivial to use their own VM tech built into the chips against them. With Secureboot its baked into the hardware so there isn't any way short of managing to rewrite the firmware on the board to bypass it and if they just allowed anybody to add their own keys then all the malware would have to do is "Would you like to win an iPod? just run this and click "yes" to enter" and the whole thing would be pointless.

Remember folks the weakest link has ALWAYS been PEBKAC and we have had 20 years to educate them and its obvious that is never gonna work. Why isn't anybody bitching about Google and the Chromebooks? With each release they are making it harder and harder to bypass the ChromeOS bootloader too because they know once the malware can bypass the bootloader that is it, they can pwn the whole system. if anybody doesn't like this they can blame the countries that allow hacking like eastern EU and Nigeria which have allowed malware to become a billion dollar business, Secureboot is simply a way to fight back.

Re:What problem does it solve?

[gmueckl]

As far as I remember the UEFI specification has some nice restrictions regarding to when key management can take place. I think that key management functionality of the firmware is basically blocked once the boot loader has been started. Thus, loading new keys must be performed in the firmware's own user interface, which is quite a safe option and far enough out of the way for most casual users. So pwning a system requires more social engineering than a malevolent download.

It's all there in the specification (which noone ever looks at, obviously) and the only question is how much will be implemented in practice. MS doesn't require the full specification for the Windows logo and manufacturers are always cutting corners to keep prices down.

Re:What problem does it solve?

[Runaway1956]

Maybe you didn't read my original post?

"The person who owns the device should OWN IT. DRM allows outside parties to tell the device what is permissible, and what is not permissible. Allowing outsiders any access to my device, however indirectly, is contrary to security."

You wrote, "Your computer presents content to a third party for validation."

I think we said nearly the same thing - for all intents and purposes, can we just agree that outsiders seek control over my machine?

My computer should never be asking outside parties whether it is permissible to do ANYTHING! I refuse to validate any damned thing, whether it be the operating system itself, or content on the machine.

Re:What problem does it solve?

[Crosshair84]

That means Linus would have to do QC and I can tell you, QC is boring crap.

I had to do the QC on the new phone system we are planning on deploying. Looking at my time sheets I got things working 90% of the way in about 3 hours. Getting it to work the OTHER 10%? About 20 frigin hours of me calling myself on the telephone via certain call routing, the system breaking, finding out why it was breaking, finding how to keep it from breaking, then making sure the fix didn't break anything else.

Yes it was boring work, but guess what Linux guys? It's my JOB to do the boring work and the only reason I do it is because I'm PAID to do the boring work. Just as you say hairyfeet, you're not gonna get the busted shitters fixed for free.

It would be amusing to see Google come out with an Android variant for the server market at a competitive price and Torvalds suddenly finding that the server companies no longer need him. THEN things might change when suddenly he has to code in compliance with Google standards or go on food stamps.

Re:What problem does it solve?

[fpmurphy]

Read UEFI Specification 2.3.1C, section 12.3. FAT32 is for a system partition, FAT12/16 is only for removable media. Secure Boot requires that db (the white list database) stores either a public key OR a hash of the loadable. Hashes are perfectly acceptable - loadables do not need to be signed.

Re:What problem does it solve?

[mjg59]

You don't need an exploit or a kernel patch. You just need to replace the firmware's function pointer to GetVariable(), which is a thing you can do because you're running untrusted code in the firmware context. The OS has no way of knowing that you're doing that.

Re:What problem does it solve?

[Billly+Gates]

I think not having support, new hardware wont run on it, and software will stop supporting it, and constant hacking and malware aka Code Red which can take down your LAN with no patch sounds reasonable to upgrade to me!

Yes, corps are cheap and anal about ancient shit, but most are reasonable and many do not want to be obsolete. Any good management team regardless of department knows being proactive and not reactive is the key to success over medoicracy and ultimately failure. IT needs this attitude as well.

Also if your pentium IVs with 256 megs of ram and McCrappy can't multitask for 4 hours every Tuesday, and take 8 minutes to boot up how much productivity do you loose? What about electrical bills for 700 computers that do not sleep because they run XP? That my friends is money out the door.

It sounds like I.T. is not respected at your company. It is best to get them involved to avoid issues like this unless of course I.T. is inept and hates to do its job.

Yes you do not need to upgrade to every new shiny version of Windows. However, the fallacy is we can live in 2001 and things work just as well today are not true. The internet is not safe and is different. The work demands of it are different too as many suppliers and vendors expect you to work from home, and or use their website to get shit done. Pretty hard when you are strapped to an ancient insecure browser made in a different era in internet time. No HTML 5, css 3, and a javascript compiler that is 80x slower and crashes when simple ads pop up. That is lost productivity and ultimate lost business if the other party can't read your files or vice versa.

The docx support in Office 2k3 is starting to wane already and by Office 2013 many .docx files will not be compatible. MS does not patch Office 2k3! The next iloveyou script attack will never see a patch!

Now tell me how that makes good business sense? The CFO is reasonable and understands this unless they are dying and just trying to keep the lights on.

A 5 year wait time on upgrades and perhaps up to 7 is reasonable. But 11 years? Forget it. Browsers are changing fast too and 3 years tops are more reasonable in your refresh.

Re:What problem does it solve?

[allo]

Your windows will be encrypted, and only be decrypted by a valid uefi.

Re:What problem does it solve?

[smash]

EFI is extensible and designed to be pretty much plug and play. It is extensible with add-on drivers - I'm not sure what your issue is with it?

Re:What problem does it solve?

[Dahamma]

DRM is not specific to "your computer" or "owning" anything. At its core it's just a mechanism for limiting the distribution of encryption keys to those who (through whatever transaction/contract/etc) have been granted access to content.

DRM is also the foundation for cable and satellite encryption, where you may be leasing the hardware and subscribing monthly to the service. Nothing in that combination has anything to do with "ownership".

You might as well be saying that any software running on your computer that you don't have source to is giving someone else control of your machine. Which is fine if you really feel that way, some Open Source advocates share that rather extreme position.

But in the end encryption, DRM, etc are just tools used to implement business policies. They can be used for what most people consider reasonable (cable premium channels, movie rentals, etc) or for what many consider excessive and inconvenient (game and movie purchases). Don't blame the tools, blame the users.

Here's to hoping

[Sable+Drakon]

They may say they're committed, but let's hope they put their money where their mouth is the next time a machine they really want comes to market.

So then they're fine with Windows 8

[Missing.Matter]

So then they're fine with the way Windows 8 handles it? Because that's exactly what Microsoft demands of computer manufacturers who want to be certified for Windows 8.

Windows RT is a whole different matter, but Windows RT also accounts for about 0% of the tablet market right now. Why is the FSF making all this noise now, when Apple has been happily locking down the iPad since 2010? Microsoft is just joining the party, and it seems a little late for FSF to get self-righteous about it.

But more power to them I guess. It seems like a tough fight, however, when users have a great deal of choice between tablets (both locked and unlocked), even with the locking down of certain hardware.

Re:So then they're fine with Windows 8

[Microlith]

Why do people think that no one complained about Apple's lock down? They've had a walled garden in place since iOS 2.0 and it's always been a point of contention. Secure Boot just brings the threat of universal lock down that much closer.

Re:So then they're fine with Windows 8

[rekoil]

The FSF has been knocking Apple over iOS since its release. http://www.fsf.org/blogs/community/why-free-software-and-apples-iphone-dont-mix

Re:So then they're fine with Windows 8

[Missing.Matter]

FSF did complain about iPad, but it seems they were focused on the DRM aspect of the store. Did they also start a campaign about the locked bootloader? I'm just looking at the practicality of their campaign... if they were really concerned about the practice, perhaps they should have started this campaign before Apple sold 100 million locked down iPads, and turned locking down tablets into an industry standard. Microsoft has carte blanche to lock down Windows RT because they can point any government agency to Apple and say "They're the market leaders in this space and they lock down their hardware."

The "Apple does it too" line doesn't nullify what MS is doing, but it does make stopping their efforts much more difficult for FSF.

Re:So then they're fine with Windows 8

[Xtifr]

So then they're fine with the way Windows 8 handles it? Because that's exactly what Microsoft demands of computer manufacturers who want to be certified for Windows 8.

Only on x86. The MS requirement for user-control over UEFI only applies to x86 systems. Arm based systems (phones, pads, etc.) have no such requirement.

But yes, I was surprised and pleased that MS included those requirements, even if it was just for x86, and I'm sure the FSF was as well.

Re:So then they're fine with Windows 8

[Missing.Matter]

They seem to be more focused on the DRM aspect in your link, and again here. What I'm saying is that this campaign against one single implementation of a locked bootloader means absolutely nothing if the leader in the marketplace has sold 100 millino locked down units and you've done nothing to stop that. If the FSF succeeds with their campaign, most tablets sold will *still* be locked down. What will they gain by this?

Think of it like a boss battle, where the boss is supported by many little nuisance helpers. Sure you can pick off the helpers, but when they're all dead the boss is still there.

Re:So then they're fine with Windows 8

[segedunum]

So then they're fine with the way Windows 8 handles it? Because that's exactly what Microsoft demands of computer manufacturers who want to be certified for Windows 8

The difficulty is that OEMs will not lose any Windows 8 certification if they do not implement a user configurable key database. If it boots Windows 8 Microsoft won't care. Microsoft tacked that on to their 'mandatory requirements' knowing full well it won't be implemented in just about any case. In another 'mandatory requirement' they specify that the key database contents are to be determined by the OEM.

As for disabling secure boot, that was done so that existing versions of Windows and other platforms can at least be installed for a period without kicking up a stink. Ghosting imaging and other tools are a problem. In a few years new hardware will ship where you can't disable secure boot and anyone wishing to boot up on a PC platform will have to be deemed acceptable by Microsoft in order to get their software booted or even running on Windows itself. Freely available software will be out of the question.

Re:So then they're fine with Windows 8

[segedunum]

Why do people think that no one complained about Apple's lock down? They've had a walled garden in place since iOS 2.0 and it's always been a point of contention. Secure Boot just brings the threat of universal lock down that much closer.

Because secure boot is about locking down the PC platform. It's on a whole different level. People can actually chose not to use iOS. They don't exactly get a choice these days not to use a PC.

Re:So then they're fine with Windows 8

[segedunum]

But yes, I was surprised and pleased that MS included those requirements, even if it was just for x86, and I'm sure the FSF was as well.

I wasn't surprised. On x86 they had to because of the stink that would be created if corporations couldn't install existing Windows versions on new hardware or run their ghosting and imaging tools. On ARM they have no such problems and all they want to do is ensure Android cannot run.

Re:So then they're fine with Windows 8

[mjg59]

You've linked to a story about a traditional MBR bootkit that doesn't even run under UEFI. Secure Boot is, as far as anyone knows, not yet cracked.

Re:So then they're fine with Windows 8

[amiga3D]

If I buy a computer from Dell I don't want Microsoft telling me what I can use it for.

Re:So then they're fine with Windows 8

[mjg59]

Microsoft have told me that they'll revoke certification for any vendor who doesn't provide the appropriate options. If you have examples of machines that have certification and which don't allow any modification of the key database, let me know so we can find out if they were telling the truth.

Re:So then they're fine with Windows 8

[amiga3D]

That's one hardware vendor versus dozens. Restricted-Boot will cover all the other hardware vendors. Apple gets to cheat because they make the software for their hardware. All the people that buy Apple know this and in fact it's one of the reasons some of them buy Apple. I own a Mac computer but I bought an Android phone because I don't like the total lock down they have on the iOS devices. I pretty much run anything I want on my Mac so they haven't taken the process to the Computer side of the business yet. When they do I'm done with that too.

Re:So then they're fine with Windows 8

[DMUTPeregrine]

That, and just because those requirements are there today doesn't mean they'll be there tomorrow.

Re:So then they're fine with Windows 8

[rohan972]

Plenty of people have criticized Apple and locked devices generally. This is not exactly out of left field from FSF. One difference though is that Apple do not put their lockdown requirements on other manufacturers, only on their own devices. The danger is that MS, by their influence over many manufacturers, might be able to end the era of open general purpose computers. Whether they would be able to accomplish that is debatable but given their history it seems most likely that it is their intention. It is appropriate to oppose them.

Re:So then they're fine with Windows 8

[Bengie]

UEFI has been called UEFI since Intel created it while trying to solve in inadequacies of BIOS's ability to handle newer hardware. And Intel, Dell, and IBM created SecureBoot. Blame them, MS is just making use of a standard.

Thought I may point out that your link shows how Win8's security can be by-passed by disabling SecureBoot prior to loading a bootkit. Every OS ever and ever will be, can be defeated this way.

Re:So then they're fine with Windows 8

[suutar]

except for the build-it-yourself market, anyway. I expect the same folks who want to be able to overclock their chips are going to want to be able to update their OS. The boards made for prebuilt systems will probably lack such stuff unless someone decides it's cheaper to use the more capable chipset everywhere than to run two lines.

Re:Its all in the language

[cwebster]

'Jailed' is the popular nomenclature. What do you think 'jailbreaking' means on your mobile device? It means unlocking the bootloader so it will boot unsigned or differently signed kernels. Doesnt sound patronizing to me, it sounds descriptive.

Re:Its all in the language

Weaslly words? The lockdown in the name of "Secure Boot" is a weasel word. Calling it what it is in its implementation on ARM, "Restricted Boot" is not weasely--it's correct (cf. "Digital Rights Management" vs. "Digital Restrictions Management")

Restricted Boot by definition insecure

[Todd+Knarr]

Think about it a moment. The ultimate piece of malware would be one that can make your computer run software of someone else's choice, prevent you from running software other than the malware, and block you from removing the malware from the system or preventing it from running. Every piece of malware out there tries to do this, with varying degrees of success. Look at the malware that tries to disable anti-virus/anti-malware software.

Now, Restricted Boot would give someone else control over what software could boot on the machine, and prevent you from changing that list of authorized software. You cannot authorize software you want to run to run, nor can you remove authorization from software you do not want to run. You can't influence what runs at boot, you can't alter it's operation. In short, you've bought into every malware author's wet dream: a system where they can do anything they want and the user can't do a thing about it.

And if you think "Oh, but all the system software would be signed by Microsoft, so how would the malware authors get the keys to authorize their software?", think about this: Microsoft certificates have already been compromised. The bad guys have already gotten access to what they need to sign software with legitimate Microsoft keys. The certificates used by the Flame malware were only some of the most recent. And I'd note this older bulletin describing a situation where Verisign issued legitimate certificates issued to Microsoft to black-hats with no association with Microsoft. The bad guys obtaining the private keys to sign software isn't a theoretical discussion, it's already actually happened.

Re:Restricted Boot by definition insecure

[Billly+Gates]

The master keys have not been compromised. Only one of the older ones which are derived from the master for signing software under XP. MS has revoked that particular key and replaced it with another one. The bad guys also forged one of Adobe's for running signed flash applets as well but Adobe has replaced it. The master key in both situations are still secure.

Re:Restricted Boot by definition insecure

[Dunbal]

Yup I agree completely. Ultimately I am responsible for my computer, not my OS vendor, and the "trust" model has already proven to be flawed. When the hackers have obtained certificates from the certificate issuing authorities themselves like say, VeriSign, there is no one left to trust. It's a mere marketing term that has no real value. Therefore I must have the keys to my own machine since ultimately I am the only one worthy of my trust.

Re:Restricted Boot by definition insecure

The problem regarding the "Secure Boot"-key are a bit different:

Because they are built into the UEFI-firmware they cannot be easily replaced. You have to upgrade your firmware to get a new key. And then there is some kind of chicken&egg problem:

When the built-in key is compromised what should be updated first? The boot-loader (Signed with the non-compromised key) ? Or the key? If you replace the boot-loader first, the firmware refuses to load this boat-loader. And if you first replace the key, you have the same problem.

To replace the key and the boot-loader you have to disable "Secure Boot" in the firmware (Disabling by software is not allowed), then update the key (Means flashing a new version of the firmware) and the boot-loader and then reactivate "Secure Boot".

Now think of Average Joe or your grand mother and tell me how someone like them will accomplish this.

Re:Restricted Boot by definition insecure

[segedunum]

The master key in both situations are still secure.

They are not guaranteed to stay that way, that's the OP's point. If I was a serious virus writer this system is a potential boon. If you can find a way of compromising the system so that things appear to be trusted when they're actually not and you can lock out other software as a result you can create a hell of a lot of damage before anyone even notices.

Re:Restricted Boot by definition insecure

[mjg59]

If you were a serious virus writer you'd already want to use the Microsoft CA to sign your rootkit so you can install it as a signed driver in Windows. Secure Boot moves the vulnerability down the stack, but even now a compromised Microsoft signing key is still massively desirable to virus authors.

Re:Its all in the language

[Sable+Drakon]

This was probably written by lawyers, the masters of weasel words. Did you expect anything less?

So they want the status quo then?

[scheme]

So the FSF is basically asking people to sign a petition that asks manufacturers to do what they are already doing and plan on doing ? The current requirements for windows 8 is that users must be able to disable secure boot in the bios and do key management (addition/removal) of keys as well. I don't know of any manufacturer that is planning on doing anything different since that would mean that their systems would not be windows 8 certified.

In fact, I don't think microsoft bans having other keys besides their key in the bios by default.If, for example, the FSF or some coalition (e.g. RedHat, Ubuntu, Debian, etc.) were to come up with some workable way key signing infrastructure, they could petition UEFI/mobo developers to include their keys in shipped products as well. The question is how do you freely allow people to get bootloaders signed without making it easily for malware authors to do the same.

Re:So they want the status quo then?

[spitzak]

The unsigned or differently-signed bootloader is not able to load Windows, because it will leave the machine in a different state that Windows will refuse to load from (ie wrong keys produced by the hardware). So such bootloaders are pretty limited. I could imagine a *huge* piece of Malware that is an entire copy of Windows but the user will lose any personal data stored on the disk in secure encrypted directories so this may be easily noticed, especially if Microsoft defaults to this encryption (which perversely would be in their interest as anybody converting a machine to dual-boot would have to turn off the encryption on any data that they want Linux to be able to read from the Windows partition).

So the ability to install arbitrary bootloaders does not seem like a problem to me.

Re:So they want the status quo then?

[westlake]

So the FSF is basically asking people to sign a petition that asks manufacturers to do what they are already doing and plan on doing ?

That is pretty much it.

Secure Boot is part of the UEFI 2.2 spec. Published in 2008. The geek has had four years to prepare for this.

Re:So they want the status quo then?

[gtall]

Can you boot whatever you want on Windows RT thingy? No. RMS and FSF are right, you are wrong.

Re:So they want the status quo then?

[andrew3]

In fact, I don't think microsoft bans having other keys besides their key in the bios by default.

Windows RT has Restricted Boot on it.

Re:So they want the status quo then?

[spitzak]

It will not be able to set a decoding key that the following code needs, so no the following code will not work. It does not just do an if statement, it expects to read a decoding key from a piece of hardware and use that to decode parts of the system.

Re:So they want the status quo then?

[disambiguated]

Personally, I think the whole issue has been overblown, but...

The fact that they are doing the right thing now doesn't matter to those who are worried that they could change their minds at any time. Asking for a public commitment to continue to do what they are doing and plan on doing has value for those people. Nothing douche-y about that at all.

Re:So they want the status quo then?

[abigsmurf]

I'd be more inclined to given them credit were it not for the fact that iphones and a large portion of android phones put heavy restrictions on what you can boot.

To me this is just another hysterical over-reaction by them.

Remember how trusted computing would destroy all our freedoms? Remember how MS put so much DRM into Vista that you had all sorts of restrictions preventing you from doing anything and if you tried to get around it, MS would remote into your PC and delete all your files?

Re:Here Comes The Judge

[kthreadd]

Sounds pretty much like what Apple has been doing for a few years now on the mobile side. How's it going with that lawsuit?

Apple did not get a free pass

[tuppe666]

Why do people think that no one complained about Apple's lock down? They've had a walled garden in place since iOS 2.0 and it's always been a point of contention. Secure Boot just brings the threat of universal lock down that much closer.

Well to be fair both the FSF and EFF have been heavily involved after Apple demonised their customers calling them criminals for for jailbreaking Apples Phones(not theirs). Ignoring the fact that those are *electronic* devices and Apple is nowhere near a monopoly (I now its not a good answer for apple users), but again the same groups are not just focused on Microsoft. As for the FSF a quick Google gives this http://www.defectivebydesign.org/blog/1256, although the jailbreak DMCA exemption for the iPhone...and not the tablet, have been big news on most technology sites.

Secure Bullshit

[kawabago]

Anything in a computer that calls itself 'Secure' isn't. Secure Boot is a false sense of security that will lead people to think they are safe. Secure Boot is Microsoft's Security against competition.

Re:Secure Bullshit

[morcego]

All computers have a SECURE setting. It is called "Power off".

Re:Secure Bullshit

[fredgiblet]

Wake-on-LAN

Re:Secure Bullshit

[Gaygirlie]

Wake-on-LAN

...isn't on by default.

Re:Secure Bullshit

[KingMotley]

Real slashdotters unplug the CPU.

Re:Secure Bullshit

[RicardoGCE]

Real slashdotters remove the processor and RAM.

Re:Secure Bullshit

[Tough+Love]

Anything in a computer that calls itself 'Secure' isn't. Secure Boot is a false sense of security that will lead people to think they are safe. Secure Boot is Microsoft's Security against competition.

Agreed, Secure Boot is just Microsoft returning to its usual illegal business thuggery and hoping not to get slapped with $billions of fines this time. I would care about it if I thought the Surface would be a big hit but it's a thud so this is mostly entertainment. Great entertainment, like Laurel and Hardy trying to be evil.

Re:Secure Bullshit

[Dahamma]

If anyone has been paying attention in the last 5 years, Apple has blown past Microsoft in both profits/market cap and anti-competitive practices. Unless and until that is addressed, I think also-ran Microsoft will be free to do whatever it wants in this regard. It would be like ticketing a Toyota for an improper lane change while a Ferrari blows past at 150mph giving you the finger.

Re:Secure Bullshit

[toddestan]

Wha? Virtually every computer I have ever come across that supports WOL has it on by default.

Though whether it actually works is often another story...

Re:Its all in the language

[PolygamousRanchKid+]

Most people buying a computer will hear "Secure Boot", and yell, "Good! Secure! War on Terror!"

When they hear "Restricted Boot", they will scream, "Bad! Restricted! War against my freedom!"

It's those folks who this wording is for, not Slashdot folks.

Re:Its all in the language

[NemosomeN]

The problem I personally have with it is, traditionally, if you "invent" something, you get to name it. Other people can complain, and say that your name is inaccurate, but FSF is trying to replace the name being used. They've done this in the past, as noted by others. I'd much rather say "'Secure Boot' is a load of horse shit" than start calling it "HorseShit Boot."

Re:Here Comes The Judge

[BitZtream]

Apple can do anything it wants with its OWN devices. When they start using their (non-existent) monopoly to force others to follow the same rules, its different.

You don't get to tell a company how to sell its own product just because it doesn't let you freeload on their work.

Re:Its all in the language

[segedunum]

Quite frankly I find the term 'Secure Boot' a greatly misleading term when you consider how this can, and alas will, be used.

Re:Its all in the language

[Bert64]

Calling it "secure" is weaselly, as it will do very little to improve security for the users and their data.

Secure Boot is *not* (necessarily) DRM

[DrJimbo]

The essence of DRM is that user is considered to be the attacker. The FSF endorses Secure Boot only when the user has control of the keys so the user is obviously not the attacker in that case. Secure Boot is only a form of DRM when the user/owner does not have control of the keys. This is what we should fight against. Categorizing all forms of Secure Boot as "DRM" is wrong both technically and politically.

Being categorically against Secure Boot is akin to be categorically against digital encryption and signing in general just because they are tools that are sometimes used to create DRM. DRM is bad. Secure Boot without user/owner key control can make it worse. The FOSS community should embrace Secure Boot but fight for key control.

Used properly, Secure Boot will make FOSS systems more secure. It is much better to add security measures *before* they are needed rather than after. We have generally been ahead of the curve security-wise for decades. Embracing Secure Boot (with user key control) will help us stay ahead of the curve. If we instead shun Secure Boot there is a very real danger that we will lag behind.

Re:Secure Boot is *not* (necessarily) DRM

[DMUTPeregrine]

Yep. And Linux systems are potentially better able to take advantage of the security than current versions of Windows. Many Linux systems are already configured to only install signed packages from the distro repository, Secure Boot allows the boot process to be secured as well. Combined with SELinux some very secure setups can be realized.

Wrong

[scheme]

To replace the key and the boot-loader you have to disable "Secure Boot" in the firmware (Disabling by software is not allowed), then update the key (Means flashing a new version of the firmware) and the boot-loader and then reactivate "Secure Boot".

Now think of Average Joe or your grand mother and tell me how someone like them will accomplish this.

Replacing the keys doesn't require reflashing the firmware, you just need go into the UEFI setup screen and add or delete the keys you're interested in. If the key gets compromised, you just go to the setup, add the new key, boot and update the bootloader and go into the setup and remove the old key. Or, even easier, you update the boot-loader on a working system, then go into the UEFI setup and remove the old key and add the new key. The procedure you outlined is unnecessarily complex even assuming that you have to reflash the firmware to get new keys.

Re:Wrong

[martin-boundary]

Cool. So if you're *right*, where's Linux running on the surface?

Re:Wrong

[DrJimbo]

No. You are wrong. You said:

Replacing the keys doesn't require reflashing the firmware, you just need go into the UEFI setup screen and add or delete the keys you're interested in. If the key gets compromised, you just go to the setup, add the new key, boot and update the bootloader and go into the setup and remove the old key ...

This is true for Secure Boot where the user/owner has control of the keys but it is untrue of Restricted Boot which is what the OP was talking about. In fact their subject line (which you overwrote) was:

Restricted Boot by definition insecure

Their point, of course, is that with Restricted Boot the user, by definition, does not have control of the keys so has no access to the setup screens you talk about. This is the essence of the problem with Restricted Boot they were pointing out. Your response makes no sense.

Re:Its all in the language

[icebike]

Mod parent up.

Words have meaning, and I like descriptive product names.

Re:Here Comes The Judge

[kthreadd]

Of course they can. I was just replying to the following:

Anybody selling a system that prevents the user from using free software or OSs deserves a big, fat, nasty, very expensive, tour of courts all over the world.

Headline is disingenuous

[AliasMarlowe]

TFS has a headline which says "FSF Does Want Secure Boot". It would appear that this is not the case. The FSF would apparently prefer if secure boot were not implemented at all, but if it must be there, they ask that it be done in a way which allows straightforward user installation of a non-DRM OS.

Re:Headline is disingenuous

[rtb61]

Problem with secure boot is it creates a whole new attack vector. Attempts to solve one problem by creating a new one. When the purpose of attack is to deny access to the machine, what better way than to trip secure boot into action and prevent the machine from running. So you attack software doesn't have to do much of anything at all, just be difficult to remove without a full reinstall and it can leave the rest of the attack to secure boot.

Re:Headline is disingenuous

[lsatenstein]

Problem with secure boot is it creates a whole new attack vector. Attempts to solve one problem by creating a new one. When the purpose of attack is to deny access to the machine, what better way than to trip secure boot into action and prevent the machine from running. So you attack software doesn't have to do much of anything at all, just be difficult to remove without a full reinstall and it can leave the rest of the attack to secure boot.

===
Secure boot as implemented by MS is a two way sword. With the skills of present day hackers, they will determine the master key for the bios, and disable MS Windows 8. Now, it will take one key change to disable W8 and another to change the master key to block the bios from accepting new MS keys, hence new MS W8 reinstallations.

Anyone think that it will be done before summer?

Re:Headline is disingenuous

[rtb61]

Of course not to forget, the inevitable attack vector will be internet explorer. The worst of all the people who can least afford it will end up having to pay to fix it and M$ as always wont give a shit until class action law suit time.

Again, this is a big NON-ISSUE

Here is an example of a motherboard from one of the market leaders (ASUS, ASRock, Gigabyte, MSI, Biostar),
that lets you do whatever you want with SecureBoot (rtfm for the feature set)...
http://usa.asus.com/Motherboards/AMD_Socket_FM2/F2A85V_PRO/
And LOOK, you can turn off SecureBoot and/or make any and every key and/or signature whichever way you want it to be.
Precisely according to the UEFI spec as it requires. Read the docs, it's all there. You have full control.

Now, MS has EVERY right to lock their own ARM's and mobos and such proucts down, and they will do exactly that.
But public mobo makers like these big leaders, and third-party chinese ARM'ers and tablet'ers, never will do that with their open non-OEM lines, because they will lose business. Have you ever bothered to look at Chinese dual-sim phones running Android 4.1 and 4.2 for $250 or less? Totally open and unlocked and doing a brisk business.

So this whole thing is TOTALLY and FALSELY blown out of proportion.
The Linux fanboys and handwavers simply didn't bother to read the UEFI spec where it mandates this detailed level of control be given to the user. They didn't consult the hardware makers to ask. And they didn't review the boards on the marketplace.

The lockdown approach presented by the handwavers only applies to people insisting on buying MS-Windows products, for which they'd never want to run any other OS in the first place... precisely because they're self-defined MS-Windows fans, so they never about this, and can enjoy their chains in a blissful stupor.

Everyone else is simply not going to buy MS products.
It's that simple.

Here's an amazing idea.

[idbeholda]

If you don't like the secureboot idea, THEN DON'T BUY PRODUCTS THAT INCLUDE IT. Seriously, not that difficult of a concept to understand.

Re:Here's an amazing idea.

[MechaStreisand]

Are you completely fucking retarded? There might not BE any products that don't include it in a few years.

Re:Here's an amazing idea.

[rohan972]

It appears you didn't even read the summary:

We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems.

Re:Here's an amazing idea.

[idbeholda]

Actually, I did. But there's a lot of assmad ITT that needs to be quelled. I'll return in kind someday ;)

Anybody notice the accurate summary?

[jopsen]

I believe the real story here is the fact that slashdot managed to correct the extremely exaggerated story they presented yesterday.

Writting "it's more complicated" is nice, but hardly a good apology.


Nevertheless, in days like these, let's take a moment to congratulate slashdot on a summary that's actually correct.

It's too often, that I find a different story, if I read beyond the summary.

But virus's would know more than users

[jader3rd]

Knowing most "users" out there, any option which exists to let a 'user' configure something will most likely result in a virus configuring it on behalf of the ignorant user. Disabling Restricted Boot should require some physical action to prevent software from doing it.

Re:But virus's would know more than users

[spitzak]

When you turn off secure boot, Windows DOES NOT BOOT! It cannot because it will not see correct decoding keys read from the hardware. The virus cannot do much other than brick the machine, which it can do already in a much worse way by modifying a file so Windows refuses to boot whether or not secure boot is on.

The more useful feature that RMS really should insist on is that the user can add their own keys. But all this means is that you can boot either Windows or Linux without having to change the bios setting, and Linux can also take advantage of secure boot features. It does not mean that Windows can be patched by the virus (as the user's key is not useable to re-sign it as it will check that it was signed by a Microsoft key). Also means Linux cannot be patched by the virus either, provided the users put the signing key somewhere the virus cannot find it.

Re:But virus's would know more than users

[recoiledsnake]

>When you turn off secure boot, Windows DOES NOT BOOT!

That is simply wrong. Windows 8 works perfectly well on machines on which UEFI secure boot is disabled as well as other machines that don't even support it.

>The virus cannot do much other than brick the machine, which it can do already in a much worse way by modifying a file so Windows refuses to boot whether or not secure boot is on.

Wrong, the virus can load undetectable malware since it just fakes the identity of the boot record when the OS or antivirus tried to read it.

If low uid folks like you have given in to the FUD from the FSF, what hopes do the common folks have?

Re:But virus's would know more than users

[spitzak]

I think it is pretty funny that when I defend Microsoft's design as actually working, you claim I am "giving in to FUD from the FSF".

I guess this shows what "high uid folks" are like.

Re:But virus's would know more than users

[recoiledsnake]

Your post is just factually wrong. Windows DOES boot with Secure Boot turned off. Also, with Windows 8, users can already add their own keys or remove Microsoft's.

Re:But virus's would know more than users

[spitzak]

Windows does boot, but code depending on decryption keys from the hardware does not work. Currently little or no code does this, but a practical thing to make work is encrypted storage. However I do expect the first use of this is DRM applications refusing to work, which will be annoying, and misleading people into believing this actual feature is just another bad customer-hating thing from Microsoft.

I think the whole argument is that whether you can add keys depends on the computer manufacturer. It sounds like the majority only have the ability to turn secure boot off. And on ARM Microsoft has explicitly said that this is not allowed at all, even though the ability to add keys (as I have been trying to point out) does not compromise the signed copy of Windows in any way.

A lot of ifs for the future, though...

[Rob+Y.]

That's the real question. Is the ability to disable secure boot on X86 just a temporary concession to corporations that would refuse to buy new computers without it? Once XP and Windows 7 work their way out of the corporate infrastructure, will Windows certified X86 machines still be required (or even allowed) to support disabling secure boot. If there's some promise to that effect, then fine. But I don't know of any.

Also, if ARM ever supplants X86 in corporate settings, then all bets are off. There is no viable commodity marketplace for non-microsoft, non-apple X86 systems. We Linux users are lucky that commodity hardware can run our preferred OS. If the commodity X86 market were ever to dry up, leaving only locked down ARM stuff, we'd be out of luck. Yeah, there'd be stuff built for Android, I guess, but that assumes that Android succeeds at commodity levels in all the form factors we want to run Linux on. And that all those Android vendors don't lock down their systems too...

I guess there'd always be the niche Linux only hardware vendors. But they tend to build high-margin non-commodity stuff. I personally like running Linux on 'outdated' hardware that does everything I need it to do for a few hundred bucks. There exists a market for that stuff today, and OEM's even make money selling it. That could go away pretty easily.

What happens when...

[Loki_666]

What happens when the Master key is found/hacked/whatever?

I mean, the big hacking groups, you know, the real criminal ones with the money, are probably salivating at the idea of finding an exploit or getting their hands on the master key. Its really only a function of time, and even money that it happens in the next few years. Hell, they could probably throw enough money at someone within MS with access to the master key and have it within a few days if they knew who would be open to taking a bribe.

Still, i'm pretty much with the camp that thinks this is all useless security theater. I haven't seen a virus in years that did anything to the BIOS or pre-OS loading stage. They usually just rely on people's stupidity to click "yes" to everything and boom, their OS is compromised anyway.

Re:What happens when...

[recoiledsnake]

Just because you haven't seen one doesn't mean they aren't prevalent.

If you(and others here) really want to educate yourself instead of spreading karmawhoring FUD, please read on.

Here are some references about boot malware which UEFI secure boot will prevent.

http://www.chmag.in/article/sep2011/rootkits-are-back-boot-infection [chmag.in]

http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows/ [theregister.co.uk]

http://www.computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft [computerworld.com]

I recommend reading atleast the first link.

Here's one juicy bit:

TDL4 is the most recent high tech and widely spread member of the TDSS family rootkit, targeting x64 operating systems too such as Windows Vista and Windows 7. One of the most striking features of TDL4 is that it is able to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled.

When the driver is loaded into kernel-mode address space it overwrites the MBR (Master Boot Record) of the disk by sending SRB (SCSI Request Block) packets directly to the miniport device object, then it initializes its hidden file system. The bootkit’s modules are written into the hidden file system from the dropper.

The TDL4 bootkit controls two areas of the hard drive one is the MBR and other is the hidden file system created at the time of malware deployment. When any application reads the MBR, the bootkit changes data and returns the contents of the clean MBR i.e. prior to the infection, and also it takes care of Infected MBR by protecting it from overwriting.

The hidden file system with the malicious components also gets protected by the bootkit. So if any application is making an attempt to read sectors of the hard disk where the hidden file system is stored, It will return zeroed buffer instead of the original dataThe bootkit contains code that performs additional checks to prevent the malware from the cleanup. At every start of the system TDL4 bootkit driver gets loaded and initialized properly by performing tasks as follows: Reads the contents of the boot sector, compares it with the infected image stored in hidden file system, if it finds any difference between these two images it rewrites the infected image to the boot sector. Sets the DriverObject field of the miniport device object to point to the bootkit’s driver object and also hooks the DriverStartIo field of the miniport’s driver object. If kernel debugging is enabled then this TDL4 does not install any of it’s components.

TDL4 Rootkit hooks the ATAPI driver i.e. standard windows miniport drivers like atapi.sys. It keeps Device Object at lowest in the device stack, which makes a lot harder to dump TDL4 files.

All these striking features have made TDL4 most notorious Windows rootkit and it is also very important to mention that the key to its success is the boot sector infection.

Another bit:

The original MBR and driver component are stored in encrypted form using the same encryption. Driver component hooks ATAPI's DriverStartIo routine where it monitors for write operations. In case of write operation targeted at the MBR sector, it is changed to read operation. This way it is trying to bypass repair operation by Security Products

The OEMs offered to add Red Hat and Ubuntu etc.'s keys but they refused since they didn't want to have an exclusive solution and neither did they want to be in the position of signing keys. If the Linux foundation stepped up, the OEMs will gladly add their master key to U

Re:What happens when...

[truck87bp]

You haven't read the latest. UEFI has been broken and claimed to be easy. here is the link http://www.neowin.net/news/new-proof-of-concept-bootkit-targets-uefi-and-windows-8

Re:What happens when...

[recoiledsnake]

No, you haven't read the latest.. your own link specifically says that UEFI Secure Boot is not broken, i.e they managed to do the same thing with UEFI with secure boot off that they do with BIOS. If anything, this increases the importance of having UEFI Secure Boot turned on.

Re:Its all in the language

[rohan972]

Inventing something doesn't give you the right to restrict other people's use of language. The FSF isn't lobbying for legislation to change the names manufacturers can use to refer to their products. What words you choose to use are entirely up to you.

Nevertheless I personally think there is a case to be made that we should demand truth in advertising and that if a computer is marketed as secure it directly implies that security is for the buyer against third parties, not for third parties against the buyer. Restricted is a more accurate term for the latter case.

Link for the petition / statement

[monkeyhybrid]

Direct link to the petition / statement referred to in the summary: http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement/

Only takes a few seconds to sign it!

How about a one-way enable?

[jtgd]

What if computers were shipped with the Secure Boot disabled, and then a BIOS setting would allow it to be enabled? Then Linux users could use it normally, and Windows users could switch it on. You would have no option to disable it once it was enabled so it would remain "secure" for the Windows folks.

XP for (almost) ever!

[hicksw]

BECAUSE IT'S PAID FOR.

Not everybody gets their upgrades paid for by someone else. Or from a warez torrent.
--
The real hackers left ages ago. They were casted to void.

Re:Its all in the language

[NemosomeN]

Considering your sig equates anti-gun with pro-rape, your opposition to my logic is unsurprising.

Labeling your opponent, then arguing based on that label is neither a fair, nor reasonable approach. If you don't agree with how someone labels them self, then argue against that label. Don't just unilaterally change it, then harp on that change.

And if you want to ban everything that protects rapists, start with condoms. I look forward to your "pro-condom is pro-rape" campaign.

Re:Its all in the language

[rohan972]

Considering your sig equates anti-gun with pro-rape, your opposition to my logic is unsurprising.

The majority of pro gun ban arguments are full of emotional hysteria. To be fair, the majority of political arguments on both "sides" are full of emotion and misleading "facts" and interpretations of those facts.

I've been challenging people to watch the video and tell me if they could look her in the eye and explain their reasoning as they personally confiscated that woman's guns. It seems obvious and very logical to me that if you have a right to self defense then you have a right to suitable tools necessary for that defense, suitable tools being guns. So far no gun banner has been willing to write that they would be willing to personally take her guns while looking her in the eye. How about you? The idea is that by having emotional reasons to not ban guns to conflict with their emotional reasons to ban guns that people might actually seek out facts because rationalizing their position would become more difficult.

If it so happens that your position on this topic is based on logic rather than emotion I salute you. If that's true, you are a very rare individual and are not the intended audience for my sig.

Labeling your opponent, then arguing based on that label is neither a fair, nor reasonable approach.

"Secure boot" is not a person or my "opponent". Calling it secure when it's being sold to me meaning it is secure from me is not a fair or reasonable approach. If you're referring to the sig, I'll answer your objection after you watch the video and tell me the explanation you'd give her as you personally confiscate her guns. If you're not willing to do that your conviction that gun bans are good is not as strong as you think.

Re:Its all in the language

[NemosomeN]

I never said I was for or against gun ownership. I am, however, anti-rape, though that does not inform my opinion on guns. Labeling people pro-rape is not a reasonable way to frame an argument.

Re:Its all in the language

[rohan972]

I am, however, anti-rape, though that does not inform my opinion on guns.

I suggest that you watch the video. To be honest, I was expecting a flamebait mod for that sig, not a reply. It was on topic for another thread I was posting in though. The standard of moderation has declined, obviously. Nevertheless, we all see the victims of shootings on the news and should rightly have compassion for them and try to prevent them. I think that similarly we should have compassion for those that have taken responsibility for their own defense and not strip that defense from them.

Labeling people pro-rape is not a reasonable way to frame an argument.

No, it's an emotional provocation because it's an emotional issue, I've now removed that statement. Perhaps it would be better to say that Australia implemented the National Agreement on Firearms in 1996 and that according to the government report from Australian Institute of Criminology sexual assault numbers went from 14,542 in 1996 to 18,211 in 2006. There isn't room for that in the sig. It's also not a definitive argument for a particular position but it's worth consideration.

Re:Its all in the language

[NemosomeN]

You claim to be trying to make a rational, fact-based argument, but you seem to be trying to inject emotions into the argument as much as possible. Choose one or the other, or at least admit you are trying to use emotion to frame the argument.

Re:Its all in the language

[rohan972]

You claim to be trying to make a rational, fact-based argument, but you seem to be trying to inject emotions into the argument as much as possible. Choose one or the other, or at least admit you are trying to use emotion to frame the argument.

You could brush up on your reading comprehension before criticizing. I have reviewed my last two posts and I think it is abundantly clear that I am appealing to people's emotions. I don't need to admit it, I've explicitly stated it already. Did you watch the video and could you personally confiscate that woman's guns and look her in the eye as you did so? If so, what would you say to her to convince her it was good policy? Put forth your purely logical arguments if you think they will allay her terror. If your logic can't withstand the viewing of a video it isn't that strong.

Re:Its all in the language

[NemosomeN]

Fair point. I was going on memory of your initial post, and didn't reread it. Memory did not serve my well.