FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

Amit Aronovitch aronovitch at gmail.com
Tue Oct 25 17:37:29 IST 2011


Setting aside the amusing political debates and going back to the original
topic - what's the actual status of the UEFI boot issue?

(Following up on the link from Tzafrir's
post:http://mjg59.dreamwidth.org/6503.html,
see my comments below )

On Mon, Oct 24, 2011 at 1:56 AM, Amos Shapira <amos.shapira at gmail.com>wrote:

> On 23 October 2011 22:06, geoffrey mendelson
> <geoffreymendelson at gmail.com> wrote:
> >
> > On Oct 23, 2011, at 12:28 PM, Shlomi Fish wrote:
> >>
> >> The Free Software Foundation started a campaign called “Stand up for
> your
> >> freedom to install free software!” about Microsoft's plan to enforce
> >> “Secure Boot” in the installations of Windows 8, which will prevent
> people
> >> from being able to boot into GNU/Linux, one of the BSD variants, or
> other
> >> operating systems. You can sign it here:
> >>
> >> http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
> >
> >
> > It's pure FUD.
> > "we are concerned that Microsoft and hardware manufacturers will
> implement
> > these boot restrictions in a way that will prevent users from booting
> > anything other than Windows."
> >
> > Not that they are, or saying they will, or even hinted they will.
>
> I didn't follow the detail but a few weeks ago this made a noise on
> Slashdot and as far as I'm aware Microsoft issued a statement which
> calmed down the activists and it became a none-issue. I didn't follow
> it closely so I might be wrong.
>
>
Can you help locating the MS statement that you describe?

Some relevant details, described in Mathew Garett's post (thanks Tzafrir for
the link), and some of the replies there:

1. Problems with the proposed UEFI boot standard boil down to the fact that
it lacks any means to allow the *owner of the hardware* to edit the list of
trusted keys (load new keys, delete old ones).

2. It seems to me that some aspects of this are in fact a security issue,
which should also be in the interest of Microsoft to solve (e.g. they would
probably want some means to recover in case one of their keys get stolen).

3. Some solution to the problem (a mechanism for loading keys from specially
formatted removable media) will be (is being) suggested by Garrett to UEFI
during this week's "plugfest" http://www.uefi.org/events/

4. Readers of this group should be interested to know that this solution
(whatever other advantages/disadvantages it might have) would allow you to
end up being able to boot kernels (or bootloaders) that you compiled
yourself and signed with your own private key.

Hence: if that MS statement contained some indication that Microsoft would
support such a solution, indeed I see no serious reason to worry.
Either way, we should follow closely for reports from the plugfest
conclusions next week.

   AA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20111025/b53b4932/attachment-0001.html>


More information about the Linux-il mailing list