FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

Oleg Goldshmidt pub at goldshmidt.org
Tue Oct 25 18:34:08 IST 2011


2011/10/25 Amit Aronovitch <aronovitch at gmail.com>:

>> I didn't follow the detail but a few weeks ago this made a noise on
>> Slashdot and as far as I'm aware Microsoft issued a statement which
>> calmed down the activists and it became a none-issue. I didn't follow
>> it closely so I might be wrong.
>>
>
> Can you help locating the MS statement that you describe?


I was not the one who "described" it but I believe this is the
statement in question:

http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx

Some quotes:

"Secure boot doesn’t “lock out” operating system loaders, but is a
policy that allows firmware to validate authenticity of components"

"Microsoft does not mandate or control the settings on PC firmware
that control or enable secured boot from any operating system other
than Windows"

This does not really mean much to me. As far as I can decipher the
really problematic piece is the bootloader (e.g., grub for our
purposes). The statements above say, if the FW vendor allows disabling
the security feature it's up to you, it you want to use grub and Linux
we are fine with that. What they do not say is, e.g., if you disable
the FW security layer you will not be able to boot Windows 8 from
unsigned grub. They do not say how one would go about signing grub
(see the RedHat guy's post for details of the problem).

I miss lots of things in the debate that I've seen discussed nowhere.
E.g., if I disable FW security layer and use unsigned grub to boot
Linux, will I be able to run Windows 8 in a VM on top of that Linux?
Will hypervisor vendors (including hosted hypervisors) have to include
new "security" components that would verify all the layers below to
run a Windows 8 guest (nested virtualization will be so much more fun,
eh?)? WIll security be checked only at OS boot? Will it be impossible
to live-migrate a Windows 8 VM between physical servers with different
security settings (sounds like a lot of work for VMware VirtualCenter
and other products like that). Ditto for enterprise level provisioning
and/or scheduling systems that match images (of physical or virtual
systems) with HW resources. Ditto for "orchestration" products that
reshuffle resources to optimize whatever and heal other stuff and add
capacity on demand etc., etc., etc. All those will have to take
additional parameters into account (and do more work, e.g.,
reconfigure FW on the fly, adding to provisioning complexity and
time), otherwise things won't boot.

However, the discussion below the blog I linked to above seems to
indicate that MS may not be as evil as we give them credit to be:

Q. [W]ill Windows 8 be usable on systems which have secure boot
disabled for compatibility questions?
A. Of course Windows is usable without secure boot -- just like the post stated.

I did not find this statement in the blog, but I could have missed it.
As far as I understand the blog post was written by a different
person(Tony Mangefeste) than the blog owner (Steven Sinofsky), and the
answer I quoted above is from the blog owner. So I am not 100% sure
that the security option can be turned off in Windows 8.

-- 
Oleg Goldshmidt | pub at goldshmidt.org



More information about the Linux-il mailing list