Will your computer's "Secure Boot" turn out to be "Restricted Boot"?
Microsoft has announced that if computer makers wish to distribute machines with the Windows 8 compatibility logo, they will have to implement a measure called "Secure Boot." However, it is currently up for grabs whether this technology will live up to its name, or will instead earn the name Restricted Boot.
When done correctly, "Secure Boot" is designed to protect against malware by preventing computers from loading unauthorized binary programs when booting. In practice, this means that computers implementing it won't boot unauthorized operating systems -- including initially authorized systems that have been modified without being re-approved.
This could be a feature deserving of the name, as long as the user is able to authorize the programs she wants to use, so she can run free software written and modified by herself or people she trusts. However, we are concerned that Microsoft and hardware manufacturers will implement these boot restrictions in a way that will prevent users from booting anything other than Windows. In this case, a better name for the technology might be Restricted Boot, since such a requirement would be a disastrous restriction on computer users and not a security feature at all.
The potential Restricted Boot requirement comes as part of a specification called the Unified Extensible Firmware Interface (UEFI), which defines an interface between computer hardware and the software it runs. It is software that allows your computer to boot, and it is intended to replace the traditional BIOS. Most Lenovo, HP, and Dell computers ship with UEFI, and other manufacturers are not far behind. All Apple computers ship with EFI and components from UEFI. When booting, this software starts a chain which, using a public key cryptography-based authentication protocol, can check your operating system's kernel and other components to make sure they have not been modified in unauthorized ways. If the components fail the check, then the computer won't boot.
The threat is not the UEFI specification itself, but in how computer manufacturers choose to implement the boot restrictions. Depending on a manufacturer's implementation, they could lock users out of their own computers, preventing them from ever booting into or installing a free software operating system.
It is essential that manufacturers get their implementation of UEFI right. To respect user freedom and truly protect user security, they must either provide users a way of disabling the boot restrictions, or provide a sure-fire way that allows the computer owner to install a free software operating system of her choice. Computer owners must not be required to seek external authorization to exercise their freedoms.
The alternative is frightening and unacceptable: users would have to go through complicated and risky measures to circumvent the restrictions; the popular trend of reviving old hardware with GNU/Linux would come to an end, causing more hardware to be tossed in landfills; and proprietary operating system companies would gain a giant advantage over the free software movement, because of their connections with manufacturers.
We will be monitoring developments in this area closely, and actively campaigning to make sure this important freedom is protected. Our first step is to demonstrate that people value this freedom, and will not purchase or recommend computers that attempt to restrict it.
Please sign our statement to show your support!
You can also stay up-to-date on this issue by:
- Subscribing to the monthly Free Software Supporter
- Following us on identi.ca @fsf
- Reading our blogs or subscribing to our RSS feeds
Learn more about Windows 8, UEFI, and boot restrictions
News and Blogs
- UEFI secure booting, by Matthew Garrett; in addition to providing a brief overview of Restricted Boot, this article explains specifically why dual-booting an operating system may be difficult, or at times virtually impossible, for systems implementing and using Restricted Boot.
- Trusted Computing 2.0, by Ross Anderson of the Security Research, Computer Laboratory, University of Cambridge.
- Protecting the pre-OS environment with UEFI,Tony Mangefeste of Microsoft — a response to Garrett, et al.
- UEFI secure booting (part 2), by Matthew Garrett — a follow-up to Microsoft's blog post.
- ArsTechnica article
Working together for free software
Free software is simply software that respects our freedom — our freedom to learn and understand the software we are using. Free software is designed to free the user from restrictions put in place by proprietary software, and so using free software lets you join a global community of people who are making the political and ethical assertion of our rights to learn and to share what we learn with others.
The free software GNU operating system, which began development in 1984 is now used by millions of people worldwide as an alternative to both Microsoft Windows and Apple's Mac OS X operating systems.
Because most software we buy or download from the web denies us these rights, we can look at the reasons why: usually we don't actually buy ownership of the software but instead, receive a license to use the software, binding us with many fine-print rules about what we can and cannot do.
We should be able to make copies of software and give them to our friends, we should be able to figure out how programs work and change them, we should be able to put copies of software on all the computers in our home or office — these are all things that software licenses are traditionally designed to prevent.
Enter the free software movement: groups of individuals in collaboration over the Internet and in local groups, working together for the rights of computer users worldwide, creating new software to replace the bad licenses on your computer with community built software that removes the restrictions put in place and creates new and exciting ways to use computers for social good.
Meet the community
Get started with free software
- Learn how you can install free software on your computer
- Meet some of the free software programs you can install
The next steps towards full free software
Go there.... http://www.fsf.org/working-together/
The FSF is a charity with a worldwide mission to advance software freedom — learn about our history and work.
This could end up forcing us Linux users to keep using old hardware. And force Windows 8 user to keep Paying the Piper for his Wares. Whether they want to or not!:( Dis you find the link to sign the Petition? Here is it... http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
- Free Software Foundation urges OEMs to say no to mandatory Windows 8 UEFI cage
- free software foundation urges oems to say no to mandatory windows 8 uefi cage - Google Search
- Free Software Foundation urges OEMs to say no to mandatory Windows 8 UEFI cage | ZDNet
- Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot | ZDNet
- Microsoft to stop Linux, older Windows, from running on Windows 8 PCs | ZDNet
- Welcome — Free Software Foundation — working together for free software
- Stand up for your freedom to install free software — Free Software Foundation — working together for free software
- Will your computer's "Secure Boot" turn out to be "Restricted Boot"? — Free Software Foundation — working together for free software
- Working together for free software — Free Software Foundation — working together for free software