Skip to comments.Red Hat engineer renews attack on Windows 8-certified secure boot
Posted on 09/27/2011 8:25:02 AM PDT by ShadowAce
A senior Red Hat engineer has lashed back at Microsoft's attempt to downplay concerns that upcoming secure boot features will make it impossible to install Linux on Windows 8 certified systems.
Unified Extensible Firmware Interface (UEFI) specifications are designed to offer faster boot times and improved security over current BIOS ROM systems. The secure boot feature of the specification is designed so that only digitally signed OS loaders will load, a security feature that would prevent the installation of generic copies of Linux or FreeBSD as well as preventing rootkits and other boot-time malware from running.
A digitally signed build of Linux would work, but that would mean persuading OEMs to include the keys. Disabling the feature would allow unsigned code to run. However, it is unclear how many OEMs and firmware vendors will follow this route, which isn't required for Windows 8 certification.
The forthcoming secure boot feature has created a huge row with computer scientists, such as Ross Anderson of Cambridge University (here), and open-source developers who accuse Microsoft of pushing lock-in and decreasing consumer choice. Microsoft responded by saying consumers would continue to control their PC and cited the example of one OEM, Samsung, which is including a "disable secure boot" feature on prototype versions of its tablet PC.
This response has failed to satisfy critics of the technology. Matthew Garrett, power management and mobile Linux developer at Red Hat, who was among the first to flag up concerns over the technology, said that Microsoft's response fails to address his central point that "Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems".
Red Hat, he explains, has been working with Linux suppliers, hardware manufacturers and BIOS developers since becoming aware of the issue in early August.
Garrett said that Windows 8 certification requires that hardware ship with UEFI secure boot enabled. A feature allowing secure boot to be disabled necessary to run Linux and FreeBSD on certified systems is not required for certification. "We've already been informed by hardware vendors that some hardware will not have this option," Garrett writes in a flow-up blog post to his original critique of the technology.
In addition, Windows 8 certification does not require that the system ship with any keys other than Microsoft's. Such systems will only securely boot Microsoft operating systems.
A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's," Garrett writes. "No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer."
Neither of the two options the first being to get OEMs to include keys for a digitally signed copy of a particular build of Linux and the second being allowing users to disable secure boot look likely in most circumstances. The upshot of this, as things stand, is that Linux fans will only be able to run the alternative operating system on a small minority of Windows 8-certified hardware.
But the issue goes beyond operating system choices and also affects other modification a user might choose to make to their PC, Garrett argues. He reckons Microsoft is pushing control of what can or can't be done on a PC away from consumers towards hardware manufacturers.
"Microsoft claims that the customer is in control of their PC," he writes. "That's true, if by 'customer' they mean 'hardware manufacturer'. The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC."
Garrett isn't opposed to secure boot or UEFI as such but the way Microsoft is "misusing" the technology to "gain tighter control" over the desktop operating system market it already dominates.
"Microsoft's rebuttal is entirely factually accurate," Garrett writes. "But it's also misleading. The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows. The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft are misusing to gain tighter control over the market. And the truth is that Microsoft haven't even attempted to argue otherwise," he concludes. ®
Red Hat has done some testing work with the UEFI Forum, an industry group that is overseeing the development and introduction of the next-generation start-up specification. However this testing work happened before the implications of the secure boot feature became clear, Garrett told El Reg.
We're contributing members of the UEFI forum, which means we have access to the specification drafts and contribute towards the language in them," Garrett told El Reg. "We also typically attend some of the UEFI testing events. While the UEFI specification for secure boot has been public for some time, Microsoft's plans for it only became known very recently. We're still at the point of working out how some of the fine details are going to work. So, yes, while we do some testing with the forum, the last testing event was from before Microsoft let us know they were going to do this." ®
I’m glad Red Hat is on this.
Microsoft’s tactics are very shady. They deserve to be embarrassed in news reports for what they’re doing.
Even for anybody who is a fanatic of their particular brand of OS and may not be affected by this, everybody should see this for what it is and be outraged by it.
It strikes me that Microsoft is playing a word game typical of progressives.
They’re trying to make it seem as if they mean ‘security’ as in, secure from viruses, or spyware, or pick your security related topic.
What they’re doing though is quite different. They’re making machines specified so that they are “Secured to only boot windows”.
They could easily open source this technology if it wasn’t the case, so as to prove that they aren’t purposely trying to lock out the competition.
I was informed this was bullshit, and that the Linux community would just build their own PC's if it they didn't have old Windows PCs to re-purpose.
That's been their MO since I can remember.
Of course, it helps that they were founded by a couple of huge liberals.
I have very little problems with computers (Microsoft or Linux based) but that is not the case for most operators.
It was especially prevalent with Vista users. (a real dog of an OS)
But then--you were also wrong.
By the time Linus posted his now famous usenet post, 386 PCs were pretty standard, but PCs with Windows pre-installed on them were not. 1991 was still the era of Windows 3.1, and no standard software images were being installed pre-sale. Since he lived in Finland at the time, it's difficult to say with certainty whether he had ever had Windows installed on that machine.
I don’t think the details matter much, as long as I was wrong.
Depending on your age and perspective you might say the real debt was to IBM for the standardization of the platform. Microsoft was a beneficiary of that, as was Linux.
LOL! For the record, I think you were closer to the truth than what you were told.
I agree IBM standardized the platform, but then they turned around and tried to make it proprietary with the PS/2 and MCA.
IMHO, Microsoft writing their OS to be as hardware-agnostic as possible drove the develoment of new hardware on several fronts.
I've seen many people rave about Apple's business model, but I've never been able to get them to say they think that the industry would be better off today if Microsoft and IBM had adopted that same model back in '81.
I’m not sure why this is Microsoft’s fault. This should be a good security measure against rootkits, and the decision to have the option to disable it is entirely up the the hardware manufacturer.
-——————I opined once (on another thread) that the Linux community owed a debt to Microsoft for making PC’s a commodity item-——————
I could go along with that.
Apple’s OSs have typically been much more............. bossy........ than Microsoft’s. Until recently. MS wants to end this before it gets any worse.
Apple computers may have still made computers a commodity, but this sort of strong arm tactic is one that Apple would’ve employed long, long ago. IMHO.
That assumes that microsoft’s motives are actually to defend against root kits.
I have little doubt that this is all about competition. “Securing” their future as a monopolist.
No, it doesn't. Whether it provides protecion against rootkits is a techncal question who's answer has nothing to do with whether that was the intended purpose or not.
We've had quite enough problems with flame wars based on unsubstatiated accusations about motives on these threads, and calls to limit discussion to technical issues and the relative merits based on that criteria.
If you want to start a flame war, go find somebody else to help you start it.
Is this going to be the start of the decline of Microsoft?
That statement is from the perspective of Microsoft single handed direction of the PC development. It did not. I am old enough to remember TRS-DOS, NewDOS, CPM and all the Windows platforms. (and quite a few more)
Microsoft "bought" their first OS, did not write it. They have been excellent marketers, but have a long history of loving monopoly positions. Freedom works, but MS is not about that. Competition works, but MS is not about that.
I am not a MS hater, but I know what they are about. I love technology, but am always wary of motives.
Poor: 3.x, 95, 98, ME, Vista
Solid: NT, 2000, XP, W7/64
IMHO, W8 has all chances to follow along ME and Vista.
Smells to high heaven, IMO.
If I build my own, will I be forced to buy a motherboard that is crippled?
That statement was from the perspective of doing a comparative assesment of the affects of a business model that leaves hardware development to the hardware manufacturers and trying to write the OS to support as much of that as possible, vs a business model of writing an OS designed for a limited hardware platform controlled and manufactured by the company writing the OS.
when in doubt, accuse MS ..
MS was never a hardware developer, so why would they? In the case of Apple, until recently they always had ties to hardware and software.
MS is increasingly trying to force the hardware manufacturers and PC assemblers to enforce their licensing. To the point of trying to hold the U.S. manufacturers responsible for their ChiCom hardware suppliers. They recently had defectors on that attempt.
Since we are on the subject. There is a reason that hardware, operating systems and applications were developed separately. The complexity and the skills were dispersed. Openness allowed all this to happen.
Oh, and I forgot. There were also the BIOS guys.
If you were in charge of license enforcement, how would you do it?
will be unable to perform secure boot of any operating system other than Microsoft’s
IIRC, it was compaq that originally reverse engineered BIOS in a clean-room environment. Without access to BIOS routines, we would have been fooked.
As I understand the situation, it will be able to perform a *secure* boot of any signed OS that has the matching keys installed in the firmware.
If the motherboard manufacturer doesn't give you the option to enable a non-secure boot, then you won't be able to boot an unsigned OS, or signed OS that the firmware doesn't have the keys to validate.
I've also seen some discussion about the motherboard manufacturers providing the ability to update the installed keys in the firmware. With this option, you should be able to obtain a generic copy of a Linux (or any other OS) distro, sign it, and install the keys for cert into the firmware and then do a *secure* boot of that OS.
At this point claiming that this will prevent you from ever booting anything but Windows on a Windows PC appears to be FUD. It's possible that a manufacturer could design and ship a motherboard that only has the Windows keys installed, doesn't allow you to select the option of doing a non-secure boot, and doesn't have any provisions for updating the key collection. I'll leave it to you to speculate on the probability that a manufacturer would intentionally paint themselves into that corner.
Ms OS sequence:
Poor: 3.x, 95, 98, ME, Vista
Solid: NT, 2000, XP, W7/64
IMHO, W8 has all chances to follow along ME and Vista.
Thanks for the interesting and thoughtful response. Sounds like you understand the problem domain as well as most in the industry, maybe better. Sounds like the industry hasn’t quite figured out where everything is going to land on this one. Will definitely keep an eye out. Thanks again.
Apple computers may have still made computers a commodity, but this sort of strong arm tactic is one that Apple wouldve employed long, long ago. IMHO.
Although Apple in the interregnum between Jobs eras did license its OS for non-Apple hardware, under Jobs Apple has not so much sold licenses to OS X but has bundled OS X with its hardware - and refused to license OS X use on any other hardware.Apple would prefer a hardware feature which enabled OS X and which was unique to Apple to a technology which prevented other OSes from running on Apple hardware.
To the extent that Microsoft could undermine the production of hardware by independent OEM's which ran on any other OS than Windows, it would throw Apple - producer of its own hardware - directly into the briar patch. In that world, Hackintoshes wouldn't exist - and Apple's business model depends on the active desire of customers for OS X.Of course in the smartphone realm, Apple does oppose the "unlocking" of hardware.