[Nottingham] Fwd: [FSF] Stand up for your freedom to install free software

Tue Oct 18 08:01:12 UTC 2011

On 18/10/11 00:56, Martin wrote:
> Folks,
> 
> I wouldn't normally (ab)use the list for anything remotely of a
> 'campaigning' nature, however this issue does imping upon our very
> freedom to use readily available *hardware* to run GNU/Linux systems
> (or indeed any other system).

There's been quite a lot about this in the press (The Register,
Slashdot, usual culprits).
http://www.theregister.co.uk/2011/09/21/secure_boot_firmware_linux_exclusion_fears/
http://www.theregister.co.uk/2011/09/23/ms_denies_uefi_lock_in/
http://www.theregister.co.uk/2011/09/26/uefi_linux_lock_out_row_latest/

Basically MS want to make sure that the hardware will only boot a
genuine Windows, and not boot rootkits etc.  To do this, they will
require OEMs install MS keys into the UEFI and they will determine what
can/cannot run.

So on first glance it doesn't look too bad, MS just want to protect
their "stuff" and are only spec'ing out what they want for their stuff.

BUT...

1) MS do not require that the user be given the ability disable this.
If money can be saved by not including this feature (or money made by
issuing a "pro" version without knobbled firmware) then OEMs will do
this.  So either you can't install what you want, or you pay through the
nose for the privilege.
AIUI motherboards shipping today with this feature do allow one to
switch it off - there's nothing to say that this will remain the case.

2) MS do not require the OEM to install other keys.
Why would they?  It is the job of the distro makers to get OEMs to
include their keys, or to publish the keys for users to download and
install to UEFI.  Assuming, of course, the OEM includes a way to install
new keys.
The 500-kilo gorillas might be OK (RedHat etc) but the smaller distros
could struggle, and can you imagine the uproar from OEMs with the have
the include Windows + the top n GNU/Linux distros?

3) MS could force people to buy new hardware.
Windows 8 ships with Secure Boot.  Yay.  Less rootkits (or whatever).
Then Windows 9 lands.  But it won't run!  Why?  New key needs and the
end-user has no way of disabling Secure Boot or install new keys.
Kerr-ching!  The OEMs start coining it in as world-and-dog buys new PCs.
Why do I think this will happen?  because if I was them it's what I
would do (via a few puppet standards bodies to avoid anti-trust).

4) It's bad for the planet
Making a new PC uses up a lot of energy.  Recycling takes even more,
releases toxic chemical and (considering a lot is done by children in
the third world) wrecks lives.  Much better, IMHO, to use a PC until the
chips drop off.  With all the problems mentioned above, it will become
impossible to do this.

5) It's pointless.
The general idea behind Secure Boot is a good one.  "I installed *this*,
so only run *this*".  But let's face facts, it's going to have its arse
ripped open by crackers and hackers alike.  The latter out of a sense of
indignation and the former because they need their malware to run.

Further to what the FSF has said, I would consider writing to one's MP,
MEP and the EU highlighting the possibilities for restriction on
free-trade and abuse of a monopoly position.  One could also mention how
this compounds the problems caused by the MS Tax (update: Here's the
reply I got from the EU on their survey about the bundling of Windows:
"" [i.e. nothing]).

J.