[Nottingham] Fwd: EFI concerns passed to Broxtowe MP, and East Midlands MEPs

Andrew Wilson i.andrew.wilson at gmail.com
Sat Oct 22 10:22:16 UTC 2011

Morning List

I sent the following today to My MP and MEPs. via "theyworkforus.org"
PS I'm a lurker, but promise to contribute more in future

Dear Anna Soubry,

There follows a statement by the free software foundation, who exist to 
campaign for the protection of individual freedom to use and distribute 
free software without hindrance.

One of the major threads of their work (as well as maintaining the GNU 
free operating system) is monitoring the actions of major players in the 
proprietary market, ensuring that they are not abusing their position.

The concern in what follows can be summarised as:
Microsoft are proposing as a condition of being able to ship their next 
flagship product - Windows 8 - on equipment manufacturers, restrictions 
which if abused would enable Microsoft to control the use of free 
software on such equipment.

  This is interpreted by many as a great risk that Microsoft may be able 
to stifle free foftware to their commercial benefit.

Can i assume the government's diligence when inevitably required to act 
on this risk?

Yours Sincerely
Andrew Wilson.

FSF release below.

Microsoft has announced that if computer makers wish to distribute 
machines with the Windows 8 compatibility logo, they will have to 
implement a measure called "Secure Boot." However, it is currently up 
for grabs whether this technology will live up to its name, or will 
instead earn the name Restricted Boot.

When done correctly, "Secure Boot" is designed to protect against 
malware by preventing computers from loading unauthorized binary 
programs when booting. In practice, this means that computers 
implementing it won't boot unauthorized operating systems -- including 
initially authorized systems that have been modified without being 

This could be a feature deserving of the name, as long as the user is 
able to authorize the programs she wants to use, so she can run free 
software written and modified by herself or people she trusts. However, 
we are concerned that Microsoft and hardware manufacturers will 
implement these boot restrictions in a way that will prevent users from 
booting anything other than Windows. In this case, a better name for the 
technology might be Restricted Boot, since such a requirement would be a 
disastrous restriction on computer users and not a security feature at all.

The potential Restricted Boot requirement comes as part of a 
specification called the Unified Extensible Firmware Interface (UEFI), 
which defines an interface between computer hardware and the software it 
runs. It is software that allows your computer to boot, and it is 
intended to replace the traditional BIOS. Most Lenovo, HP, and Dell 
computers ship with UEFI, and other manufacturers are not far behind. 
All Apple computers ship with EFI and components from UEFI. When 
booting, this software starts a chain which, using a public key 
cryptography-based authentication protocol, can check your operating 
system's kernel and other components to make sure they have not been 
modified in unauthorized ways. If the components fail the check, then 
the computer won't boot.

The threat is not the UEFI specification itself, but in how computer 
manufacturers choose to implement the boot restrictions. Depending on a 
manufacturer's implementation, they could lock users out of their own 
computers, preventing them from ever booting into or installing a free 
software operating system.

It is essential that manufacturers get their implementation of UEFI 
right. To respect user freedom and truly protect user security, they 
must either provide users a way of disabling the boot restrictions, or 
provide a sure-fire way that allows the computer owner to install a free 
software operating system of her choice. Computer owners must not be 
required to seek external authorization to exercise their freedoms.

The alternative is frightening and unacceptable: users would have to go 
through complicated and risky measures to circumvent the restrictions; 
the popular trend of reviving old hardware with GNU/Linux would come to 
an end, causing more hardware to be tossed in landfills; and proprietary 
operating system companies would gain a giant advantage over the free 
software movement, because of their connections with manufacturers.

We will be monitoring developments in this area closely, and actively 
campaigning to make sure this important freedom is protected. Our first 
step is to demonstrate that people value this freedom, and will not 
purchase or recommend computers that attempt to restrict it.

More information about the Nottingham mailing list