Announcement

Collapse
No announcement yet.

Free Software Foundation Thinks It Can Stop SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Free Software Foundation Thinks It Can Stop SecureBoot

    Phoronix: Free Software Foundation Thinks It Can Stop SecureBoot

    The Free Software Foundation is now soliciting donations and signatures for a pledge in hopes that it can stop UEFI SecureBoot and other "restricted boot" systems from becoming too common...

    http://www.phoronix.com/vr.php?view=MTI2MzU

  • #2
    Awesome. Signed!

    Comment


    • #3
      What the?

      Has the FSF just emerged after living in a cave for a while? Where was this idea a couple of years ago when it could've had more impact?

      Comment


      • #4
        Why is there so much effort is trying to retain dual boot?

        Simple set it that when Linux installs it kills Microsoft protected partitions.

        Comment


        • #5
          I just bought a brand new Windows 8 Dell laptop that has this SecureBoot.
          Booting Linux was as easy as going into the BIOS and selecting "LEGACY" instead of "UEFI". Problem solved.

          I was positive SecureBoot would only be a problem for ARM devices where it isn't a requirement to provide an option to disable SecureBoot. If ARM wants to be stupid, let them be stupid. I don't think it's the FSF's job to try and save a stupid company like ARM that is trying to force everybody to use SecureBoot. I mean, sure, I'll sign the little petition that says I'm not going to buy hardware that doesn't let me disable SecureBoot.. But I won't sign a petition that says I won't buy any hardware that has an optional secureboot feature, that's just silly.

          Comment


          • #6
            Originally posted by Sidicas View Post
            I just bought a brand new Windows 8 Dell laptop that has this SecureBoot.
            Booting Linux was as easy as going into the BIOS and selecting "LEGACY" instead of "UEFI". Problem solved.

            I was positive SecureBoot would only be a problem for ARM devices where it isn't a requirement to provide an option to disable SecureBoot. If ARM wants to be stupid, let them be stupid. I don't think it's the FSF's job to try and save a stupid company like ARM that is trying to force everybody to use SecureBoot. I mean, sure, I'll sign the little petition that says I'm not going to buy hardware that doesn't let me disable SecureBoot.. But I won't sign a petition that says I won't buy any hardware that has an optional secureboot feature, that's just silly.
            And you can still boot windows too ?

            Comment


            • #7
              Originally posted by Gps4l View Post
              And you can still boot windows too ?
              Of course you can. SecureBoot isn't a requirement to boot Windows, it just prevents unsigned code from running at boot.

              Comment


              • #8
                (@Sidicas)
                Well it is not actually that much ARM, Acron RISC machines is just delivering the virtual design for CPUs. They do not actually make hardware. They leave it to the various chipmakers and it's probably also up to them or, better up to the "BIOS"/UEFI writers to implement sh!t. The problem is that a lot of devices use ARM tech, especially small mobile things like (smart)phones, tablets and small netbooks. And if they have "hardwired" non-optional secure boot that IS an issue.
                Either way I do not want or need secure boot on any platform. It sucks. It's TCPA/TPM name it as you want and thus it is utter crap and always endangering customer's rights and freedom. It does NOT give the user any security enhancement. It is just an instrument to control the user.

                Maybe I sound like rms now but that is fine cause in that matter he's usually just right.

                Comment


                • #9
                  Has anyone thought of creating an Avaaz petition? Thus it would be possible to obtain more signatures from more people...

                  Comment


                  • #10
                    One GOOD story and we all should be happy?

                    Come one. There are dozens of OEMs who do not care about any other OS than Win. They can skimp on BIOS development by just making Win run on it.

                    BUT its more about MS twist of SB. Which FORBID options such as meantioned "LEGACY" mode. At release time or as future updates. NO OPTION TO TURN OFF SB (which by itself is make such implementation INCOMPATIBLE with UEFI).

                    Personally I do not care if I can disable it by hw switch (like in chromebooks) or by sw switch, but inability to install any software I want to on hardware I OWN, because manufacturer FORBIDS ME?


                    And as usual there are voices that consumer rights be damned, companies have right to do anything and they are happy with it......

                    Comment


                    • #11
                      Originally posted by przemoli View Post
                      One GOOD story and we all should be happy?

                      Come one. There are dozens of OEMs who do not care about any other OS than Win. They can skimp on BIOS development by just making Win run on it.

                      BUT its more about MS twist of SB. Which FORBID options such as meantioned "LEGACY" mode. At release time or as future updates. NO OPTION TO TURN OFF SB (which by itself is make such implementation INCOMPATIBLE with UEFI).

                      Personally I do not care if I can disable it by hw switch (like in chromebooks) or by sw switch, but inability to install any software I want to on hardware I OWN, because manufacturer FORBIDS ME?


                      And as usual there are voices that consumer rights be damned, companies have right to do anything and they are happy with it......
                      FSF is delusional. disabling secureboot in the firmware is easier than the BS people have to go through in using buggy distros like ubuntu or fedora. yesterday i went to best buy and it took me 15 seconds to disable secureboot. sure the grandma user would have problems going into the firmware. she is also gonna have difficulty when the nouveau driver hangs her GPU and she can't use bugzilla to submit a report!

                      Comment


                      • #12
                        While I support what the FSF stands for, this is doomed to be an ineffective campaign. Even if everybody who knows what secure boot is buys a computer with secure boot (a bold assumption, most will), we'd barely put a dent in their sales. I think the best route to pursue is exposing SecureBoot for what it is - an anticompetitive technology thinly disguised as a security measure. It's difficult to buy a new computer that doesn't come with secure boot, anyhow. I wonder how the SEC would feel about such anticompetitive measures if a strong enough case were to be made.

                        I'm glad that the FSF is trying to do something about this. While it might not seem so bad now, they're boiling frogs - I expect that legacy mode will be removed soon, and Win 8 SP1 or Win 9 will disable support for BIOS. If we're going to do anything about this, it needs to be soon.

                        On a side note, as much as I hate people hiring lobbyists, I wish the FSF had more. People are far too ignorant to the problems at hand to be able to cause change outside of a governmental framework - and I'm also glad that the FSF is fighting ignorance with compaigns like DefectiveByDesign.
                        Last edited by chickenlinux; 12-29-2012, 10:20 AM.

                        Comment


                        • #13
                          To me the answer to the SecureBoot problem is blatantly obvious - have an option in the UEFI settings to disable it. Anyone intelligent enough to figure out how to install and set up linux ought to know how to disable that. By having it as an enable/disable feature, the security code doesn't have to be given away so OSes like Linux can use it (giving it away basically defeats the purpose of it).

                          By adding a user accessible disable function (even as a mobo jumper), everyone wins - Microsoft can keep their initial security plans without anyone else meddling with it, mobo manufacturers aren't forced to take sides, the development of the feature doesn't have to be a waste of time, but best of all, the user gets to do whatever they want with their hardware. I don't see why this concept is so difficult to grasp. Sharing the key and signing a petition is not going to help.
                          Last edited by schmidtbag; 12-29-2012, 11:51 AM.

                          Comment


                          • #14
                            Originally posted by schmidtbag View Post
                            ... I don't see why this concept is so difficult to grasp. Sharing the key and signing a petition is not going to help.
                            I bet it's gonna help a zillion more times then writing a forum post that says that protesting about it won't help. Taking some action is always better than none at all.

                            In Europe, Germany has already made some statements about it:hsecure boot: http://www.h-online.com/open/news/it...s-1753715.html

                            Comment


                            • #15
                              No, no, no, and no, guys. Hardware manufacturers, last I checked, may not provide disabling functionality for Secure Boot on ARM devices if they want Windows 8 certification. On x86 and other desktop hardware they must have Secure Boot in place, but may go out of their way to allow users to disable it if they want to write that code / include that switch / take that development time.

                              Now if I've got my facts straight here, this is an anti-competitive measure on Microsoft's part. I remember Ballmer saying they were going to beat Linux at its own game, but I never thought hedging it out of emerging markets in the name of security with hardware fuckery like this was the plan he had in mind.

                              Some have said that disabling SB in the BIOS is the way forward. These people are short-sighted. What is actually being advocated is installing another technical roadblock for new users. When one can have Windows 8 auto-magically "just work" and Linux requires poking around in scary assembly code interface options or cracking open the case and putting hands on raw electronics just to get things into a state where they can begin an install - which is a worse situation than we have right now - that's not acceptable. And what do we do when Windows 9 goes UEFI+SB-only and mandates that new hardware can't have BIOS if they want certification?

                              Look, you people obviously don't care what happens to your computer. Just send it to me and I'll give it a good home. After all, if you're willing to let hardware and software manufacturers dictate how you use the products that you've bought, why can't I?

                              Comment

                              Working...
                              X