

Ubuntu's Plans To Implement UEFI SecureBoot: No GRUB2 - pwg
http://www.phoronix.com/scan.php?page=news_item&px=MTEyNDY

======
pieter
From the mailing list:

"We believe that the intention of secure boot is to protect against malicious
use or modification of pre-boot code, before the ExitBootServices UEFI service
is invoked. Currently, this call is performed by the boot loader, before the
kernel is executed.

Therefore, we will only be requiring authentication of boot loader binaries.
Ubuntu will not require signed kernel images or kernel modules."

That's completely different from what Fedora is doing (signing all kernels and
modules). I hope for them Microsoft agrees with their interpretation and won't
revoke their signed binaries. I'm not sure what advantage they would get from
a signed boot loader, if you can run any arbitrary kernel from within the
loader.

~~~
ajross
I was wondering about this too. From the user's perspective, this is _great_ ,
as it basically means that everything downstream from the custom UEFI
bootloader can be unsigned, user-defined code.

But at the same time, it pretty clearly defeats the purpose of the UEFI
signature chain. A plausible malware vector would thus be to install the
ubuntu loader, which then loads your malware payload and chains to windows,
compromising the "secure" boot.

Basically, it undoes secure boot entirely. Which is a good thing. I hope
Microsoft is willing to look the other way on this, but I fear that they are
not.

~~~
wmil
If the boot loader is required to show a splash screen the user will still get
clear evidence that something strange is going on.

~~~
ajross
A technical user, sure. But that's an awfully big step down in security
guarantees: "Hardened, secure boot with guaranteed validity and authentication
at each step." to "Wait, did we install Ubuntu on this box?"

~~~
jdhopeunique
Also it could have the effect of associating the Ubuntu splash screen with
malware in the users mind. Given that many users associate a black linux
commandline prompt with malicious hackers, this might cement in their minds
that linux is bad.

~~~
beagle3
They should have a splash screen saying: "Now booting Ubuntu Linux. If one of
the next screens says "Welcome to Microsoft Windows", your system is probably
infested with malware.

------
rlpb
"Booting our CDs will rely on a loader image signed by Microsoft's WinQual
key...the UEFI specification only allows an image to be signed by a single
key."

This is anti-competitive and should not be acceptable. The UEFI specification
needs to be fixed before vendors are forced to comply with it. It is
disappointing that this won't happen.

~~~
maxerickson
Microsoft is requiring companies that want a 'Works with Windows 8' sticker
to, um, work with Windows 8.

The logo program doesn't stop manufacturers creating similar unstickered
hardware or putting more than one key in the stickered hardware.

~~~
sounds
Although I would like to agree with you, I'm not convinced.

The reason Ubuntu (and Red Hat) aren't pushing to get their key included in
the hardware is clear from the article:

"Microsoft's WinQual key, for much the same reasons as Fedora: it's a key
that, realistically, more or less every off-the-shelf system is going to have,
as it also signs things like option ROMs, and the UEFI specification only
allows an image to be signed by a single key."

The Microsoft WinQual key monopoly is there because option ROMs (and other
drivers) are only given one slot for a signature. After Microsoft signs the
ROM, the manufacturer _can't_ add a Red Hat or Ubuntu signature to the drivers
for their hardware.

This means even if you convinced all the manufacturers to include, say, a
Ubuntu key, you still couldn't verify option ROMs were secure. Only
Microsoft's key would work for that - thus, Microsoft's key will be the only
one installed by the manufacturers.

Your next solution - creating unstickered hardware - is not a solution. There
are a few manufacturers offering a linux option (Dell, Lenovo), and a few who
sell only linux hardware (system76.com). In a UEFI secure boot world, there
would be < 1% of hardware that wasn't locked to Microsoft's key, while 99%+
would be locked. I know users are supposed to be able to access a BIOS screen
to disable secure boot, but that makes installing Linux much more painful than
installing Windows 8. Why cede the advantage to Microsoft?

The best way to fight this, I believe, is to put your time and resources into
coreboot.org and the FSF.

~~~
maxerickson
I'm not arguing that unstickered hardware solves anything, I'm arguing that it
is hard to construe the sticker program as anti-competitive. As long as the
stickered hardware can boot anything, then it is a reach to say that it is
harming anyone (I don't find the confusion and unnecessary difficulty
arguments very compelling, people that have difficulty twiddling the bios are
going to run into problems anyway).

I don't understand the details of the option rom stuff, but my superficial
impression is that no other entity is particularly motivated to run a
meaningful program for signing such code. And it's still an open question if
Microsoft can run such a program and have it end up meaning anything.

~~~
sounds
I don't have to convince you that "it is harming anyone" (your words).

You have to convince me that Microsoft's UEFI Secure Boot requirements aren't
a threat to Software Freedom (as defined by the FSF).

Otherwise, Microsoft, Secure Boot-enabled laptops, and anything with a Windows
8 sticker will continue to get lots of bad press.

~~~
maxerickson
The context of my comment was someone labeling the practice anti-competitive.
That's where harm comes into the picture.

I'm sure that the stuff will continue to get bad press, the idea of centrally
controlled hardware is offensive to a large chunk of the people that bother to
think about it.

~~~
beagle3
Anti-competitive includes future harm. The way bundling IE was found
anticompetitive by US and EU courts. Specifically, it is illegal to leverage
monopoly in one market to gain entry to others - because history has shown
that this is always abused and eventually harms society.

------
xaa
Why is this whole SecureBoot saga not being considered as anticompetitive
behavior by Microsoft? It's pretty clear that the only "advantage" of
SecureBoot is to hinder competing OSes.

And that Microsoft has only been able to obtain such a favorable result from
the UEFI forum by throwing its weight around.

~~~
blahedo
Agreed. Microsoft has used their dominant position to strongarm the hardware
companies into putting up a tollgate, which forces all of Microsoft's
competitors to pay Microsoft if they want to keep competing.

Right?

~~~
btilly
$99 from a vendor for all of their sales is not a big financial deal.

The interesting part comes the first time Microsoft decides to revoke a
competitor's key as part of a Windows update, and people who dual-boot find
out about it because they no longer can dual-boot. Even if the mess gets fixed
quickly, it will be a cause of FUD. How blatant will they be in taking
advantage of that?

~~~
blahedo
Sorry, didn't realise the fee was only $99; you're right, that's more of a
nuisance fee than anything else.

I'm still concerned that MS is manning the tollbooth, though, for roughly the
reasons you state. :)

~~~
recoiledsnake
>Sorry, didn't realise the fee was only $99; you're right, that's more of a
nuisance fee than anything else

That's not your fault. It's part the press writing flamebait headlines to
drive page hits and intentional FUD from some people repeating the story as
'RedHat forced to pay MS' and gloss over the $99/year which won't even start
to mitigate MS' cost to run such a signing service.

------
nicholassmith
What a catch 22. We want commitment to OSS so we're GPL v3, but because of our
commitment we can't supply OSS so instead we're going to go for something else
that's not OSS so we don't disclose the key.

Someone, somewhere, has just torn their beard out in fury.

~~~
adestefan
The GPLv3 does not require you to provide a key. It only requires you to
provide a way to bypass the need for a key. Allowing a user to add their own
keys or even the option to disable the need for a key is fully within the
bounds of the GPLv3.

There's also the outstanding issue that if you only supply software, then you
might not even need to do anything to comply with the TiVo-ization clauses of
GPLv3.

~~~
obtu
Interesting, but I think this needs further analysis. That bypass mechanism
must also comply with the “no additional restricions” aspect of the licence.

------
davidcollantes
From the source[1][2] and not on an advertising infested page.

[1] [http://blog.canonical.com/2012/06/22/an-update-on-ubuntu-
and...](http://blog.canonical.com/2012/06/22/an-update-on-ubuntu-and-secure-
boot/)

[2] [https://lists.ubuntu.com/archives/ubuntu-
devel/2012-June/035...](https://lists.ubuntu.com/archives/ubuntu-
devel/2012-June/035445.html)

------
hippich
I would imagine secureboot work this way - you start machine, UEFI detects
that signature of bootloader or kernel or whatever fails signature
verification. If it fails - ask user if he wants to save new signature instead
or if he did not install any updates to kernel/boot/etc.

This way it will be:

    
    
      - universally between OSes
      - will allow GPL code to be used
      - will not lock people into particular software platform
    

Are there any problems with my approach?

~~~
unimpressive
>Are there any problems with my approach?

Yes. The classic "People ignore popups" dilemma. The thing is, 99% of people
on the planet either wouldn't know what a change to their boot sector is, or
what to do if one occurs. So they would just leave it and go on with their
root kit installed.

------
mkjackson
This is just disgusting. How in the world did our hardware get hijacked by MS
and nobody anywhere did anything to stop it? Seriously! I can only hope that
there's enough backlash to stop this mockery of consumer freedom to put things
back to the way they are now.

~~~
RobAley
Apple and smartphone manufacturers started the locked down hardware trend,
Microsoft are riding their coat tails to achieve what they've wanted all
along.

To be fair, these standards aren't controlled by Microsoft, but they've thrown
their weight at the manufacturers to make sure the standards are implemented
in a way which grossly favours them as the PC OS incumbent.

But they are using the recent success of Apple & co in consumer circles to
diminish the appearance of their monopoly and make it look as if choices
abound to the consumer.

~~~
adestefan
Locked down hardware started _long_ before smartphones and Apple were even
thought of.

~~~
elehack
Yes, but Apple was the first to make lockdown an acceptable, or even
desirable, thing for general-purpose consumer computing devices on a large
scale. The idea was around, and implemented in a number of places (especially
on phones), but Apple was the first to pull the marketing trick of getting the
world to accept or welcome it in a domain thought of as computing rather than
peripheral or special-purpose devices.

------
dsr_
"That if once you have paid him the Danegeld, You never get rid of the Dane."
-- Rudyard Kipling

------
whalesalad
How the fuck do people tolerate Phoronix? I know they do good reporting and
are awesome in the Linux community ... but good god browsing their website is
like walking through an old minefield in Vietnam. Every other word opens a
popover, popovers on load, popovers if you scroll. Look at the sidebar and an
ad will appear somewhere.

~~~
protomyth
Its because "they do good reporting and are awesome in the Linux community"
(also BSD). If someone else had the same level of reporting, I would go there.
It is not much fun and I tend to hit "Read Later" and read it in InstaPaper.

~~~
ysangkok
<http://h-online.com/open>

------
mathnode
How does this affect me as somebody who builds their own computers for
personal use? Does this only affect vendor sourced desktops i.e. HP, dell etc
?

~~~
jiggy2011
That would depend on the motherboard you bought

------
StavrosK
Can someone explain what the practical advantage of DRMing all our computers
is?

~~~
hk_kh
To perceive the computer as an appliance instead of a piece of hardware.

Alienate the users on their machine, not something that can be hacked, studied
and understood as a computer, instead a piece of magical wisdom.

Dumb down the mainstream user, and tie them up on their products.

"Protect" their software, being the computer just a black box projecting their
knowledge / entertainment.

I hope DRM backfires really hard on the companies advocating for it.

~~~
rimantas

      > To perceive the computer as an appliance instead of a piece of hardware.
    

For many (most?) computers are appliances. Which does not contradict them
being pieces of hardware.

    
    
      > Alienate the users on their machine, not something that can be hacked,
      > studied and understood as a computer, instead a piece of magical wisdom.
    

What a load of bullshit.

    
    
      > Dumb down the mainstream user, and tie them up on their products.
    

It seems it is extremely hard to grasp the simple true: only minority of the
population is interested in being hackers, programmers and IT guys. They just
want to _use_ computers — much the same way like they drive their cars without
any wish and ambition to be a car mechanic. It is not "dumbing down" — it is
freeing them from caring "how do I make this fucking thing work" to just doing
what they want to do: be it browsing Facebook, writing a research paper or
calculating orbit to Mars.

~~~
JoeCortopassi
I'm blown away that this comment is getting down voted. I don't care of you
disagree with Microsoft locking down their boot loader, the above is the _most
accurate_ answer: 99% of users don't know what dual-boot means or care to find
out. This secure boot only helps their experience, even if it's at our expense

~~~
hk_kh
And, that experience is exactly? (I am asking)

In my opinion secure boot just means that my computer is owned by the company
that has certified it.

~~~
JoeCortopassi
Helps them from shooting themselves in the foot. My Grandpa/parents/non-
technical friends could care less about anything other than Facebook, email,
and maybe some Quicken type software. To them, alerts and pop-ups are just
annoying things that they just click on until they go away. For them, 'secure
boot' shuts down one of the possible attack vectors for malware that prey on
this mentality. I know secure boot isn't a good solution, but when a company
can make a change to make 99% of their customer base "feel" more secure, and
in turn drive more sales, they will do it every time. Sucks for people like
us, but hackers (that care about boot loaders) only make up a very small
portion of the market.

------
Karunamon
I'm _really_ having a hard time getting worked up over a $99 key which will
all but completely eliminate boot sector infectors and the like. I think a lot
of this storm and strife comes as a result of who is pushing it, less than the
concept.

~~~
jellicle
It's not the fee that's the problem. It's the permission.

Suppose Wikileaks developed installable software that embarrassed the U.S.
government. Would their key have been revoked, making it impossible for anyone
to run their software? Yes.

~~~
takluyver
You will still be able to run any software on your computer once it has
booted, the signature is for the bootloader. So this would only be an issue if
Wikileaks for some reason had to implement their own operating system. Even
then, users would have the option to disable secure boot and run the unsigned
bootloader.

~~~
Karunamon
..Unless you run on an ARM chipset, at least in the case of Windows. I don't
advocate government intervention often, but I would really like to see that
particular requirement struck down on antitrust grounds.

------
AndrewDucker
Looks like all the distributions are going to be signed with the MS key.

In which case, would it not be worth clubbing together to have a root key
manager, who can take the place of MS in signing packages?

~~~
Albuca
I agree. It looks like all the Distro's will have to jump on the bandwagon so
to speak in order to be used by the new Windows 8 boxes.

Then in this case, why are all the distro's having to shell out to get a
licence key from Microsoft? I know of a lot of small distro's that dont
produce any income, and pay for their webspace out of their own pocket. Why
are we going to force them to purchase a key to allow their distro to run on a
Windows 8 box?

~~~
AndrewDucker
If they don't want Secure Boot then the user can turn it off.

If they do want secure boot then it needs to be signed by _someone_, and none
of the Linux distributors have been willing to step forward and be that
someone.

~~~
Ralith
> If they don't want Secure Boot then the user can turn it off.

Unless you're on ARM, in which case you're screwed.

------
jroll
Does this mean it might be possible to install Ubuntu on ARM devices preloaded
with Windows 8?

~~~
abrowne
No, only on Intel.

From the "Requirements for certifying Windows 8 systems" PDF available at
<http://msdn.microsoft.com/library/windows/hardware/hh748188> :

    
    
        MANDATORY. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified [...]
    
        On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enabled.

~~~
setrofim_

        On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enabled.
    

Does this mean that , on compliant ARM devices, only Windows 8 may be run? If
so, how is this not anti-competitive?

~~~
morsch
If it is anti-competitive, then what? There's no Microsoft monopoly on ARM
they could leverage, they own nothing of that market.

~~~
gareim
I thought it was that anti-competitive actions were illegal (or just heavily
frowned upon?) and monopolies in and of themselves aren't bad, just if they
abuse their power in an anti-competitive way.

~~~
setrofim_
IIRC, it's basically has to be the combinations of the two. Monopolies aren't
illegal in and of themselves. But neither are actions that may be deemed anti-
competitive. It's only illegal when a monopoly (or a dominant player - doesn't
have to be a monopoly) exploits its position to gain further advantage through
anti-competitive actions.

------
yason
Having long lost the appetite to stay on top of PC hardware, could someone
kind please post a pointer to an article that explain what this UEFI
SecureBoot actually means for generic hackers intending to run Linux or
$whatever on their computers? What's all the fuss here?

I know how secure booting works and that it would be detrimental if enforced
unilaterally but I've also read you can just turn off the UEFI SecureBoot from
the equivalent of BIOS settings of these Windows 8 compatible machines.

So, in order to boot into whatever I want, I just tick that check off and go
play with my computer like before? If so, then what's the problem?

------
vog
Why not linking directly to the source?

[http://blog.canonical.com/2012/06/22/an-update-on-ubuntu-
and...](http://blog.canonical.com/2012/06/22/an-update-on-ubuntu-and-secure-
boot/)

~~~
ward
Because, as mentioned in the article, there was more interesting information
to be found in the mailing list, which Phoronix combined into their blog post.

