Monday, October 17, 2011

Personal Computers are the equivalent of a house or a car, only with less restrictions and more freedom to modify this "domicile of information".
Certain clandestine agencies have been empowered to secretly and remotely modify your "domicile of information", but your freedom of modification has never been disrupted...
Now, however, Microsoft, whose business and clandestine warfare practices are genuinely Fascist, is planning to prevent anybody from modifying their personal computer.

2011-10-17 "Will your computer's "Secure Boot" turn out to be "Restricted Boot"?" by Matt Lee

[http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot]
Microsoft has announced that if computer makers wish to distribute machines with the Windows 8 compatibility logo, they will have to implement a measure called "Secure Boot." However, it is currently up for grabs whether this technology will live up to its name, or will instead earn the name Restricted Boot.
When done correctly, "Secure Boot" is designed to protect against malware by preventing computers from loading unauthorized binary programs when booting. In practice, this means that computers implementing it won't boot unauthorized operating systems -- including initially authorized systems that have been modified without being re-approved.
This could be a feature deserving of the name, as long as the user is able to authorize the programs she wants to use, so she can run free software written and modified by herself or people she trusts. However, we are concerned that Microsoft and hardware manufacturers will implement these boot restrictions in a way that will prevent users from booting anything other than Windows. In this case, a better name for the technology might be Restricted Boot, since such a requirement would be a disastrous restriction on computer users and not a security feature at all.
The potential Restricted Boot requirement comes as part of a specification called the Unified Extensible Firmware Interface (UEFI), which defines an interface between computer hardware and the software it runs. It is software that allows your computer to boot, and it is intended to replace the traditional BIOS. Most Lenovo, HP, and Dell computers ship with UEFI, and other manufacturers are not far behind. All Apple computers ship with EFI and components from UEFI. When booting, this software starts a chain which, using a public key cryptography-based authentication protocol, can check your operating system's kernel and other components to make sure they have not been modified in unauthorized ways. If the components fail the check, then the computer won't boot.
The threat is not the UEFI specification itself, but in how computer manufacturers choose to implement the boot restrictions. Depending on a manufacturer's implementation, they could lock users out of their own computers, preventing them from ever booting into or installing a free software operating system.
It is essential that manufacturers get their implementation of UEFI right. To respect user freedom and truly protect user security, they must either provide users a way of disabling the boot restrictions, or provide a sure-fire way that allows the computer owner to install a free software operating system of her choice. Computer owners must not be required to seek external authorization to exercise their freedoms.
The alternative is frightening and unacceptable: users would have to go through complicated and risky measures to circumvent the restrictions; the popular trend of reviving old hardware with GNU/Linux would come to an end, causing more hardware to be tossed in landfills; and proprietary operating system companies would gain a giant advantage over the free software movement, because of their connections with manufacturers.
We will be monitoring developments in this area closely, and actively campaigning to make sure this important freedom is protected. Our first step is to demonstrate that people value this freedom, and will not purchase or recommend computers that attempt to restrict it.
Please sign our statement to show your support!
[http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement]

Stand up for your freedom to install free software
The following is a public statement, open for signing. For more background, please read our more detailed explanation of the issue at http://fsf.org/campaigns/secure-boot-vs-restricted-boot.
Microsoft has announced that if computer makers wish to distribute machines with the Windows 8 compatibility logo, they will have to implement a measure called "Secure Boot." However, it is currently up for grabs whether this technology will live up to its name, or will instead earn the name Restricted Boot.
When done correctly, "Secure Boot" is designed to protect against malware by preventing computers from loading unauthorized binary programs when booting. In practice, this means that computers implementing it won't boot unauthorized operating systems -- including initially authorized systems that have been modified without being re-approved.
This could be a feature deserving of the name, as long as the user is able to authorize the programs she wants to use, so she can run free software written and modified by herself or people she trusts. However, we are concerned that Microsoft and hardware manufacturers will implement these boot restrictions in a way that will prevent users from booting anything other than Windows. In this case, we are better off calling the technology Restricted Boot, since such a requirement would be a disastrous restriction on computer users and not a security feature at all.
Please add your name to the following statement, to show computer manufacturers, governments, and Microsoft that you care about this freedom and will work to protect it.
---
We, the undersigned, urge all computer makers implementing UEFI's so-called "Secure Boot" to do it in a way that allows free software operating systems to be installed. To respect user freedom and truly protect user security, manufacturers must either allow computer owners to disable the boot restrictions, or provide a sure-fire way for them to install and run a free software operating system of their choice. We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems.

No comments:

Post a Comment