FSF on Secure Boot
There has been a lot of heated discussion about the upcoming Restricted/Secure Boot requirement from Microsoft for its new Windows 8 OS, and how it will be implemented in the new BIOS defined by the UEFI standard. Free Software Foundation recently posted a nice write up of what this means to the FOSS movement, including Fedora's and Ubuntu's attempts to work with and around the issue.
Also, it's interesting to note the distinction which has been made by Microsoft and the phone industry between the x86 PC and ARM platforms. The former has had a tradition of openness since the early IBM PC, with an environment for hardware and software makers, third part producers of all kinds, and hobbist to thrive. There is a large and healthy hardware industry offering extensions, additions, upgrades and alternatives for every main component of the PC. Likewise, there is a vast selection of applications, utilities, games for many different OSes. This is in stark contrast to the various ARM platforms, which are typically completely locked down like Apple's devices, or very hard to change the OS like most Android devices. Microsoft is now taking this further, and creating its own "locked garden" around its new ARM based tablets. FSF takes a strong stand against this.
Here are some excerpts from the FSF paper, with my emphasis:
We have been working hard the last several months to stop Restricted Boot, a major threat to user freedom, free software ideals, and free software adoption. Under the guise of security, a computer afflicted with Restricted Boot refuses to boot any operating systems other than the ones the computer distributor has approved in advance. Restricted Boot takes control of the computer away from the user and puts it in the hands of someone else.
To respect user freedom and truly protect user security, computer makers must either provide users a way of disabling such boot restrictions, or provide a sure-fire way that allows the computer user to install a free software operating system of her choice.
Distributors of restricted systems usually appeal to security concerns. They claim that if unapproved software can be used on the machines they sell, malware will run amok. By only allowing software they approve to run, they can protect us.
This claim ignores the fact that we need protection from them. We don't want a machine that only runs software approved by them -- our computers should always run only software approved by us. We may choose to trust someone else to help us make those approval decisions, but we should never be locked into that relationship by force of technological restriction or law. Software that enforces such restrictions is malware. Companies like Microsoft that push these restrictions also have a terrible track record when it comes to security, which makes their platitudes about restricting us for our own good both hollow and deceitful.
Secure Boot, done right, embodies the free software view of security, because it puts users -- whether individuals, government agencies, or organizations -- in control of their machines. Our thought experiment to demonstrate this is simple: Microsoft may be worried about malware written to take over Windows machines, but we view Windows itself as malware and want to keep it away from our machines. Does Secure Boot enable us to keep Windows from booting on a machine? It does: We can remove Microsoft's key from the boot firmware, and add our own key or other keys belonging to free software developers whose software we wish to trust.
We will fight Microsoft's attempt at enforcing Restricted Boot on ARM devices like smartphones and tablets.Like any other computer, users must be able to install free software operating systems on these devices. We will monitor Microsoft's behavior to make sure they do not deceive the public again by expanding these restrictions to other kinds of systems.