Richard Stallman Speaks About UEFI 549
An anonymous reader writes "Despite weaknesses in the Linux-hostile 'secure boot' mechanism, both Fedora and Ubuntu decided to facilitate it, by essentially adopting two different approaches. Richard Stallman has finally spoken out on this subject. He notes that 'if the user doesn't control the keys, then it's a kind of shackle, and that would be true no matter what system it is.' He says, 'Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot.' Stallman adds that 'this is not a security feature. This is abuse of the users. I think it ought to be illegal.'"
The Right To Read (Score:5, Informative)
Richard's story, The Right To Read [gnu.org], has already sort of predicted this move.
Despite what people say about Restricted Boot, it opens up the world of computers to a whole new set of attacks... by megacorporations like Microsoft.
Re:Crippled Hardware (Score:5, Informative)
Re:Sucks to be a used PC reseller... (Score:4, Informative)
Re:Windows RT-exclusive application (Score:5, Informative)
I'd be quite surprised to see one. The only API that Microsoft allows third-party developers to use on Windows RT is WinRT (well, and web apps of course). Although it is possible to write native apps using WinRT, the dev tools make it very easy to compile those apps for multiple architectures (ARM for Windows RT, x86 and x64 for "normal" Win8). So, unless somebody intentionally limits their market share to Windows RT only, for absolutely no benefit to themselves, I really don't expect to see Windows RT-exclusive apps at all.
Besides, most people will probably write WinRT (Metro-style) apps using a managed language, like C# or Javascript. That gets you compatibility with both Win8 and Windows RT without even the trivial hassle of recompiling.
Re:Crippled Hardware (Score:4, Informative)
The way I see it, if this were about the user, they would allow the user to change the key to whatever the user wants. Then you can sign your own OS.
We've known for a long time [wikipedia.org] that Microsoft wants to lock other OSes out of the hardware.
Re:Shackles (Score:5, Informative)
It is even worse than that - if it is wont be possible to change the certificate on a machine and that certificate get compromized, then it means there is no security anymore neither... The device is now junk after maybe one month of owning it. You need a new device regardless. And dont tell me you have not heard of the certificates for BlueRay and so on being compromised...
BluRay players have a private key to decrypt that can be compromised. Secure Boot only has a public key to verify so it can't be compromised, there's no secret.
The alternative - Microsoft can remotely update the certificate, but that also mean any remote attacker who break the key can change it...
No. If Microsoft was to be hacked and their signing key compromised - a pretty heavy feat of hacking in itself, they'd pull out their root key and revoke that key then create and sign a new signing key. This is PKI 101, you always have a root key for situations like this. Of course if their root key was compromised they're fucked, but that one is deep in a vault deep in the bowels of Microsoft and the only place it'd come out would be in a secure facility to sign a new signing key.
Re:Crippled Hardware (Score:5, Informative)
Don't like it? Go into your BIOS and turn it off. The specification mandates that it have a disable option..
No, no the specification does NOT mandate that it have a disable option. The specification simply does not prohibit providing such an option (for the moment at least). The motherboard manufacturer and/or BIOS makers are completely free to not provide a disable option if they so desire.
Whether the (lack of) option becomes common or not is another thing entirely, of course.
Re:The elephant in the discussion (Score:4, Informative)
No-one wants to pay the Apple tax so they can run Linux on an iPad. Windows tablets would be the cheap end of the market where installing another OS is a sane option... except Microsoft are prohibiting that.
Except that Android tablets are the cheap end of the market (well, some of them are), and already ARE Linux.
Re:Sucks to be a used PC reseller... (Score:4, Informative)
Just because one is paranoid does not mean that nobody is out to get you. Paranoia is a logical reaction when somebody or something *is* out to get you. Considering that the natural progression of government is to expand in size, scope, and power while individual liberty shrinks, OP's reaction is not unreasonable.
"Guard with jealous attention the public liberty. Suspect everyone who approaches that jewel." - Patrick Henry
"The Price of Liberty is Eternal Vigilance." - Thomas Jefferson
"The course of history shows that as a government grows, liberty decreases." - Thomas Jefferson
"There is danger from all men. The only maxim of a free government ought to be to trust no man living with power to endanger the public liberty." - John Adams
I would rather err on the side of caution.
Strat
Re:Shackles (Score:3, Informative)
I don't believe that ripping your own BRD is illegal, this is well-established practice and nobody can seriously complain about it.
Anyway, if you are on OSX, there is no other way than ripping the BRD if you want to watch them.
I don't believe you've met the DMCA. Ripping a DVD or BluRay is illegal.
Re:Sucks to be a used PC reseller... (Score:5, Informative)
The word "PC" comes from "IBM PC compatible"
No it doesn't, it is an abbreviation for the term "Personal Computer". It was in use before there even was an IBM PC.