Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> UEFI: stand up for your freedom to install free software
redman
 Posted: Oct 18 2011, 10:27 AM
Quote Post


SLF Admin
********

Group: Admins
Posts: 1566
Member No.: 2
Joined: 8-April 11









The Free Software Foundation started a campaign to make people aware of the risks concerning UEFI:
QUOTE
Microsoft has announced that if computer makers wish to distribute machines with the Windows 8 compatibility logo, they will have to implement a measure called "Secure Boot." However, it is currently up for grabs whether this technology will live up to its name, or will instead earn the name Restricted Boot.

When done correctly, "Secure Boot" is designed to protect against malware by preventing computers from loading unauthorized binary programs when booting. In practice, this means that computers implementing it won't boot unauthorized operating systems -- including initially authorized systems that have been modified without being re-approved.

This could be a feature deserving of the name, as long as the user is able to authorize the programs she wants to use, so she can run free software written and modified by herself or people she trusts. However, we are concerned that Microsoft and hardware manufacturers will implement these boot restrictions in a way that will prevent users from booting anything other than Windows. In this case, we are better off calling the technology Restricted Boot, since such a requirement would be a disastrous restriction on computer users and not a security feature at all.


They have written a statement:
QUOTE
We, the undersigned, urge all computer makers implementing UEFI's so-called "Secure Boot" to do it in a way that allows free software operating systems to be installed. To respect user freedom and truly protect user security, manufacturers must either allow computer owners to disable the boot restrictions, or provide a sure-fire way for them to install and run a free software operating system of their choice. We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems.


You can read all about it and sign it here.


--------------------
What is SL? - Forum Rules - Info on 3rd Party Repos

Desktop: ASUS P5QPL-AM, Intel Dual-Core E6500, 4GB DDR2, ASUS GeForce GT 430 1GB, SL6.5 x86_64
Laptop: ASUS X58L, Intel Dual-Core T3200, 3GB DDR2, Intel GMA X3100, RHEL6.6 x86_64
Test box: Intel S5000PSL, 2x Intel Xeon E5310, 8GB ECC DDR2 FB-DIMM, ASUS GeForce GT 220 1GB, SL6.5 x86_64
PM
^
zxq9
 Posted: Oct 20 2011, 11:42 PM
Quote Post


SLF Advocate
*****

Group: Members
Posts: 376
Member No.: 611
Joined: 5-August 11









This is, in a sense, not very different from current DRM schemes (like the whole "Sony suing George Hotz" issue). At the moment UEFI is conceptually (well, in most aspects even technically) no different from the way that jail schemes work on systems like the PS3 or jailed phones.

The difference is we're not saying the term "DRM".

But that is where this is going. UEFI = DRM as relates to operating systems on PC hardware, as opposed to operating systems on proprietary design spec hardware.

And this means it is no different from me selling you a car with a lock on the hood and getting the government to back my legal assertion (via their monoply on violence that citizens in most countries outside the US have voted away their personal rights on) that you don't own the car, you merely licensed it and are forbidden not only from picking, breaking or otherwise opening or circumventing the lock, but also from understanding the workings of the lock and especially expressing your understanding of the lock to others.

None of this makes sense, and all of this is quite dangerous.

But the percentage of the public that will freak out about the letters "DRM" is much larger than the percentage that even know what "UEFI", "TrustedBoot" or the other symantically identical terms mean -- which is why the DRM Clan is moving in the direction of confusing the issue by inventing new marketing terms for these schemes.

To really push back against this and raise public awareness we need to coin a new term that encompasses and represents all such schemes. If we invent our own anti-marketing term such along the lines of "Crypt Locking Mechanism" (which conveniently reduces to "CLM" which recalls "DRM") then we can illustrate the issue easily by publicly asking questions about new customer constraint schemes as they relate to the "CLM" definition.

So, instead of waging public awareness campaigns to spread understanding of what this or that acronym is, we can instead simply equate [New sneaky DRM scheme] == CLM in the public discourse and people can instantly recognize what the issue is.

Yeah, the SL forums probably aren't the best place to push an idea like this. But I think you catch my drift. If I have time I'll write a more correct blog post about this as a reference in the event anyone wants to actually pursue this issue. It is of the utmost importance, but I just don't know if anyone is even paying attention.
PMEmail PosterUsers Website
^
zxq9
 Posted: Oct 20 2011, 11:48 PM
Quote Post


SLF Advocate
*****

Group: Members
Posts: 376
Member No.: 611
Joined: 5-August 11









I forgot. In other news the ultimate campaign against this sort of thing has nothing to do with software, but hardware. If any x86 or PPC chip makers continue to make chips that are competitive on the cycle/price line but do not have such CLM mechanisms built into them, then buying and promoting only those chips and not the ones that enable CLM schemes in the first place is the best way to defeat this sort of thing.

Does that mean you won't be able to enable a TrustedBoot feature on your own computer? Yes. It does mean that.

Do you really need to worry about an Evil Maid attack because you're such an overwhelmingly important espionage target? No. Even when I really was an overwhelmingly important espionage target this sort of attack was pretty low on my threat continuum. But anyway, governments may need this. Extremely sensitive and expensive corporate secrets may need this sort of protection. But you and I don't to do our daily work or safely use online banking sites. There are other methods of verification which are workable and do not require the hardware to lock out "foreign" operating systems.

Besides, all this stuff gets cracked within a few weeks of release (if not before) anyway, so what is the use other than to lock out the legitimate users from doing interesting things to their own systems?
PMEmail PosterUsers Website
^
redman
 Posted: Oct 21 2011, 10:41 AM
Quote Post


SLF Admin
********

Group: Admins
Posts: 1566
Member No.: 2
Joined: 8-April 11









QUOTE (zxq9 @ Oct 21 2011, 01:48 AM)
Besides, all this stuff gets cracked within a few weeks of release (if not before) anyway, so what is the use other than to lock out the legitimate users from doing interesting things to their own systems?

The fact that anything can be cracked (or hacked) is not relevant. It is about the fact that others decide for you that you can ONLY use software on it that has been approved by someone else with the result that youc an ONLY use Windows on a pc. That goes against your rights and freedom (you buy a product, you have the right to use it the way you want. Compair it to buying a car where the car manufacturer decides you can only drive it on the highway and when on other roads the engine automatically shuts down...


--------------------
What is SL? - Forum Rules - Info on 3rd Party Repos

Desktop: ASUS P5QPL-AM, Intel Dual-Core E6500, 4GB DDR2, ASUS GeForce GT 430 1GB, SL6.5 x86_64
Laptop: ASUS X58L, Intel Dual-Core T3200, 3GB DDR2, Intel GMA X3100, RHEL6.6 x86_64
Test box: Intel S5000PSL, 2x Intel Xeon E5310, 8GB ECC DDR2 FB-DIMM, ASUS GeForce GT 220 1GB, SL6.5 x86_64
PM
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll