put up a post about secure boot in response to concerns about its effects on Linux and other operating systems. Microsoft has provided a very detailed explanation of what UEFI secure boot is, and what its benefits are. What Microsoft hasn't done is to actually respond to concerns raised by Matthew Garrett about its secure boot policies. In short, while Microsoft is requiring secure boot to be enabled, its policies do not require that users be able to turn the feature off. As Garrett says, "end user is no longer in control of their PC."Microsoft has
Microsoft's post is fairly lengthy and most of it is spent discussing the actual nuts and bolts of the secure boot features. I've included a few of the diagrams from the post to show how it works, but you should go read it. As a layperson's overview of UEFI secure boot, it's great. As an actual response to the issues that Garrett has raised? It almost completely avoids the topic, and certainly does little to address the issue. Microsoft, through its PR firm, has also declined to comment citing the fact that Windows 8 is still in pre-beta.
The issue at hand is this: Will users and businesses have control over their PCs? The answer is a firm sort of if OEMs choose to support it. Microsoft's Tony Mangefeste says that "the customer is in control of their PC," but then says "OEMs are free to choose how to enable" turning off secure boot. He also doesn't address the issue of adding other OSes to secure boot at all.
One major problem is that OEMs may not choose to expose a way to disable secure boot at all. Says Garrett:
The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC.
Garrett also notes that the secure boot problem isn't a recent discovery. "We became aware of this issue in early August. Since then, we at Red Hat have been discussing the problem with other Linux vendors, hardware vendors and BIOS vendors. We've been making sure that we understood the ramifications of the policy in order to avoid saying anything that wasn't backed up by facts."
Why This Matters
In my previous post, some commenters have questioned whether this is really an issue. It is, and for a number of reasons.
Some suggest that consumers can simply choose to buy machines that have the ability to disable UEFI secure boot, and that the market will sort things out. This has several problems. First, it assumes that consumers will actually be aware of the ramifications when buying a new PC, laptop or tablet and know to shop for a system that allows disabling secure boot. It also assumes that it will be readily obvious whether a system has the ability to shut this off or not. Neither of these are guaranteed, to say the least.
Secondly, and more importantly, it ignores the after-market for PCs. A company that acquires several thousand PCs on lease may decide that it's perfectly fine that the systems have no way to turn off secure boot. However, those PCs ultimately end up being re-sold (after having their disks wiped) and someone else is going to want to install a new OS on them. Maybe a different release of Windows, maybe a Linux distribution, maybe something else entirely. (Who knows what will be available three to five years after the first PCs ship with secure boot?)
Microsoft is also making no provision to allow others to sign their OSes. Garrett says, "there's no central certification authority for UEFI signing keys. Microsoft can require that hardware vendors include their keys. Their competition can't. A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's."
If secure boot is desirable, it shouldn't only be up to Microsoft and the OEMs to be able to load keys onto a system.
It's Not Just a Linux Issue
Garrett is writing from the perspective of a Linux developer, so this has unfortunately been cast as a Linux versus Windows issue. It's really not, at least not exclusively.
It certainly poses a problem for Linux users, but not only Linux users. As stated previously, this poses a problem for anyone who wants to load an operating system onto a machine without the ability to sign it using the OEM signing key. But even if you assume that the PC will have the same copy of Windows throughout its life, it still poses a problem. It affects the ability to swap graphics cards. It affects the ability to install a new network card. It potentially affects the ability to upgrade Windows at a later date.
But let me be very clear, I don't think that Microsoft is pursuing this feature as an anti-Linux effort. Microsoft's motives are actually unimportant, it's the technical effect of the program that concerns me. But if I had to guess at Microsoft's motives, I'd suggest that controlling unauthorized Windows is the first order of business. The second, and more publicly palatable, gain is the perception of enhanced security with Windows 8.
Microsoft has long tried to squash not only "pirated" versions of Windows, but also "grey market" Windows. For example, buying a cheaper copy of Windows intended for system builders rather than a retail release of Windows. Does Microsoft love desktop Linux? No, but it's also well past the days when the specter of a mainstream Linux desktop kept Microsoft execs up at night. Microsoft is now a company that needs to protect its core markets and wring out every penny to keep its investors happy, and part of that is ensuring that people pay up for Windows.
I'm disappointed that Microsoft has taken the approach of appearing to reply to the issue, while not actually doing so.