I wanted to write about the Linux boot and UEFI from a while now, but I figured out is better to learn first more about the issue and take a deep breath before taking a position. In the meantime, many faces of the debate were talked in various places, so I think I have a better grasp.
From the beginning, when people started talking about Secure Boot some warned about the treat to Free Software, but they were pretty much dismissed by many as a bunch of hippies following the smelly RMS, we'll surely find a way around when will get to it. Now, after mjg wrote a long technical pieces about the struggles of making Fedora boot on UEFI with Secure Boot enabled, we can the alarmists were right and Microsoft managed to give a fatal blow to Free Software on the desktop with the help of many hardware manufacturers.
The problem is Free Software won't be able to co-exist with Windows and keep its freedom, people will have to make the choice: break-up totally with Windows (really hard in the computing landscape of today) or give away one of the fundamental freedoms granted by GPL (modify and distribute the software). Sure, this is not a problem in the server world, where you can safely turn Secure Boot off and live happily (boot malware does not affect Linux) as this is not a problem in the enterprise desktop in the places where the game is Linux-only. It is a problem in the hobbyist space, where people play with different stuff all the time and is a problem with adoption, when new potential users will have their computers locked to Windows. It is also not a Linux problem, is a Free Software problem, if you give away freedoms, you can still run Linux.
I can see how people wanting to run Linux and Windows 8 (let aside me not understanding why anyone would want to use Windows 8, it's a turd, from the same category with GNOME Shell, a tabled interface shoehorned into a desktop) will enter BIOS(UEFI) at every boot and change the Secure Boot flag according with the OS they are going to start (time wasting and annoying). And you will have to turn it off, don't expect things like drivers or kernel modules from RPM fusion or similar sources to receive certificates, after all they distribute software with legal restrictions in the US, the home of the certification authority.
So short term disable Secure Boot, keep Windows 7 if you have to dual boot, put your own keys inside BIOS(UEFI), pay, there seem to be some solutions. How about long term? I expect "pirates" will crack Windows 8 anyway and make it boot without Secure Boot. Then, in one or two releases Microsoft will change the logo specifications, Secure Boot will be mandatory with no BIOS option to turn it off - we must defend ourselves from evil pirates and malware writers and over 90% of the computers, "designed for Windows", will be unable to run a Free Software operating system (Linux desktop is busy chasing windmills with user interface experiments, so it won't gain significant market share).
My prevision is even more grim: by that time Windows will move to allowing installs only from the "app store" and Free Software applications will be out (remember, apps like Firefox, LibreOffice or even GIMP have the bulk of the users on Windows). By that time Free Software will be dead and buried, wanting a Microsoft alternative we will have the choice of Google Chrome with everything in the "cloud".
Quite negative so far, right? There should be a solution I see... yes, I think the Free Software world should refuse Microsoft's proposal for Secure Boot. Some FOSS developers argue having a secure boot process can be a good thing, while they may be right, here is not the case, Microsoft proposal is broken by design, we should not endorse it, join the opposition and get the anti-trust regulators to make something, all while teaching people how to change BIOS settings and generate and install own keys. I don't see any important player endorsing the FSF petition: Fedora is not there, Red Hat is not there, Debian is not there, Canonical is not there, Ubuntu is not there, Mint is not there... not any distro is there. And this is a bad thing.
The solution is as easy as "don't buy hardware that will not allow other OS-es to boot". If there is enough market for this hardware, vendors will provide. If not, Linux and other OS-es are failures and we should all buy Windows 8 and Macs.
ReplyDeleteMy personal opinion is that hardware vendors will be more than willing to accomodate Linux users. There is simply no benefit to them to ignore people who want to run custom operating systems, so they won't.
It's also my personal opinion that trying to force Microsoft to do or not do one thing is morally wrong. They should have as much freedom like you and me to do whatever they want with their products and their money. Their products should be fought with better alternatives, not by interfering with their (flawed, I agree) business strategies.
There is not enough of a market, desktop Linux is, IIRC, around 2% and not growing. Buying certain hardware may work for some (hobbyist, enterprise, server) but won't help with adoption: take the case of someone currently running Windows, having problems with it and Linux being a better solution for him. Tell him "Linux is better for you but your PC is not good (UEFI), you need to buy another one" and watch how he goes and download a cracked Windows from TPB before you manage to end the sentence (actually he CAN use Linux, just a non-Free Linux).
DeleteMicrosoft is a monopoly, they use this position to strongarm manufacturers into adopting a broken Secure Boot and locking away competition. If that is not illegal monopoly abuse, I don't know what is.
I see this as being not worse than telling a iPhone user that if he wants Android they need to buy another phone. Some choices are hard and more expensive in the end. The solution is to educate the stupid user to think before they buy locked in hardware, not interfering with another company. Anyway, I think there will probably always be a way to unlock even the most restrictive hardware.
DeleteAlso, Microsoft is not a monopoly: "A monopoly exists when a specific person or enterprise is the only supplier of a particular commodity". Notice the "only" there. One can get all Microsoft products' equivalents from other vendors too - dekstops, servers, phones, and so on. They are the dominant player only in the desktop OS market and some enterprise apps market, which are not the most important and not the fastest growing markets. Microsoft is simply not that important anymore.
Scroll down that Wikipedia page to the part about 'If a company has a dominant position, then there is "a special responsibility not to allow its conduct to impair competition on the common market"' and they still get that position on the desktop computers market.
DeleteYour iPhone comparison is flawed since Apple is just one of the mobile phone vendors, they are not even the market leader. And is flawed since while mobile phones have a tradition of closed platforms, PCs have a tradition of open platforms, where people used to be able to install anything.
...and by having their way on Secure Boot/UEFI with hardware manufacturers and the rest of the industry, Microsoft just proves they are still that important.
DeleteMicrosoft have OEM by the balls , if they don't listen no windows licences
DeleteCould you survive with that in a Windopoly as a OEM ?
No this is why they pay the Microsoft tax for everything : phones , laptops
Without Microsoft help android phones and laptops would way cheaper
http://www.reuters.com/article/2012/06/11/us-computex-wintel-idUSBRE85905120120611
This article has a valid point, but it could certainly use a proofread.
Deletei won't deny, my English is not that good and i am struggling to improve it
DeleteIt's pointless and sophomoric to debate whether or not Microsoft is a monopoly. Choosing one alternative or the other will have zero impact on anything else.
ReplyDeleteWhat Microsoft is a big company with all the influence that accompanies their size and success, and they are not afraid to wield that influence. They also make very popular products. People do buy Windows and Office because they want to, not because some corporate overseer forces them to use the. That's contrary to a lot of free software dogma, but it is true.
Hardware vendors will release Secure Boot devices. They would do that even if Microsoft did not pressure them into doing so because they cannot afford releasing hardware that cannot run Windows 8. Predicting that the existence of Linux will lead vendors to release non-Secure Boot hardware is simply wishful thinking.
Trying to eliminate a channel for compromising an OS before boot is a good and useful thing. Free software should endorse that in principle, or risk the public labeling free software advocates as supporters of computer crime. The Linux and free software communities should focus on convincing the people who make purchasing decisions for corporations and institutions that they have a reason to oppose the opt-out version of secure boot. They need to understand that the odds are slim that they will never want to run non-MS code on their machines. The two communities should declare support of an opt-in support to Secure Boot and seek corporate support for that stance.
Good article, Nicu.
ReplyDeleteThough Microsoft may have undue influence on the hardware industry, this is not the end game. FOLLOW THE MONEY. This is about forcing users to buy new hardware. Something hardware companies are very willing to help with. You may be forced to install Windos only on UEFI hardware at some point (if not now, please forgive my ignorance). Frankly, I dont think they care about Linux' rise to the desktop. Its really not a threat, unfortunately.
ReplyDeleteI also think killing the competition is only icing on the cake fro Microsoft (desktop Linux is a sad joke, even if I use it day by day)... I also think boot malware is only a pretense, the real Microsoft goal being to stop "piracy", with Secure Boot people will be able only to install a genuine, licensed and paid version of Windows.
DeleteIt's even worse, as MS will all too soon introduce "DRM secure Boot" at the behest of the MAFIAA, coupling the worst excesses of brutal EEE business modelling with the outright monopolistic greed of the MPAA and RIAA.
ReplyDeleteWatch this space.
It's naive to think that Microsoft feels threatened by Linux on the desktop and it has zero impact on any of their decision making. Even Ubuntu commands a microscopic share of the desktop market, and it's the strongest competitor on the scene. Linux doesn't stand a snowball's chance in Hell on the desktop. It's too unrefined, too fragmented and too obscure.
ReplyDeleteFull Disclosure: I use a Macbook Pro for daily use, Windows 7 for gaming and Ubuntu Server for my personal home media/file server. I spend my days working on Windows computers and servers.
I think you read my post really fast and didn't notice I don't argue Microsoft is targeting desktop Linux, this is pretty much an anti-"piracy" move which kills Free software as a side effect. And I somewhat agree with you: desktop Linux is killing itself by dumbing-down interfaces and removing features left and right.
DeleteThe distros are buying keys (including mine), and it DOES protect from some bootstrap attacks which Linux absolutely is vulnerable too. I just don't see how this is as bad as people are making it out to be.
ReplyDeleteso your users still retain freedom 3 "to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits"? no, they don't, since they are forced to buy themselves a key in order to be able to do that.
DeleteThey are still free to buy their own key. They are also still free to release their improvements to be used with non UEFI kernels. The source is not closing here in any way.
Deletethey are not free to buy the key, but forced to do that, the distro will become less free. yes, the source will remain free, but you will distribute some binaries the users won't be able to re-create from sources, since they will lack the signing key.
Delete"they are not free to buy the key, but forced to do that"
ReplyDeleteNo one is twisting their arms.
", the distro will become less free. yes, the source will remain free, but you will distribute some binaries the users won't be able to re-create from sources, since they will lack the signing key."
They already don't have my private package signing key (for example), what's the difference. Read up more about UEFI, I don't think you understand it well enough yet.
Heya, just a head up: Debian has just signed the Secure^WRestricted boot petition, see http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
ReplyDeleteCongratulations to the Debian community! The *only* distro doing it so far.
Delete