Home opinion-and-analysis Open Sauce 'Secure' boot: much to be scared about

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

'Secure' boot: much to be scared about Featured

The PC market is slowing down. More people are spending the limited money they have on smartphones and tablets. Those who need some measure of grunt to do more resource-intensive tasks are buying laptops. Hence the percentage of those buying readymade systems is increasing and all those machines will come with Windows 8 and secure boot.

Those who buy parts and build their own systems will have a few years free from worry. After that they will see a decreasing number of components as manufacturers cut back. These intrepid souls will finally have to buy readymade devices too. They will also have to savour the delights of secure boot and locked-down computing.

By going along with Microsoft, and not even bothering to join together and raise a stink, the rest of the computer industry has created a situation where Microsoft can surface again a couple of years down the track and lobby for making secure boot mandatory for all devices. After all, the company can argue that secure boot has been widely accepted - this will be true - and nobody has objected. Everyone has adapted and started to use it.

The myth that it contributes to security will be spread again and there will be no defence against secure boot being mandated by governments. Is there any guarantee that the cost of a key to implement secure boot will cost $US99 at that stage? It will turn out to be a nice little earner.

Forno points out that both in technology and the physical world, "security" is a convenient justification to develop and deploy techniques/methods/laws that are used primarily for things like copyright control, censorship, or marketplace dominance than for actual security benefits.

"Some call that an 'abuse' of such items by extending their application far beyond their declared usages - unless, of course, one views 'security' as 'guarding against threats to our profits' as a component of modern "security" practice - which a cynic most certainly might!!!"

A look at what Red Hat and Canonical have done does not give one much optimism either. In Red Hat's case, the entire chain of events in getting a machine to a usable state is governed by signed code. This means that any change in kernel modules, or fixing a kernel bug, will mean that one cannot boot. How about the enthusiasts who compile their own kernels? They will have to conform as well.

Canonical has created its own lock-in; using the method that it has outlined, one can only boot an Ubuntu disc. Of course, the company has reasons for doing this - don't they all?

Debian developers held a 45-minute discussion about secure boot at a camp in Managua recently. Their leader, Stefano Zacchiroli, has not responded to an email I sent him, asking what the project plans to do. We have not heard a peep out of the smaller GNU/Linux projects or companies; Mandriva is still getting back on its feet, SUSE has been quiet. The last two named have one advantage in that they are based in Europe where Microsoft is regarded with much disdain.

A massive potential mess has been created by the approach taken by the non-Microsoft companies. The only firm that has nothing to bother about is Apple which gated its own customers a long time ago. It has its sheep within the pen and had been dictating to them for a long, long time what they can and cannot do.

GNU/Linux users had an illusion of freedom for a while but it looks like they have been sold out by the very companies that have benefitted most from all the code written by those who thought they were following a dream. It looks like it will turn out to be a bad dream.



Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.