Home opinion-and-analysis Open Sauce FSF dragging its feet on secure boot

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

The Free Software Foundation is an organisation for which I have the utmost respect. Without it, the whole phenomenon of free and open source sofware would never have come to be.

The FSF has also been at the forefront of efforts to preserve freedom in computing and has stuck to its guns in the face of much criticism.

But on secure boot, it is lagging behind. I am surprised that it has not updated its campaign against secure boot, launched in October 2011, to include relevant facts. A great deal of material in the petition is now outdated and factually incorrect.

For the uninitiated, secure boot is a feature of UEFI, the Unified Extensible Firmware Interface, the new replacement for the BIOS. Microsoft has implemented secure boot, and required hardware vendors to turn it on on any machines that are loaded with Windows 8.

Microsoft's implementation requires the exchange of cryptographic keys to verify that the operating system which is trying to boot on a given machine is authorised to do so.

The keys are issued by a Microsoft-authorised entity, Verisign. Anybody who wishes to obtain a key to boot an operating system on Windows 8 hardware needs to buy one from this same entity.

More background information is available here.

Windows 8 was released on October 26. That means two whole months have passed since machines loaded with this operating system have been available to the public.

Why has the FSF not obtained a few machines and studied how secure boot has been implemented? While the technical specs for secure boot are the same no matter the manufacturer, the UEFI layout appears to differ from one vendor to the other. And there many little quirks associated with secure boot.

If the FSF could not do this, surely it could have commissioned someone to provide a technical description of things as they are?

So why is the FSF dragging its feet? Its campaign lacks credibility at the moment and technical credibility at that. Collecting 40,000 signatures in 14 months is not a sign of strength; this is a small number given the time period.

On the x86 platform, secure boot can be turned off from within the UEFI - but this would be difficult for those who are not somewhat familiar with computers. On the ARM platform, secure boot cannot be turned off.

Microsoft enjoys platform dominance on x86; the possibility of another anti-trust suit could well present itself if there was not some means of turning off secure boot. This is why the facility has been offered.

The ARM platform is not dominated by any operating system, not yet anyway. Given this, there is no need for Microsoft to fear court action if secure boot cannot be turned off.

These are facts that people need to know. The FSF needs to update its petition and get its act together fast.


Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.