Home opinion-and-analysis Open Sauce FSF dragging its feet on secure boot

FSF dragging its feet on secure boot

The Free Software Foundation is an organisation for which I have the utmost respect. Without it, the whole phenomenon of free and open source sofware would never have come to be.

The FSF has also been at the forefront of efforts to preserve freedom in computing and has stuck to its guns in the face of much criticism.

But on secure boot, it is lagging behind. I am surprised that it has not updated its campaign against secure boot, launched in October 2011, to include relevant facts. A great deal of material in the petition is now outdated and factually incorrect.

For the uninitiated, secure boot is a feature of UEFI, the Unified Extensible Firmware Interface, the new replacement for the BIOS. Microsoft has implemented secure boot, and required hardware vendors to turn it on on any machines that are loaded with Windows 8.

Microsoft's implementation requires the exchange of cryptographic keys to verify that the operating system which is trying to boot on a given machine is authorised to do so.

The keys are issued by a Microsoft-authorised entity, Verisign. Anybody who wishes to obtain a key to boot an operating system on Windows 8 hardware needs to buy one from this same entity.

More background information is available here.

Windows 8 was released on October 26. That means two whole months have passed since machines loaded with this operating system have been available to the public.

Why has the FSF not obtained a few machines and studied how secure boot has been implemented? While the technical specs for secure boot are the same no matter the manufacturer, the UEFI layout appears to differ from one vendor to the other. And there many little quirks associated with secure boot.

If the FSF could not do this, surely it could have commissioned someone to provide a technical description of things as they are?

So why is the FSF dragging its feet? Its campaign lacks credibility at the moment and technical credibility at that. Collecting 40,000 signatures in 14 months is not a sign of strength; this is a small number given the time period.

On the x86 platform, secure boot can be turned off from within the UEFI - but this would be difficult for those who are not somewhat familiar with computers. On the ARM platform, secure boot cannot be turned off.

Microsoft enjoys platform dominance on x86; the possibility of another anti-trust suit could well present itself if there was not some means of turning off secure boot. This is why the facility has been offered.

The ARM platform is not dominated by any operating system, not yet anyway. Given this, there is no need for Microsoft to fear court action if secure boot cannot be turned off.

These are facts that people need to know. The FSF needs to update its petition and get its act together fast.


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.