07.17.12

TechBytes Episode 69: Richard Stallman on Restricted Boot (UEFI), Coreboot, GRUB, and Boot Freedom

Posted in TechBytes at 8:22 am by Dr. Roy Schestowitz

Techbytes 2012

Direct download as Ogg (0:13:28, 5.5 MB)

Summary: The first part of our interview with Richard Stallman covers Restricted Boot and related issues

I first interviewed Richard Stallman about 5 years ago. Yesterday I spoke to him about the subject of much debate in the Free software world right now. Here is a transcript of our conversation.

Dr. Roy Schestowitz: I want to know how big a threat you think the so-called “secure” boot is considered to be to the Free software movement.

Richard StallmanDr. Richard Stallman: It’s a disaster. Well, except that it’s not secure boot that’s a disaster, it’s restricted boot. Those are not the same. When it’s front of the control of the user, secure boot is a security feature. It allows the user to control what programs can run on a machine and thus prevent — you might say — unexpected malware from running. We have to distinguish the unexpected malware such as viruses from the expected malware such as Windows or Mac OS or Flash Player and so on, which are also malware; they have features that hurt the user but users know what they are installing. In any case, what secure boot does is that it causes the machine to only work with (?) programs that are signed with a certain key, your keys. And as long as the user controls which keys they are, then it’s a security feature. However, it can be chained into a set of digital handcuffs when the user doesn’t control the keys. And this [is] happening.

“We have to distinguish the unexpected malware such as viruses from the expected malware such as Windows or Mac OS…”Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot. Now, this is not a security feature. This is abuse of the users. I think it ought to be illegal.

It’s a matter of control by the vendor of course, not control by the user himself

Exactly, and that’s why it’s wrong. That’s why non-free software is wrong. The users deserve to have control of their computers/

I think that not only Windows is going to be an issue in fact, if you consider the fact that even a modified kernel is going to be in a position where it’s perhaps not seen as verified for execution. Right, I’m saying, it might not only be a malicious feature in case of something like Windows running on it, it’s also for — let’s say — a user of the offered operating system but it’s free if the user wants to modify the operating system, for example…

The thing is, if the user doesn’t control the keys, then it’s a kind of shackle, and that would be true no matter what system it is. After all, why is GNU/Linux better than Windows? Not just ’cause it has a different name. The reason it’s better is because it’s freedom-respecting Free software that the users control. But if the machine has restricted boot and the users can’t control the system, then it would be just as bad as Windows. So, if the machine will only run a particular version of GNU/Linux, that is a restriction feature. And I haven’t heard anyone doing that yet with GNU/Linux, but that’s what Red Hat and Ubuntu are proposing to do things — somewhat like that — for future PCs that are shipped for Windows. But it’s not exactly that. And my reason is, the users will be able to change the keys. They will be able to boot their own modified version of the system of Fedora or Ubuntu if they want. So, what Fedora and Ubuntu were proposing doesn’t go all the way there. They’re proposing to do things to make it more convenient for users to install the standard version of those systems. But if things go as it has been announced, users will still be able to change the keys and boot their own versions. So, if all the restricted boot — but it will be something that goes sort of half-way there — it’s somewhat distasteful.

“The thing is, if the user doesn’t control the keys, then it’s a kind of shackle, and that would be true no matter what system it is.”On the other hand, with Android, which is another mostly Free operating system which contains Linux but doesn’t contain GNU, it’s quite common for the product to have something equivalent to restricted boot, and people have to struggle to figure out how they can install a modified and more free version of Android. So, the presence of the kernel Linux in a system doesn’t guarantee it’s going to be better. And I’ve heard someone say — oh, it hasn’t been checked — that a particular or kind of Android device is actually using an Intel chip with restricted boot.

One of the concerns that I think is worth raising is the fact that, as far as I know, with many of the embedded devices, especially those based on ARM, I believe it’s not even possible to get into boot menu to disable so-called “secure”…

That’s where Microsoft is really going all out, because Microsoft has ordered essentially — demanded — that those shipping ARM devices for Windows 8 make it restricted boot with no way to get around it.

Yeah, which also means of course waste of… all sorts of impacts on the environment. Any time that hardware become obsolete with the operating system itself is not being used of course…

“So it’s a very damaging thing that Microsoft is doing and so we need to look for every possible way to stop them or tweak what they’re doing.”Well, it’s worse than that. It means basically that those devices, you have to throw them out if you want to escape to the free world. And this — in the past — we were able to install, to liberate a computer by installing Free software on it instead of its user-restricting operation system, and this of course was tremendously helpful to the spread of GNU/Linux because it meant that users could move to freedom. It would be much harder if they had to buy another computer to do so. So it’s a very damaging thing that Microsoft is doing and so we need to look for every possible way to stop them or tweak what they’re doing.

Well, I wanted to ask you, one of our readers — his name is Will — is asking me if you have seen any new good hardware that can take coreboot.

I’m sorry, what?

One of my readers — a guy called Will — he has asked me if you have seen any new good hardware that can take coreboot.

“So, what we really need to do is make coreboot libre, just as we make Linux libre (which doesn’t have the blobs)…”I don’t know. Basically, I don’t keep track of hardware models. I only remember their names anymore, except for the one I use, which is, the Lemote Yeelong and it doesn’t run coreboot but it will run timar [?] in GRUB, it has a Free BIOS. When it comes it has a Free BIOS, which is why I chose it. But in terms of running coreboot, well, the machine which you run coreboot on are Intel-type machines. Now, there are a couple of… there is a problem, and that is, a lot of the Intel — and also AMD — CPUs require a microcode blob, and coreboot has these microcode blobs, which is the same kind of problem as firmware blobs in Linux. So, what we really need to do is make coreboot libre, just as we make Linux libre (which doesn’t have the blobs), keep (?) the coreboot libre (which doesn’t have the blobs) and then we need to see which processors actually run adequately without any microcode blob. And we’re looking for somebody who wants to lead this project ’cause it takes work. Now, leading this project doesn’t mean that you personally get all these kinds of hardware; oh, no, it would be asking the whole community to test things, but somebody has got to ask the community to do it, spread the word, receive the responses, put them together, and publish the list. Would (?) he like to do that? If he is really interested in having the answer to this question, maybe he’d like to help get the answer, and that would help the whole community.


More from Stallman is to be published in coming days.

We hope you will join us for future shows and consider subscribing to the show via the RSS feed. You can also visit our archives for past shows. If you have an Identi.ca account, consider subscribing to TechBytes in order to keep up to date.

As embedded (HTML5):

Keywords: UEFI Coreboot GRUB GNU FSF

Download:

Ogg Theora

Past shows in this series:

Show overview Show title
Episode 66: Tim and Roy TechBytes Episode 66: First of the Second Series
Episode 67: Tim and Roy TechBytes Episode 67: Nokia Down, Android Up
Episode 68: Roy TechBytes Episode 68: Solo With Patents, Apple Bans, and Android World Domination
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2012/07/17/rms-on-uefi/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. IRC Proceedings: Monday, March 08, 2021

    IRC logs for Monday, March 08, 2021



  2. Links 8/3/2021: Java 16 is Coming and More Software Patents Thrown Out

    Links for the day



  3. Examining Today's EPO Propaganda About the Disastrous EQE, a Subject of Much Scorn and EPO Corruption (Updated)

    The EPO’s e-EQE was a complete and utter disaster; but in an act of overt revisionism (i.e. the usual from this administration) the EPO pretends everything went well, bar a minor glitch lasing a few minutes



  4. The World Wide Web Has Become Proprietary and the Last Remaining 'Major' Browser That Was (Pre-EME) Free Software Is Rapidly Becoming Useless and User-Hostile (It's Monopoly- and Surveillance-Sponsored)

    The World Wide Web seems like a lost cause because Web browsers, which nowadays determine what the de facto standards are (same problem as 20 years ago), are monopolistic when it comes fundamentals like rendering engines (and privacy isn't even an option, users aren't the priority but the product etc.)



  5. Links 8/3/2021: Waffle 1.7.0 and a Look at the New Pardus (19.5)

    Links for the day



  6. Real Feminism is Grassroots, Not a Corporate Ploy (to Improve Image and Sales)

    The insulting publicity stunt many will be exposed to throughout the day is largely a corporate-led Public Relations charade, painting sexist companies as defenders of women



  7. Gemini Capsules and Pages Now Accessible in a Web Browser, Qutebrowser, But Qutebrowser Has Issues

    As noted earlier this morning, it's nowadays possible to access Gemini capsules through a Web browser without any Web proxies; but the (likely) first browser with that capability has numerous big issues



  8. IRC Proceedings: Sunday, March 07, 2021

    IRC logs for Sunday, March 07, 2021



  9. Moving Away From the World Wide Web is a Wise Move, at Least to the Degree Which is Possible

    More Web browsers finally support the Gemini protocol and decentralisation is gaining traction (it's even in mainstream European media right about now)



  10. The Banality of Bribery

    To understand why institutions defend and sometimes even give awards for the very things they claim to be against one must examine the flow of money (with strings attached to it)



  11. When I Discovered People Trafficking in Free/Open Source Software

    Reprinted with permission from Daniel Pocock



  12. Links 7/3/2021: AviDemux 2.7.8, Thunar 4.16.4

    Links for the day



  13. Links 7/3/2021: Sparky 2021.03, SystemRescue 8.00, and FreeBSD 13.0 RC1

    Links for the day



  14. IRC Proceedings: Saturday, March 06, 2021

    IRC logs for Saturday, March 06, 2021



  15. How To Deal With Your Raspberry Spy -- Part V: All The Rest

    The final part of a series on liberating the Raspberry Spy from an untrustworthy OS that secretly adds Microsoft keys and proprietary software repositories of Microsoft



  16. How To Deal With Your Raspberry Spy -- Part IV: Doing The Task

    We now spell out the steps taken to actually replace the Raspberry Pi OS with something more trustworthy



  17. Corporations Do Not Represent Communities and Activists, They Just Exploit Them, Discredit Them, and Hijack Their Hard Work

    The AstroTurfing and the Googlebombing campaigns of large corporations would have us believe that genuine activists are toxic and malicious people, whereas corporations exist to save the world from evil people; don’t fall for those Public Relations tactics (a gross inversion of narrative)



  18. Why the 'Raspberry Spy' Blunder is a Lot More Serious and Profound Than the Corporate Media is Willing to Acknowledge

    As this video points out, the ongoing series by Gavin L. Rebeiro is justified by the fact that the 'Raspberry Spy' Foundation continues to work with and some might say for Microsoft; it sold out millions of customers



  19. Links 6/3/2021: “SLS” Mitigation and Exiv2/KDE Project

    Links for the day



  20. How To Deal With Your Raspberry Spy -- Part III: Fundamentals

    Following the introductory and preliminary parts we dive deeper into the steps taken to replace the Raspberry Pi's GNU- and Linux-based OS with something like NetBSD



  21. Links 6/3/2021: Linux 5.12 RC2 and OpenSUSE Tumbleweed Woes

    Links for the day



  22. IRC Proceedings: Friday, March 05, 2021

    IRC logs for Friday, March 05, 2021



  23. Links 5/3/2021: Qubes OS 4.0.4 Release and Wine's Project Leader is Open to Wayland

    Links for the day



  24. How To Deal With Your Raspberry Spy -- Part II: Introduction

    Following Part I, published a few hours ago, let's examine what happened from a technical perspective and what can be done about it technically



  25. How To Deal With Your Raspberry Spy -- Part I: Acknowledgements

    March 2, 2021 blog post series from a guest author; for some background, see blog posts from Microsoft in the official blog of Raspberry Pi and our response to these



  26. German Decision on Unitary Patent/UPC Will Take Years (and It Doesn't Matter Because the Whole Thing is Dead Already)

    Kluwer Patent Blog's Dr. Bausch explains why the UPC is pretty much doomed, as it cannot be ratified any time soon and probably will never be ratified either (for a multitude of reasons, including Brexit)



  27. Techrights in Australia (IPFS and Gemini)

    Allies in Australia will help Techrights serve material from another server; we're still bettering ourselves for an era of oppressive World Wide Web



  28. Professional Troll Matthew Garrett Spreads Libel, Defamation and Slander About the Free Software Community to Entertain Microsoft and Friends

    After months of parking in our IRC channels to provoke and troll people (and try to collect 'dirt' from responses) the professional troll Matthew Garrett has been for many years shows his true colours again



  29. Links 5/3/2021: Linux 5.12-rc2 Imminent, Linux Lite 5.4 RC1 in Review

    Links for the day



  30. IRC Proceedings: Thursday, March 04, 2021

    IRC logs for Thursday, March 04, 2021


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts