11.29.12

Gemini version available ♊︎

UEFI Apologists Versus Germany’s Government Judgment on UEFI Insecurity

Posted in Europe, GNU/Linux, Kernel, Security at 5:31 pm by Dr. Roy Schestowitz

Flag of Germany

Summary: Proponents of UEFI support, who are sometimes Mono proponents as well, may struggle to reason in favour of crippleware given the way UEFI rejects Linux and the reasons the German authorities reject UEFI

T

HE Windows franchise is collapsing (ignore the Microsoft PR machine, which we’ll address in a separate post), so Microsoft created a breed of machines that won’t boot Linux. One blogger writes:

So do not buy that new shiny computer without knowing what pitfalls you may have to overcome in order to run a free operating system. As a footnote, the Secure Boot link is from an article on the Linux Foundation’s efforts written on ZDNet’s website all about how Microsoft is delaying the keys for Linux. Hmm, just one more reason to buy new equipment from alternate retailers that put Linux first or buy used.

Bottomley and the Linux Foundation cannot say much after they sold out (Novell plays a role for both) and Michael Larabel writes:

James Bottomley wrote a new blog post this morning about why the Linux Foundation really isn’t concerned about UEFI SecureBoot on ARM hardware (smart-phones, tablets, etc) compared to the work they are doing on x86 PCs with UEFI SecureBoot support for Linux.

Last month the Linux Foundation announced their UEFI SecureBoot plans for dealing with Microsoft Windows 8 PCs. Their plans basically equated to legally obtaining a Microsoft key and signing a small pre-bootloader that in turn could chain load a predesignated boot loader that would in turn boot Linux or any other operating system without having to deal with the SecureBoot mess. The signed pre-bootloader will be available from the Linux Foundation web-site for anyone to use along with the source-code, albeit not their private key. The foundation is still working to obtain a SecureBoot key and their SecureBoot focus has just been for x86 hardware.

With Linux users wondering why the Linux Foundation isn’t diving into some SecureBoot solution for ARM, James Bottomley wrote a lengthy explanation.

We also saw some feedback from vocal UEFI apologists, who are sometimes the same people who promote Mono. Yes, promoters of Microsoft’s (and Novell’s) Mono also promote or downplay the issues with Microsoft’s UEFI demands, but we won’t be linking to them. They provoke against this site. Anyway, here is the original post that seeded this debate. It says:

The answer to this comes in several parts: firstly in the PC space, Microsoft has an effective headlock on the OEM and ODMs: no desktop PC ships without a Windows compatibility sticker (the situation is different in the server market, but this is specifically about desktop PCs). Therefore in order to continue simply booting Linux on laptops and desktops, it is a huge priority to find a solution to this problem. Secondly: in the overall mobile marketplace, which encompasses tablets and smartphones, Microsoft has a very tiny presence: somewhere between 2-5%. Linux (Android) has the majority presence: by some counts, Android is >50% in this market space with Apple a close second. Therefore, a Microsoft mandate in an industry where they have no dominance is simply not really threatening (unlike the PC space where they have complete dominance).

The German authorities have already banned UEFI for their own use/machines on the face of it. So-called ‘secure’ boot is bad for national security. The “German government issues white paper on secure boot,” writes LWN:

A press release from FSF Europe (issued November 20) welcomes a white paper from the German federal government on trusted computing and secure boot. “Another demand by the FSFE is addressed by the government’s white paper. That before purchasing a device, buyers must be informed concisely about the technical measures implemented in this device, as well as the specific usage restrictions and their consequences for the owner: ‘Trusted computing security systems must be deactivated (opt-in principle)’ when devices are delivered… And ‘Deactivation must also be possible later (opt- out function) and must not have any negative impact on the functioning of hard- and software that does not use trusted computing functions.’” The white paper is in essence a non-binding call to manufacturers, but is significant as a statement from a major national government against restrictions imposed via secure boot that may foreshadow more significant government action. The white paper is available in both English and German.

The war on UEFI should carry on until this malpractice is eradicated. It is a defect, not a feature. It gives remote control over hardware.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

3 Comments

  1. Michael said,

    November 29, 2012 at 10:26 pm

    Gravatar

    MS does not make the machines in question.

    Cai6zohp Reply:

    “MS does not make the machines in question.”

    … and obviously MS does not impose these restrictions to OEM either !

    Michael Reply:

    Is there any evidence they do? If there is then fine… but even then it would only be on machines that ship with Windows. MS cannot make demands about machines that ship with other OSs.

DecorWhat Else is New


  1. [Meme] Rowing to the Bottom of the Ocean

    The EPO‘s Steve Rowan (VP1) is failing EPO staff and sort of “firing” workers during times of crisis (not at all a crisis to the EPO’s coffers)



  2. EPO Gradually Reduced to 'Fee Collection Agency' Which Eliminates Its Very Own Staff

    Mr. Redundancies and Mr. Cloud are outsourcing EPO jobs to Microsoft and Serco as if the EPO is an American corporation, providing no comfort to long-serving EPO staff



  3. Linux Foundation 2021 Annual Report Made on an Apple Mac Using Proprietary Software

    Yes, you’re reading this correctly. They still reject both “Linux” and “Open Source” (no dogfooding). This annual report is badly compressed; each page of the PDF is, on average, almost a megabyte in size (58.8 MB for a report of this scale is unreasonable and discriminates against people in countries with slow Internet connections); notice how they’re milking the brand in the first page (straight after the cover page, the 1991 ‘creation myth’, ignoring GNU); remember that this foundation is named after a trademark which is not even its own!



  4. Links 7/12/2021: OpenIndiana Hipster 2021.10 and AppStream 0.15

    Links for the day



  5. Microsoft “Defender” Pretender Attacks Random Software That Uses NSIS for installation; “Super Duper Secure Mode” for Edge is a Laugh

    Guest post by Ryan, reprinted with permission



  6. Links 6/12/2021: LibreOffice Maintenance Releases, Firefox 95 Finalised

    Links for the day



  7. “Wintel” “Secure” uEFI Firmware Used to Store Persistent Malware, and Security Theater Boot is Worthless

    Guest post by Ryan, reprinted with permission



  8. No Linux Foundation IRS Disclosures Since 2018

    The publicly-available records or IRS information about the Linux Foundation is suspiciously behind; compared to other organisations with a "tax-exempt" status the Linux Foundation is one year behind already



  9. Jim Zemlin Has Deleted All of His Tweets

    The Linux Foundation‘s Jim Zemlin seems to have become rather publicity-shy (screenshots above are self-explanatory; latest snapshot), but years ago he could not contain his excitement about Microsoft, which he said was "loved" by what it was attacking. Days ago it became apparent that Microsoft’s patent troll is still attacking Linux with patents and Zemlin’s decision to appoint Microsoft as the At-Large Director (in effect bossing Linus Torvalds) at the ‘Linux’ Foundation’s Board of Directors is already backfiring. She not only gets her whole salary from Microsoft but also allegedly protects sexual predators who assault women… by hiring them despite repeated warnings; if the leadership of the ‘Linux’ Foundation protects sexual predators who strangle women (even paying them a salary and giving them management positions), how can the ‘Linux’ Foundation ever claim to represent inclusion and diversity?



  10. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him

    Balabhadra (Alex) Graveley has warrant for his arrest, albeit only after a lot of harm and damage had already been done (to multiple people) and Microsoft started paying him



  11. The Committee on Patent Law (PLC) Informed About Overlooked Issues “Which Might Have a Bearing on the Validity of EPO Patents.”

    In a publication circulated or prepared last week the Central Staff Committee (CSC) of the EPO explains a situation never explored in so-called 'media' (the very little that's left of it)



  12. Links 6/12/2021: HowTos and Patents

    Links for the day



  13. IRC Proceedings: Sunday, December 05, 2021

    IRC logs for Sunday, December 05, 2021



  14. Gemini Space/Protocol: Taking IRC Logs to the Next Level

    Tonight we begin the migration to GemText for our daily IRC logs, having already made them available over gemini://



  15. Links 6/12/2021: Gnuastro 0.16 and Linux 5.16 RC4

    Links for the day



  16. Links 5/12/2021: Touchpad Gestures in XWayland

    Links for the day



  17. Society Needs to Take Back Computing, Data, and Networks

    Why GemText needs to become 'the new HTML' (but remain very simple) in order for cyberspace to be taken away from state-connected and military-funded corporations that spy on people and abuse society at large



  18. [Meme] Meanwhile in Austria...

    With lobbyists-led leadership one might be led to believe that a treaty strictly requiring ratification by the UK is somehow feasible (even if technically and legally it's moot already)



  19. The EPO's Web Site is a Parade of Endless Lies and Celebration of Gross Violations of the Law

    The EPO's noise site (formerly it had a "news" section, but it has not been honest for about a decade) is a torrent of lies, cover-up, and promotion of crimes; maybe the lies are obvious for everybody to see (at least EPO insiders), but nevertheless a rebuttal seems necessary



  20. The Letter EPO Management Does Not Want Applicants to See (or Respond to)

    A letter from the Munich Staff Committee at the EPO highlights the worrying extent of neglect of patent quality under Benoît Battistelli and António Campinos; the management of the EPO did not even bother replying to that letter (instead it was busy outsourcing the EPO to Microsoft)



  21. IRC Proceedings: Saturday, December 04, 2021

    IRC logs for Saturday, December 04, 2021



  22. EPO-Bribed IAM 'Media' Has Praised Quality, Which Even EPO Staff (Examiners) Does Not Praise

    It's easy to see something is terribly wrong when the people who do the actual work do not agree with the media's praise of their work (a praise motivated by a nefarious, alternate agenda)



  23. Tux Machines is 17.5 Years Old Today

    Tux Machines -- our 'sister site' for GNU/Linux news -- started in 2004. We're soon entering 2022.



  24. Approaching 100

    We'll soon have 100 files in Git; if that matters at all...



  25. Improving Gemini by Posting IRC Logs (and Scrollback) as GemText

    Our adoption of Gemini and of GemText increases; with nearly 100,000 page requests in the first 3 days of Decembe (over gemini://) it’s clear that the growing potential of the protocol is realised, hence the rapid growth too; Gemini is great for self-hosting, which is in turn essential when publishing suppressed and controversial information (subject to censorship through blackmail and other ‘creative’ means)



  26. Links 4/12/2021: IPFire 2.27 Core Update 162 and Genode OS Framework 21.11

    Links for the day



  27. Links 4/12/2021: Gedit Plans and More

    Links for the day



  28. Links 4/12/2021: Turnip Becomes Vulkan 1.1 Conformant

    Links for the day



  29. IRC Proceedings: Friday, December 03, 2021

    IRC logs for Friday, December 03, 2021



  30. Links 4/12/2021: EndeavourOS Atlantis, Krita 5.0.0 Beta 5, Istio 1.11.5, and Wine 6.23; International Day Against DRM (IDAD) on December 10th

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts