05.17.13
UEFI Restricted Boot Good for Microsoft Agenda, Not for Security
Lock-in, not security
Summary: News and analysis of UEFI ‘secure boot’ (lockdown), including the new role played by the Microsoft-funded SUSE
The UEFI Forum contacted me yesterday, seeking to arrange an interview with UEFI executives. I clarified that my intent is to focus on the impact UEFI has on freedom and choice. It’s not just a Microsoft problem, but Microsoft uses a ‘feature’ in UEFI to impede adoption of GNU/Linux.
Novell, which is close to Microsoft not just due to CPTN (Novell was funded by Microsoft and so is SUSE), has had its former developers help spread UEFI [1, 2], much to Microsoft’s chagrin. They did this inside the Linux Foundation. OBS, another Novell project that got into the Linux Foundation, is helping UEFI restricted boot even further. To quote Mr. Larabel: “OBS, the Open Build Service developed largely by openSUSE, has reached version 2.4. With Open Build Service 2.4 comes support for a new package format, Secure Boot signing, and other features.”
“By refusing to bootstrap a compromised system UEFI would offer neither cure nor prevention.”Therein lies the issue with Microsoft influence. Even Torvalds appears to have complained about this influence.
Microsoft did not need restricted boot for security. It is nonsense. Days ago Microsoft announced 33 more security holes in its software (the real numbers are higher, but Microsoft keeps some holes hidden for vanity purposes). Well, that’s where the real security threat exists, not in boot time. Microsoft essentially calls for setting up an alarm system in premises that have neither walls nor fences. Microsoft is also spying on people in the name of 'security' (Skype), leading to this reminder that software freedom matters (“Skype is following your links – that’s proprietary for you”).
By refusing to bootstrap a compromised system UEFI would offer neither cure nor prevention. All it does is prevent people from having choices, █
Needs Sunlight said,
May 19, 2013 at 3:05 am
With UEFI malware can more easily create a denial of service by triggering a refusal to boot.
Dr. Roy Schestowitz Reply:
May 19th, 2013 at 3:10 am
UEFI restricted boot may be inadequate for those who only boot once in several months,