09.25.12

Gemini version available ♊︎

Ubuntu Acknowledges UEFI Mistake by Taking FSF Advice

Posted in FSF, Ubuntu at 12:24 pm by Dr. Roy Schestowitz

Mono the Trojan
Source: “Mono, the Trojan” (reused with permission)

Summary: Canonical decides to keep GRUB and stand up closer to the FSF

C

anonical had a bout of arrogance recently. Its founder Mark Shuttleworth labelled people who disagree on a technical and ethical matter “trolls”. This is not a new tactic from Ubuntu’s corporate backer; Mono and UEFI — not just Amazon — led to it. The so-called ‘peanut gallery’ just happens to be people capable of thought and not an Apple-esque herd mentality. So when we criticised Ubuntu’s approach to UEFI we were just not blindly accepting what Ubuntu eventually came to reject because “Ubuntu to Use Signed GRUB2 Bootloader for Secure Boot”, says the Ubuntu herd (OMGUbuntu folks).

Here are some related reports:

  • “Ubuntu Linux changes its plans for Windows 8 Secure Boot

    Microsoft’s “Secure Boot” plans for Windows 8 have already caused no end of controversy in the Linux community, and certainly one of the more divisive announcements in recent months was Canonical’s decision to drop the GRUB 2 bootloader as part of its solution for Ubuntu Linux.

  • Ubuntu 12.10 Tries For Last Minute GRUB 2.00

    Going back to Ubuntu 9.10, GRUB2 was used as the default boot-loader, albeit a pre-release of the long-awaited GRUB update. In late June of this year, GRUB 2.00 was officially released after many years in development. Meanwhile, in the Ubuntu 12.10 “Quantal” repository up to now is GRUB2 v1.99-22ubuntu2 — one of the earlier development snapshots.

UEFI is being tackled in multiple ways now, depending on who takes action. Red Hat’s staff sites mention this too. MJG speaks of bootkits and concludes: “So this isn’t really a story about a surprising vulnerability. It’s a story about someone taking the logical step of implementing a bootkit on top of UEFI, which is what everyone should have been expecting all along. Computers that are configured to run arbitrary code will run arbitrary code, and if that arbitrary code happens to modify your kernel so your credit card details are automatically posted to pastebin, well, that’s a plausible outcome.”

Vista 8 already causes issues for GNU/Linux users. Here is a new example: “Yesterday, Megatotoro and I helped a colleague who wanted to dual boot her recently bought desktop PC. She wanted us to install Mageia 2 and we were confident because it is a process that we have done several times already.

“However, when we hit the key to get into the BIOS… Surprise! We were greeted by UEFI instead.”

UEFI further complicated dual-booting, yet nobody filed an antitrust complaint. Steven J. Vaughan-Nichols writes to explain the role the FSF is playing: “Windows 8 PCs will come with Microsoft’s UEFI (Unified Extensible Firmware Interface) Secure Boot. This “feature” will make it much harder to boot Linux or other operating systems. Canonical, Ubuntu Linux’s parent company, is going to take a new approach to address this problem.

“Canonical and the FSF have talked their disagreement out and, continues Melamut, “the FSF has stated clearly that Grub 2 with Secure Boot does not pose a risk of key disclosure in such circumstances. We have also confirmed that view with our OEM partners, and have introduced variations to the Ubuntu Certification program and QA scripts for pre-installs to ensure that security and user choice are maintained on Ubuntu machines. Therefore, we have decided that Grub 2 is the best choice for a bootloader, and will use only Grub m,2 in Ubuntu 12.10 and 12.04.2 by default.”

“In a statement, John Sullivan, Executive Director of the FSF, added, “We are pleased with Canonical’s decision to stick with Grub 2. We know that the challenges raised when trying to support true user security without harming user freedom—Secure Boot vs. Restricted Boot—are new for everyone distributing free software. This is the situation for which GPLv3 was written, and after helpful conversations with Canonical, we are confident the license does its job well, ensuring users can modify their systems without putting distributors in untenable positions.””

Debian followed the FSF’s footsteps right from the start. Canonical needed some pressure. It’s not “trolling” against Canonical. The FSF believes that UEFI should be illegal.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

A Single Comment

  1. Panda Bear said,

    September 25, 2012 at 9:58 pm

    Gravatar

    Just sharing the FREE ebook titled as “Microsoft Windows 8 RTM Titanic “An User’s Perspective” by Dejah Thoris (PDF 8MB)

    https://bayfiles.com/file/mjQd/ln0q5v/Windows_8_RTM_Titanic.pdf

    Please share the free ebook and link to everyone! The book is public domain and NOT copyrighted as claimed the author inside the book.

DecorWhat Else is New


  1. Links 7/12/2021: Firefox 96 Beta and Fedora 37 Abandons ARMv7

    Links for the day



  2. Links 7/12/2021: Plasma Mobile Gear 21.12 and Tails 4.25

    Links for the day



  3. All IRC Logs Now Available as GemText Over Gemini Protocol

    Today we've completed the transition from plain text over gemini:// to GemText over gemini:// for IRC logs



  4. IRC Proceedings: Monday, December 06, 2021

    IRC logs for Monday, December 06, 2021



  5. [Meme] Rowing to the Bottom of the Ocean

    The EPO‘s Steve Rowan (VP1) is failing EPO staff and sort of “firing” workers during times of crisis (not at all a crisis to the EPO’s coffers)



  6. EPO Gradually Reduced to 'Fee Collection Agency' Which Eliminates Its Very Own Staff

    Mr. Redundancies and Mr. Cloud are outsourcing EPO jobs to Microsoft and Serco as if the EPO is an American corporation, providing no comfort to long-serving EPO staff



  7. Linux Foundation 2021 Annual Report Made on an Apple Mac Using Proprietary Software

    Yes, you’re reading this correctly. They still reject both “Linux” and “Open Source” (no dogfooding). This annual report is badly compressed; each page of the PDF is, on average, almost a megabyte in size (58.8 MB for a report of this scale is unreasonable and discriminates against people in countries with slow Internet connections); notice how they’re milking the brand in the first page (straight after the cover page, the 1991 ‘creation myth’, ignoring GNU); remember that this foundation is named after a trademark which is not even its own!



  8. Links 7/12/2021: OpenIndiana Hipster 2021.10 and AppStream 0.15

    Links for the day



  9. Microsoft “Defender” Pretender Attacks Random Software That Uses NSIS for installation; “Super Duper Secure Mode” for Edge is a Laugh

    Guest post by Ryan, reprinted with permission



  10. Links 6/12/2021: LibreOffice Maintenance Releases, Firefox 95 Finalised

    Links for the day



  11. “Wintel” “Secure” uEFI Firmware Used to Store Persistent Malware, and Security Theater Boot is Worthless

    Guest post by Ryan, reprinted with permission



  12. No Linux Foundation IRS Disclosures Since 2018

    The publicly-available records or IRS information about the Linux Foundation is suspiciously behind; compared to other organisations with a "tax-exempt" status the Linux Foundation is one year behind already



  13. Jim Zemlin Has Deleted All of His Tweets

    The Linux Foundation‘s Jim Zemlin seems to have become rather publicity-shy (screenshots above are self-explanatory; latest snapshot), but years ago he could not contain his excitement about Microsoft, which he said was "loved" by what it was attacking. Days ago it became apparent that Microsoft’s patent troll is still attacking Linux with patents and Zemlin’s decision to appoint Microsoft as the At-Large Director (in effect bossing Linus Torvalds) at the ‘Linux’ Foundation’s Board of Directors is already backfiring. She not only gets her whole salary from Microsoft but also allegedly protects sexual predators who assault women… by hiring them despite repeated warnings; if the leadership of the ‘Linux’ Foundation protects sexual predators who strangle women (even paying them a salary and giving them management positions), how can the ‘Linux’ Foundation ever claim to represent inclusion and diversity?



  14. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him

    Balabhadra (Alex) Graveley has warrant for his arrest, albeit only after a lot of harm and damage had already been done (to multiple people) and Microsoft started paying him



  15. The Committee on Patent Law (PLC) Informed About Overlooked Issues “Which Might Have a Bearing on the Validity of EPO Patents.”

    In a publication circulated or prepared last week the Central Staff Committee (CSC) of the EPO explains a situation never explored in so-called 'media' (the very little that's left of it)



  16. Links 6/12/2021: HowTos and Patents

    Links for the day



  17. IRC Proceedings: Sunday, December 05, 2021

    IRC logs for Sunday, December 05, 2021



  18. Gemini Space/Protocol: Taking IRC Logs to the Next Level

    Tonight we begin the migration to GemText for our daily IRC logs, having already made them available over gemini://



  19. Links 6/12/2021: Gnuastro 0.16 and Linux 5.16 RC4

    Links for the day



  20. Links 5/12/2021: Touchpad Gestures in XWayland

    Links for the day



  21. Society Needs to Take Back Computing, Data, and Networks

    Why GemText needs to become 'the new HTML' (but remain very simple) in order for cyberspace to be taken away from state-connected and military-funded corporations that spy on people and abuse society at large



  22. [Meme] Meanwhile in Austria...

    With lobbyists-led leadership one might be led to believe that a treaty strictly requiring ratification by the UK is somehow feasible (even if technically and legally it's moot already)



  23. The EPO's Web Site is a Parade of Endless Lies and Celebration of Gross Violations of the Law

    The EPO's noise site (formerly it had a "news" section, but it has not been honest for about a decade) is a torrent of lies, cover-up, and promotion of crimes; maybe the lies are obvious for everybody to see (at least EPO insiders), but nevertheless a rebuttal seems necessary



  24. The Letter EPO Management Does Not Want Applicants to See (or Respond to)

    A letter from the Munich Staff Committee at the EPO highlights the worrying extent of neglect of patent quality under Benoît Battistelli and António Campinos; the management of the EPO did not even bother replying to that letter (instead it was busy outsourcing the EPO to Microsoft)



  25. IRC Proceedings: Saturday, December 04, 2021

    IRC logs for Saturday, December 04, 2021



  26. EPO-Bribed IAM 'Media' Has Praised Quality, Which Even EPO Staff (Examiners) Does Not Praise

    It's easy to see something is terribly wrong when the people who do the actual work do not agree with the media's praise of their work (a praise motivated by a nefarious, alternate agenda)



  27. Tux Machines is 17.5 Years Old Today

    Tux Machines -- our 'sister site' for GNU/Linux news -- started in 2004. We're soon entering 2022.



  28. Approaching 100

    We'll soon have 100 files in Git; if that matters at all...



  29. Improving Gemini by Posting IRC Logs (and Scrollback) as GemText

    Our adoption of Gemini and of GemText increases; with nearly 100,000 page requests in the first 3 days of Decembe (over gemini://) it’s clear that the growing potential of the protocol is realised, hence the rapid growth too; Gemini is great for self-hosting, which is in turn essential when publishing suppressed and controversial information (subject to censorship through blackmail and other ‘creative’ means)



  30. Links 4/12/2021: IPFire 2.27 Core Update 162 and Genode OS Framework 21.11

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts