[Cialug] Restricted boot a very real possibility
Jeff Davis
me at digitaljeff.com
Tue Oct 18 13:00:40 CDT 2011
Definitely something to watch, but surely IBM, Dell, and HP will be
smart enough to provide users a method to disable it or allow a
trustedGrub type of thing. It would be foolish of them to ignore
alienate Red Hat, Canonical, and VMware. Seems like a logistical
nightmare to ensure all server hardware/chipsets support a linux
workaround, while not doing so for desktop hardware.
I'd be more concerned if I was into the roll-your-own linux as that
seems to require OEMs to allow the ability to disable secure boot.
(I admit that is giving up some amount of freedom with the device, but
we're already quite far down that path where disassembling or rooting
your phone/tablet will void the warranty. I haven't seen any iphone
or Xoom users picketing.)
-Jeff D
On Tue, Oct 18, 2011 at 11:38 AM, Matthew Nuzum <newz at bearfruit.org> wrote:
> I often find the FSF to be a bit alarmist, but this is a very real concern:
> http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/
>
> Will your computer's "Secure Boot" turn out to be "Restricted Boot"?
>
> by Matt Lee — last modified October 17, 2011 14:54
>
> Please sign our statement to show your support!
>
> Microsoft has announced that if computer makers wish to distribute machines
> with the Windows 8 compatibility logo, they will have to implement a measure
> called "Secure Boot." However, it is currently up for grabs whether this
> technology will live up to its name, or will instead earn the name
> Restricted Boot.
>
> When done correctly, "Secure Boot" is designed to protect against malware by
> preventing computers from loading unauthorized binary programs when booting.
> In practice, this means that computers implementing it won't boot
> unauthorized operating systems -- including initially authorized systems
> that have been modified without being re-approved.
>
> This could be a feature deserving of the name, as long as the user is able
> to authorize the programs she wants to use, so she can run free software
> written and modified by herself or people she trusts. However, we are
> concerned that Microsoft and hardware manufacturers will implement these
> boot restrictions in a way that will prevent users from booting anything
> other than Windows. In this case, a better name for the technology might be
> Restricted Boot, since such a requirement would be a disastrous restriction
> on computer users and not a security feature at all.
>
> ... read more
> --
> Matthew Nuzum
> newz2000 on freenode, skype, linkedin and twitter
>
> ♫ You're never fully dressed without a smile! ♫
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>
More information about the Cialug
mailing list