My problem with the Free Software Foundation

I have been reading articles by the Free Software Foundation such as Free Software Foundation recommendations for free operating system distributions considering Secure Boot Free Software Foundation recommendations for free operating system distributions considering Secure Boot — Free Software Foundation — working together for free software, Stand up for your freedom to install free software Stand up for your freedom to install free software — Free Software Foundation — working together for free software and the Update on the effort to defeat Restricted Boot Update on the effort to defeat Restricted Boot — Free Software Foundation — working together for free software

John Sullivan the writer of "Free Software Foundation recommendations for free operating system distributions considering Secure Boot" makes a lot of statements that are misleading. He says things like, " Distributors of restricted systems usually appeal to security concerns. They claim that if unapproved software can be used on the machines they sell, malware will run amok. By only allowing software they approve to run, they can protect us. This claim ignores the fact that we need protection from them. We don't want a machine that only runs software approved by them - our computers should always run only software approved by us. We may choose to trust someone else to help us make those approval decisions, but we should never be locked into that relationship by force of technological restriction or law. Software that enforces such restrictions is malware."

Here John makes up a phoney claim then seeks to use this false claim to validate his position. Secure Boot as implemented by suggestion of Microsoft does not seek to mandate you can only run software approved by them, (Microsoft) except in the case of Arm systems sold with Windows RT which are closed propriety systems (see below)

John sounds like a angry person who is lashing out at "Distributors of restricted systems" but I believe he's talking about Microsoft because his next statement follows with "Companies like Microsoft that push these restrictions also have a terrible track record when it comes to security, which makes their platitudes about restricting us for our own good both hollow and deceitful."

I think the above statement is deceitful. Microsoft does not seek to restrict people from installing software on a non ARM Windows 8 system that uses Secure Boot. Secure Boot can be disabled or users can switch to Legacy Bios mode. It is also shameful to compare security between Windows and Linux or "other" in this manner because Windows is targeted so much more frequently by malware.

John also says, "Microsoft may be worried about malware written to take over Windows machines, but we view Windows itself as malware and want to keep it away from our machines."

Windows.. malware? That's down right nasty and unprofessional. Who is this "We" you are speaking of John? A very large portion of Linux users are also Windows users.

He says, " Does Secure Boot enable us to keep Windows from booting on a machine? It does: We can remove Microsoft's key from the boot firmware, and add our own key or other keys belonging to free software developers whose software we wish to trust."

This is only partly true. These ideas are taken from Microsoft's document called "Windows Hardware Certifications for Client and Server Systems", section 17 under the heading "System.Fundamentals.Firmware.UEFISecureBoot" Windows Hardware Certification Requirements for Client and Server Systems. This sections deals with Non ARM systems. This may be true with a system that is purely UEFI based. What we have today are systems that are Bios based that have a small bit of UEFI code which acts as a UEFI interpreter. It's little more than a boot manager for systems that call on the Secure Boot functionality. I have spoken to many Linux and Microsoft professionals and all of them tell me they have yet to see a pure UEFI system being shipped with Windows 8 (and hence the need for secure Boot) If there are any perhaps a few pure UEFI systems out there shipping with Windows 8, they are certainly not the norm, they are the exception. Our Bios based machines with UEFI interpreters are not designed to be fully functional UEFI systems..

Talking about problems with Secure Boot now John says, " With Secure Boot, new free software users must take an additional step to install free software operating systems. Because these operating systems do not have keys stored in every computer's firmware by default like Microsoft does, users will have to disable Secure Boot before booting the new system's installer. Proprietary software companies may present this requirement under the guise of "disable security on your computer," which will mislead new users into thinking free software is insecure."

This article was written in June of last year. Now the PC have shipped and we see that Microsoft did not do this thing John has feared. He should edit this post to reflect this truth. John really does sound like he has an axe to grind.

John continues, "It's also a problem because the Windows 8 Logo program currently mandates Restricted Boot on all ARM systems, which includes popular computer types like tablets and phones. It says that users must not be able to disable the boot restrictions or use their own signing keys. In addition to being unacceptable in its own right" which leads me into the article "Update on the effort to defeat Restricted Boot". Author Josh Gay says, " Think twice before purchasing Microsoft's new ARM-based tablet, especially if you are hoping to replace the new Windows RT operating system, with a free software operating system such as GNU/Linux or Android. These new devices ship with Restricted Boot, which prevents you from installing free software on the device."

He goes on to encourage people to sign the "Stand up for your freedom to install free software" statement which lobbies for OEM's not to use Secure Boot in a way in which it becomes Restricted Boot. They are mixing apples and oranges here. On the one hand we have hardware not made by Microsoft but has a Microsoft operating system. On the other hand we have a system made by Microsoft with both Microsoft's hardware and software.

I say So What. Big Fat Hairy Deal. All tablets and phones being shipped with Windows RT are Made by Microsoft such as Surface tablets. It's both proprietary hardware and software. In this case Microsoft is free to do whatever they want with their proprietary product. No one has the right to tell Microsoft how or what they can and cannot do with their own product. You can't change the operating system on your TV, microwave, pocket calculator or On Star system in your car. If the company doesn't want to allow you this luxury, it's their business and right to do so. Just don't buy a Microsoft tablet or phone and you'll be fine.

The attitudes in these articles are in my opinion not professional nor are they becoming to the author, The Free Software Foundation or the Linux/Free software communities as a whole. People, we can do better. Our communities demand that we do better.

You, sir DP, are a troll! From what I have seen, the FSF has been spot-on about this issue. Got a Samsung Windows 8 notebook and want to install Linux on it? You are now the proud owner of a really nice doorstop! And that is an x86 system, NOT an ARM box! If you cannot disable the secure boot feature in the BIOS in order to install an alternative (even user-written) operating system, then as far as I am concerned, you are being pwnd!

So, please take your rants elsewhere. I am not impressed...

Not a troll. Just a guy with an opinion. The new Samsung machines and a few others are exceptions to the rule. They it seems did not implement Microsoft's instructions/requirements properly as outlined in "Windows Hardware Certifications Requirements for Client and Server Systems" as mentioned above. The majority of non ARM systems that ship with Windows 8 do not suffer those problems.

UEFI does have many bugs that still need to be worked out and issues addressed. It's not ready for prime time that is for sure but I believe the author went overboard blasting Microsoft for things they are not responsible for. It is the hardware venders ( Bios/Uefi makers) , the OEM's that are responsible for making sure their UEFI/Secure Boot features operate properly on non ARM systems. A few of these OEM's have really dropped the ball. Many of the OEM's are still coming out with firmware upgrades to fix the problems they are having with UEFI. UEFI is new in the respect that this is the first time a major OS company has widely required it's use. The vendors and OEM's were not ready for this. (UEFI or EFI has been around since the 1990's but never implemented in this manner. It would have happened anyway one day even if Microsoft did not make such requirements for Windows 8.) You were unfortunate that you bought such a system. I feel for you. I would not like that to happen to me.

I understand Samsung will fix these systems for you ( or at least they have fixed other peoples systems with this problem - it's a known issue). See this for information on the Samsung issue: http://www.h-online.com/open/news/it...s-1793958.html

DP, thanks for the follow-up. No, I didn't purchase one of these, but have read plenty about the issue. FWIW, short rants are better than long ones. Long posts should be more (IMHO) "balanced" and try to look at both (or all if > 2) sides of the issue. I do think that the FSF is correct is their concern about this issue, and it needs to be discussed / debated in much greater depth than it has already.

In any case, please accept my apology in calling you a "troll", although I still think your post was somewhat "trollish"! :-) From your response, I have to think that you don't really fit into that slot. Anyway, I look forward to more debate on this issue - I think it has the potential to seriously impact the entire computing community (pretty much everyone these days).

Apology accepted. Thank you. I got into studying all this because I have one of these new machines from HP and really wanted this all to work right. I'd be ecstatic if I could get both Mint 14 and Vector 7 working in dual boot with Windows 8 properly in UEFI mode (with secure boot disabled), but I understand it's not Microsoft's fault UEFI isn't ready yet and is causing everyone problems. Microsoft just forced the issue by making these requirements of Windows 8. It's almost like someone at Microsoft said lets get all Windows 8 users to use UEFI and see what happens. Well, now they know. UEFI is a real mess.

Understood. I agree that this is a mess. Whether it was a misguided attempt to "secure" systems by MS, or an attempt to control the ecosystem is a subject that will be debated at length I suspect. However, the impact of this situation is serious, and needs to be discussed in depth and dealt with appropriately. Myself, I will NEVER purchase a system that has secure boot enabled by default. What my company does is another issue (a tier-one $40B multi-national with strong ties to MS). All of my personal systems run Linux (or QNX) by default, and I ONLY run Windows in a VM when necessary (less and less all the time).

If you want a really nice PC, laptop, or tablet that runs Linux out-of-the-box, check out ZaReason Linux Laptops, Desktops, Servers and more (shameless plug for a friend's company)! :-)

Your friend has some nice systems. I love the keyboard on the front page. Too bad I have a laptop or I'd get me one. This laptop is a month old and was the best bang for the buck when I got it. $400 dollars US from Best Buy. It has a quad A8 APU with 7640g ATI graphics which uses up to 4 gigs of shared video ram with my 8 gigabytes of system Ram (has 512 Mb of dedicated video ram itself) It's my gaming machine. It can play all new games like Black Ops 2 and Far Cry 3 on high settings with high frame rates (single player). I knew it had Windows 8 installed but I did not know it had UEFI with Secure Boot enabled. I might have thought better of getting it had I known this but I can say I don't think I could have gotten a better gaming laptop on my budget.. At least they did a good enough job on the bios/uefi firmware where i can switch to Legacy Bios mode or disable Secure Boot. I hate that Windows systems always have tons of background resources taken up doing things behind your back. I Love Vector for it's speed and small resource use which I use for video editing and playing online games such as Second Life. Works much better on this system than in Windows. Sadly I have to only use Vector from Legacy Bios which is a pain in the butt to switch to from Windows operating from UEFI. Grub 2 has trouble booting both from each their respective firmware and a workaround using rEFInd isn't working out either. I had to spend a week trying to get it to work but I think it's best right now just to use Legacy Bios. All this with Secure Boot disabled mind you. I think it's going to be many years before we can reliably get systems that work well with UEFI.

:-) Well, I think we have beaten this subject enough for now. I enjoyed the discussion, and I think that we are mostly in agreement on these issues. Thanks for your measured responses and great feedback.

-Rubberman

UEFI-enabled Samsung laptops get bricked with Linux