My problem with the Free Software Foundation
I have been reading articles by the Free Software Foundation such as Free Software Foundation recommendations for free operating system distributions considering Secure Boot Free Software Foundation recommendations for free operating system distributions considering Secure Boot — Free Software Foundation — working together for free software, Stand up for your freedom to install free software Stand up for your freedom to install free software — Free Software Foundation — working together for free software and the Update on the effort to defeat Restricted Boot Update on the effort to defeat Restricted Boot — Free Software Foundation — working together for free software
John Sullivan the writer of "Free Software Foundation recommendations for free operating system distributions considering Secure Boot" makes a lot of statements that are misleading. He says things like, " Distributors of restricted systems usually appeal to security concerns. They claim that if unapproved software can be used on the machines they sell, malware will run amok. By only allowing software they approve to run, they can protect us. This claim ignores the fact that we need protection from them. We don't want a machine that only runs software approved by them - our computers should always run only software approved by us. We may choose to trust someone else to help us make those approval decisions, but we should never be locked into that relationship by force of technological restriction or law. Software that enforces such restrictions is malware."
Here John makes up a phoney claim then seeks to use this false claim to validate his position. Secure Boot as implemented by suggestion of Microsoft does not seek to mandate you can only run software approved by them, (Microsoft) except in the case of Arm systems sold with Windows RT which are closed propriety systems (see below)
John sounds like a angry person who is lashing out at "Distributors of restricted systems" but I believe he's talking about Microsoft because his next statement follows with "Companies like Microsoft that push these restrictions also have a terrible track record when it comes to security, which makes their platitudes about restricting us for our own good both hollow and deceitful."
I think the above statement is deceitful. Microsoft does not seek to restrict people from installing software on a non ARM Windows 8 system that uses Secure Boot. Secure Boot can be disabled or users can switch to Legacy Bios mode. It is also shameful to compare security between Windows and Linux or "other" in this manner because Windows is targeted so much more frequently by malware.
John also says, "Microsoft may be worried about malware written to take over Windows machines, but we view Windows itself as malware and want to keep it away from our machines."
Windows.. malware? That's down right nasty and unprofessional. Who is this "We" you are speaking of John? A very large portion of Linux users are also Windows users.
He says, " Does Secure Boot enable us to keep Windows from booting on a machine? It does: We can remove Microsoft's key from the boot firmware, and add our own key or other keys belonging to free software developers whose software we wish to trust."
This is only partly true. These ideas are taken from Microsoft's document called "Windows Hardware Certifications for Client and Server Systems", section 17 under the heading "System.Fundamentals.Firmware.UEFISecureBoot" Windows Hardware Certification Requirements for Client and Server Systems. This sections deals with Non ARM systems. This may be true with a system that is purely UEFI based. What we have today are systems that are Bios based that have a small bit of UEFI code which acts as a UEFI interpreter. It's little more than a boot manager for systems that call on the Secure Boot functionality. I have spoken to many Linux and Microsoft professionals and all of them tell me they have yet to see a pure UEFI system being shipped with Windows 8 (and hence the need for secure Boot) If there are any perhaps a few pure UEFI systems out there shipping with Windows 8, they are certainly not the norm, they are the exception. Our Bios based machines with UEFI interpreters are not designed to be fully functional UEFI systems..
Talking about problems with Secure Boot now John says, " With Secure Boot, new free software users must take an additional step to install free software operating systems. Because these operating systems do not have keys stored in every computer's firmware by default like Microsoft does, users will have to disable Secure Boot before booting the new system's installer. Proprietary software companies may present this requirement under the guise of "disable security on your computer," which will mislead new users into thinking free software is insecure."
This article was written in June of last year. Now the PC have shipped and we see that Microsoft did not do this thing John has feared. He should edit this post to reflect this truth. John really does sound like he has an axe to grind.
John continues, "It's also a problem because the Windows 8 Logo program currently mandates Restricted Boot on all ARM systems, which includes popular computer types like tablets and phones. It says that users must not be able to disable the boot restrictions or use their own signing keys. In addition to being unacceptable in its own right" which leads me into the article "Update on the effort to defeat Restricted Boot". Author Josh Gay says, " Think twice before purchasing Microsoft's new ARM-based tablet, especially if you are hoping to replace the new Windows RT operating system, with a free software operating system such as GNU/Linux or Android. These new devices ship with Restricted Boot, which prevents you from installing free software on the device."
He goes on to encourage people to sign the "Stand up for your freedom to install free software" statement which lobbies for OEM's not to use Secure Boot in a way in which it becomes Restricted Boot. They are mixing apples and oranges here. On the one hand we have hardware not made by Microsoft but has a Microsoft operating system. On the other hand we have a system made by Microsoft with both Microsoft's hardware and software.
I say So What. Big Fat Hairy Deal. All tablets and phones being shipped with Windows RT are Made by Microsoft such as Surface tablets. It's both proprietary hardware and software. In this case Microsoft is free to do whatever they want with their proprietary product. No one has the right to tell Microsoft how or what they can and cannot do with their own product. You can't change the operating system on your TV, microwave, pocket calculator or On Star system in your car. If the company doesn't want to allow you this luxury, it's their business and right to do so. Just don't buy a Microsoft tablet or phone and you'll be fine.
The attitudes in these articles are in my opinion not professional nor are they becoming to the author, The Free Software Foundation or the Linux/Free software communities as a whole. People, we can do better. Our communities demand that we do better.