LWN: Comments on "UEFI and "secure boot""

UEFI and "secure boot"

njs — Fri, 23 Sep 2011 00:54:25 +0000

AFAICT, its the handset makers who are deciding whether or not to do boot locking (e.g., HTC ~never does, Motorola ~always does, and carriers sell both). That seems inconsistent with the idea that it's the carriers driving this decision.

The market will decide

dion — Thu, 22 Sep 2011 09:23:27 +0000

At the moment we all grudgingly pay the MS-tax for each new laptop, so there no real penalty for vendors who choose to ship only windows.

If UEFI secure boot starts being locked down by vendors, then there is suddenly a market force punishing the vendors who do that because all non-windows users will be unable to buy those machines and ignore the MS-tax.

Even if non-windows users are only 2% of the market is that a group of customers that every vendor will ignore?

Personally I'd rather have clear EU regulations that forbid locking down hardware in a way that prevents owners from re-keying and running their own software.

UEFI and "secure boot"

adendexter — Thu, 22 Sep 2011 07:35:08 +0000

I am pretty sure the handset makers don't want boot locking but the carriers would prefer that due to the margins involved. The costs have gone up significantly if you consider and if you compare each Android Phone to 1 Apple Phone sold. iPhone will generate 10 times more revenue for the carrier and Apple than a Android phone. Although I must say as a Android user, the costs are less and its more adaptive.

Aden Dexter
Designs Review

Old news?

kylegordon — Wed, 21 Sep 2011 13:16:10 +0000

From TFA: "The UEFI 2.3.1 specification [agreement required] has a number of new features, one of which is the optional "secure boot" protocol."

Given that UEFI 2.3.1 only came out in April 2011, I doubt your 5 year old Apple hardware has UEFI 2.3.1 compliant firmware.

TPM isn't UEFI, and a TPM can only be used to trust the boot system to allow you to decrypt data. It doesn't prevent you from booting a new/different OS.

UEFI and "secure boot"

Trelane — Wed, 07 Sep 2011 00:34:06 +0000

http://www.h-online.com/security/news/item/Windows-8-to-i...

Even links back to this article. :)

UEFI and "secure boot"

leandro — Tue, 28 Jun 2011 13:22:49 +0000

Yes, OpenFirmware seemed to be not only much earlier but more elegant, and an open standard.

UEFI and "secure boot"

Hausvib6 — Sat, 25 Jun 2011 05:38:31 +0000

Of course it will, hw manufacturer will use every chance of voiding the hw warranty. Even today, replacing the preinstalled OS in laptop may void the warranty (depends on the goodwill of the manufacturer).

UEFI and "secure boot"

marcH — Mon, 20 Jun 2011 08:59:03 +0000

This question is unrelated (sorry) but it might meet the right public here.

Is UEFI just "Not Invented Here" considering that OpenFirmware (and others?) apparently offered the same features decades earlier?

UEFI and "secure boot"

marcH — Mon, 20 Jun 2011 08:56:29 +0000

As others have said above in various forms, I think this will go the very same way as DVD zoning or SIM-locking today. In the future your average grand ma will be "protected" from running random software on her smart phone, while LWN readers will quickly find the hardware switch/cheat code to bypass the restrictions. Think Microsoft and Apple as Hollywood and hardware manufacturers as... themselves.

The only question left is: will this void the warranty?

UEFI and "secure boot"

raven667 — Fri, 17 Jun 2011 19:29:13 +0000

It is going to depend a lot on the vendor and it may not get off the ground, we've been talking about general lockdown using the TPM for many years but it has yet to come to pass.

I would imagine that if this does become popular that it will be used mostly by big vendors who sell low end devices for home use, and Apple. Since the computer will not be entirely user-modifyable its more like a rental or a service. This could be used for appliance like systems where all maintenance is done by the vendor and only vendor-approved software, drivers are used. There is certainly a market for that kind of thing, as Apple is demonstrating.

In the highly unlikely event that general consumer hardware becomes widely keyed to only boot Windows that might actually boost Linux specific hardware vendors like System76 or Dell's N-Series lines as there is market demand for non-Windows systems but regular computers run non-Windows well enough that there isn't much of a market for systems built for non-Windows use.

Motherboard vendors will never pre-key such a thing as their customers are far more diverse, technical and demanding. Motherboard vendors don't necessarily cater to or test non-Windows use cases, they aren't going to go out of their way to alienate those customers either.

A lot of this TPM and UEFI tech makes sense if it is just set up during initial system install or first boot and is under control of the owner.

UEFI and "secure boot"

khc — Fri, 17 Jun 2011 05:17:06 +0000

Can I nominate this for next week's security quote?

For crying out loud - WRITE ENABLE SWITCH!

Cyberax — Thu, 16 Jun 2011 17:52:38 +0000

A lot of TPMs have a requirement for 'physical proof of presence' to do hardware reset. Usually, it requires pressing a certain key on hardware keyboard (with TPM hardwired to hardware keyboard controller).

Old news?

jreiser — Thu, 16 Jun 2011 15:25:27 +0000

Is widely-distributed UEFI the only news here? The ASUS P5QPRO motherboard from 2008, three years ago, claims to support the necessary hardware. The common boot ROM BIOS does not support it, but the BIOS is flashable. Some Apple x86 hardware as old as 2006 allegedly has unused TPM hardware: http://www.osxbook.com/book/bonus/chapter7/tpmdrmmyth/. Linux itself has had driver/char/tpm for six or seven years. The implications of actual lockdown have been foreseen for a long time.

UEFI and "secure boot"

bronson — Thu, 16 Jun 2011 14:59:54 +0000

Agreed. Many big Android device makers have announced that in the future their bootloaders will be unlocked (worth a quick Google). The carriers wanted lockin but the customers are saying no.

Non-Apple customers that is...

UEFI and "secure boot"

dskoll — Thu, 16 Jun 2011 11:00:46 +0000

If we don't keep an eye on it, your next desktop may simply refuse to boot your OS of choice.

I can assure you that my next desktop will definitely boot the OS of my choice. Market pressure will ensure that there will always be some open systems.

Vendor-lockin-boot proposals have been made several times in the past and have never gone anywhere. I have no reason to believe this latest proposal will go anywhere either, at least not on commodity desktop machines.

For crying out loud - WRITE ENABLE SWITCH!

NRArnot — Thu, 16 Jun 2011 10:02:58 +0000

The answer is as old as the hills, it's been used on mechanical devices ever since they got to be capable of amputating fingers. A scabbard for a knife or sword, a safety catch on a firearm, ....

In electronics form, it's the WRITE ENABLE switch, which I first saw on a DEC exchangeable-platter disk drive storing all of 20Mb on 15-inch FeO2-coated platters.

It doesn't have to be a switch, just something that can be done by the owner, given physical access to the hardware, and never by a piece of malicious software (at least, not until the hardware is a robot, in which case we'll have to re-discover what for a human is the small of his back).

Anyway, for a PC motherboard, there should be a SECURE BOOT DISABLE jumper, just as there is a password disable jumper for the better modern BIOSes. For other smart devices, something similar, requiring a simple but nontrivial amount of fiddling with the device.

For manufacturers worried about warranty returns, it might even be a one-way trip - protect the switch or jumper with one of those "warranty void if removed" security labels. Two levels of the same idea.

UEFI and "secure boot"

mennucc1 — Thu, 16 Jun 2011 06:39:38 +0000

hopefully, UEFI hw will be shipped by OEM in "setup" mode, and , when the O.S. will be installed for the first time, it will write the PK in it; so people who want to use Linux will need to buy "virgin" hw with no O.S. on it: this will be fine for servers, but it may be a problem for notebooks (e.g. in Italy it is almost impossible to buy a notebook w/o Window$ preinstalled)

UEFI and "secure boot"

ras — Thu, 16 Jun 2011 05:48:07 +0000

Yeah, well as the article says, the only real problem with the proposal is the one it raises at the start:

> It all depends on who holds the signing keys.

Given the key is programmable this doesn't seem to be an issue. If I am an organisation that cares, I can just program it. If I like to run tweaked versions of Grub I can ignore it.

But then we have this:

> Platform vendors are likely to use a key from UEFI as the PK, and distribute updated signature databases from the organization signed by that key.

This is the nub of the issue. Is it a published policy, or just a guess?

It could lead to a world of pain for platform vendors. It in all probability would end up meaning only the version of Windows shipped by the vendor would boot.

UEFI and "secure boot"

mjg59 — Thu, 16 Jun 2011 03:08:16 +0000

Based on my experience of the quality of EFI implementations so far:

I suspect that any current UEFI vendor who implements this will be free to ship GPLv3 bootloaders by virtue of being so indescribably inept that it'll be trivial for anyone to bypass the trusted path and boot their own bootloader.