[liberationtech] UEFI and who controls your computer? Fedora 18 Linux to be cryptographically signed by Microsoft.

Sat Jun 2 18:36:39 PDT 2012

New computers sold in the coming months—along with the release of
Windows 8—will include a new kind of firmware replacing the old PC
BIOSes called UEFI
(http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface).

One of the things in the UEFI specification is a feature called
"SecureBoot" which makes it so that the system will only boot
operating systems which have been cryptographically signed with a
certificate which is tractable to a root certificate installed in the
firmware.  This enables the kind of lockdown we've seen on phones and
tablets on a broader spectrum of devices.

The UEFI specification itself does not require that there be any
mechanism to disable this functionality. The original requirements for
the Windows 8 "logo" certification program required manufacturers to
install a Microsoft-controlled key and to not permit the user to
disable SecureBoot. Some diligent engineers at Red Hat found out about
this and through some mixture of negotiation, threats, and negative PR
they were able to convince Microsoft to replace the requirement with
one to require an option to disable it, but only on x86.  (ARM-based
systems will still need to have no way to disable the lockdown in
order to receive Windows 8 certification.) Another concession they got
was that Microsoft would sign other operating systems (via a
partnership with Verisign/Symantec) for a $99 fee, with a key accepted
under the Microsoft root.

Whether manufacturers will comply with Microsoft's requirement to
allow it to be disabled on desktops remains to be seen—it doesn't seem
likely that Microsoft would be eager to enforce the requirement, since
they previously required its opposite.

Since as we know here, little usability speedbumps can be a big
barrier to access to technology, the (hopefully existing) ability to
disable SecureBoot isn't enough for the major Linux distributors:
Fedora will be submitting a bootloader to Microsoft's signing process
(http://mjg59.dreamwidth.org/12368.html) so it will boot up on
SecureBoot locked-down systems. When booted this way, only signed OS
kernels can be run, only signed modules will be loadable, direct
memory access will be disabled—basically the kind of anti-anti-DRM
restrictions needed to prevent the users' software from breaking out
of the sandbox.  (This has caused some amount of drama, with some
people—including myself—arguing against Fedora's participation on
software freedom grounds, but it seems certain to happen.)

Many pieces of technology are used with few ill effects in freer parts
of the world, but find themselves applied in repressive ways
elsewhere—such as web censorware, deep inspection firewalls, etc.  So
I'm wondering: what negative human rights side effects might we expect
from SecureBoot?

For example, it would be fairly straightforward to ban the import or
sale of computer systems which aren't equipped with only a
regime-controlled root key, and probably not that difficult to then
provide surveillance-enabled operating systems as the only thing that
will run on them.  I have little doubt that expert users will figure
out a way to jailbreak these systems, but will that be sufficient?

A lot of this is arguably already true on mobile phones. Have we
learned anything there that will tell us if the consequences will be
lesser or greater on desktops?

Can technology continue to provide solutions for liberty as we move
away from general-purpose computing, and oppressionware becomes
mandated and installed by default, enforced through hardware
restrictions?