https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Open Source


Free Software Foundation vs Microsoft Windows 8 “Secure Boot”

  • Written by Christopher Tozzi
  • January 3, 2013
So far, the "Secure Boot" feature that Microsoft requires for Windows 8-certified hardware has caused a lot more anxiety in the Linux community than actual harm. Most Linux distributions have viable plans for working around the potential problems that Secure Boot poses. Nonetheless, the Free Software Foundation has embarked on a campaign to fight the feature tooth-and-nail.

Free Software Foundation logoSo far, the “Secure Boot” feature that Microsoft requires for Windows 8-certified hardware has caused a lot more anxiety in the Linux community than actual harm. Most Linux distributions have viable plans for working around the potential problems that Secure Boot poses. Nonetheless, the Free Software Foundation has embarked on a campaign to fight the feature tooth-and-nail. And it wants your help.

Promoted by Microsoft as an extra layer of security, Secure Boot is a feature embedded into device firmware that prevents unauthorized operating systems from booting. That means PCs designed for Windows 8 could refuse to run Linux out-of-the-box.

But while that may sound worrying for open-source fans, the actual threat is pretty minimal. Most Linux distributions have strategies in place for working around the Secure Boot limitations by signing the requisite open-source bootloader software (in most cases, Grub 2) with keys that the firmware will recognize, allowing Linux kernels to boot.

Without a doubt, Secure Boot doesn’t make the lives of Linux users any easier, and it has caused development delays for distributions like Fedora (though those stemmed from squabbling between developers over which method to adopt in working around Secure Boot, rather than from the technical challenges it poses), but it won’t eradicate open-source operating systems from the world in the way some doom-and-gloomers predicted when Microsoft announced the feature.

Still, the Free Software Foundation, one of the open-source channel’s most influential organizations in moral (if not financial) terms, is aggressively combating Secure Boot with a multi-channel campaign. The group plans to educate the public on avoiding Secure Boot-enabled hardware, pressure device manufacturers to avoid measures that will prevent consumers from installing the software they wish and combat Microsoft’s proposal for implementing a similar feature on ARM-powered smartphones and tablets.

To advance its efforts, the FSF has created a petition, signed so far by more than 40,000 individuals and 50 organizations. The signatories pledge not to purchase hardware that fails to “provide a sure-fire way for them to install and run a free software operating system of their choice.” The FSF also invites users to donate $50, although it’s not clear whether that money will be used to combat Secure Boot specifically, or support the FSF’s operations more generally.

From my perspective, the FSF’s campaign against Secure Boot is noble enough. As a committed open-source user and advocate, however, I also worry that the group has not defined exactly what it hopes to achieve. Its stated aims are not to do away with Secure Boot entirely (a goal which even the ideological stalwarts at the FSF, apparently, recognize as impossible to achieve), but merely to ensure that the feature is implemented in a way that ensures users the freedom to install the operating system of their choice. So far, that freedom seems to remain intact, so it’s not entirely clear what changes the FSF would like to see.

That said, public resources that would help consumers avoid Secure Boot-enabled hardware would certainly not hurt. Nor would efforts to keep users aware of this issue in order to help prevent monopolistic abuse from occurring in the future. Kudos to the FSF for this work.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Open Source

Related


  • JEDI lightsaber
    AWS Still Chasing JEDI, Blasts Trump Administration Again
    AWS still wants to get JEDI from Microsoft. And there’s a new alliance in town. Plus, an update from iXsystems.
  • Communications satellite in space
    IBM Leans on Partners to Bring Cloud Satellite Services to Life
    Big Blue took the much-anticipated hybrid cloud platform out of beta on March 1.
  • Spinoff Company
    IBM Names CEO of New Managed Services Spinoff
    The former IBM CFO is well-known to those within NewCo.
  • Risk level
    Wipro: Why an Open Source Software Risk Assessment Is Critical
    The Wipro service helps customers mitigate the security risks of open source software.

9 comments

  1. Avatar zxq9 January 4, 2013 @ 8:45 am
    Reply

    “Freedom is intact”… accept that so far every pre-loaded system I have seen with Windows 8 on it has a completely hidden UEFI trigger which presents a local user a window of less than 3 seconds on boot to press. As in, the old “configure your BIOS by pressing F11” thing is now a random mystery key you have to hunt for because the display is disabled by default (with no way to turn it on) on Lenovo, HP and Toshiba systems I’ve seen. So the average user cannot easily disable “secure boot”, but those with criminal intent and a motivation to learn what the key is will anyway.

    How is this freedom? One of the chief advantages of many open source distro is their extreme ease of installation and the ability to run from external media, which is completely disabled in many cases and not always configurable from within every secure boot enabled UEFI system.

    You are vastly minimalizing the problem in this article. I suggest you go snoop around some forums with first-hand accounts of actual users trying to install their own OSes on new hardware before passing this off as an overreaction by the FSF.

  2. Avatar zxq9 January 4, 2013 @ 8:51 am
    Reply

    Ah… also, some systems require the special key to be pressed every time the system is booted or re-botted, always. This means those systems are completely useless for wake-on-LAN, timed boot, remote recovery, remote administration requiring reboot, scheduled reboots or any other administration task that requires cycling the power — not to mention the awesome power of remote network installation of 100’s of client systems at once via kickstart is completely gone.

    What that really means is the list of hardware I can buy to service business clients has shrunk by a huge amount. Its now a case of build-it-in-house or go out of business because no small computing service provider companies have the clout or volume to get workable prebuilt systems from the big vendors.

  3. Avatar jymm January 4, 2013 @ 10:30 pm
    Reply

    I will solve the problem by buying a ZaReason or System 76 computer. I see Dell and HP are offering Ubuntu also, and I am guessing those will not have secure boot. If Microsoft wants to play that game, they will lose me. I could also boot XP in Virtual box if I need too. I have an old XP disc.

  4. Avatar Adam Williamson January 4, 2013 @ 10:32 pm
    Reply

    “Nonetheless, the Free Software Foundation has embarked on a campaign to fight the feature tooth-and-nail”

    Actually, it hasn’t. It is fighting what it terms ‘Restricted Boot’, which is firmwares which implement Secure Boot in such a way that you cannot turn it off or configure the list of trusted keys.

    Most implementations of SB firmwares *do* allow you to disable it and configure the list of trusted keys, therefore they do not meet the FSF’s definition of ‘Restricted Boot’ and the FSF is not ‘fighting’ them ‘tooth-and-nail’.

    See https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot .

  5. Avatar Adam Williamson January 4, 2013 @ 10:33 pm
    Reply

    “As in, the old “configure your BIOS by pressing F11″ thing is now a random mystery key you have to hunt for because the display is disabled by default (with no way to turn it on) on Lenovo, HP and Toshiba systems I’ve seen”

    That’s hardly new to UEFI. There has never been a universal key to enter the system firmware on PCs. F11 by no means works on all systems; hell, it doesn’t work on any system I have here (I have systems that use F2 and systems that use Del, I think).

  6. Avatar Adam Williamson January 4, 2013 @ 10:37 pm
    Reply

    “Without a doubt, Secure Boot doesn’t make the lives of Linux users any easier, and it has caused development delays for distributions like Fedora (though those stemmed from squabbling between developers over which method to adopt in working around Secure Boot, rather than from the technical challenges it poses”

    This is also inaccurate. SB implementation has not been a significant roadblock for Fedora 18’s release (the new installer UI is the main issue blocking F18’s release), and there has been very little such ‘squabbling’. There is exactly one SB implementation that anyone is actually using: Matthew Garrett’s ‘shim’ bootloader. Ubuntu 12.10 uses this, Fedora 18 will use it, OpenSUSE and Sabayon will also use it; I don’t know of any distro planning to use anything else. The Linux Foundation came up with a similar design but it offers no advantages over shim and is at an earlier stage of development, so there doesn’t seem to be any particular point to it.

    Ubuntu 12.10 shipped back in October with SB support, using a build of shim signed by Microsoft. Fedora has a build of shim signed by Microsoft in hand for Fedora 18; F18 test builds since TC3 work fine on SB systems (this has been tested). Current Sabayon test builds also work fine using the shim self-enrolment mechanism. This is all out in the wild, tested and working, there are no roadblocks.

  7. Avatar Ademeion January 4, 2013 @ 11:52 pm
    Reply

    I haven’t yet tried to install Linux on a system with Secure Boot, but someone close to me did (Ubuntu 12.10), and the exprience wasn’t easy. There was quite a lot of head scratching, hunting for information and trials and errors. This person has years of Linux experience, and is used to do OS installations and to work with BIOS settings. If the process doesn’t get easier, regular computer users intending to give Linux a try will in most cases turn away before they even see Linux.

  8. Avatar Adam Williamson January 5, 2013 @ 3:17 am
    Reply

    ademeion: there is a lot of confusion between UEFI and Secure Boot. They aren’t the same thing. If you’ve never done a native UEFI install before, it’s pretty different from BIOS.

    A UEFI install of Ubuntu 12.10 with Secure Boot enabled, compared to a UEFI install of Ubuntu 12.10 with SB disabled, will look about 99.9% identical. It’s just not a very visible feature at all. Ditto F18.

    I suspect most of your friend’s confusion was to do with UEFI, not SB.

  9. Avatar Drug Criminal Defense Law Firm In Sugar Land January 14, 2013 @ 7:54 pm
    Reply

    Useful. I agree.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • AWS Partners Flooded with New Capabilities, Opportunities at re:Invent
  • Cisco to Buy Banzai Cloud, Its Latest Overseas Acquisition
  • Linux Security Provider Capsule8 Rolls Out First Partner Program
  • IBM’s Hybrid Cloud Build Team Helps Partners ‘Like Never Before’

Galleries

View all

From The Second City: How to Use Improv as a Business Tool

March 3, 2021

Industry Perspectives

View all

5 Ways XDR Can Improve Operational Efficiency for MSPs

March 4, 2021

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021
  • 1

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Chinese hacker group #HAFNIUM exploits critical @MSFTExchange Server vulnerability, could impact thousands.… twitter.com/i/web/status/1…

March 7, 2021
ChannelFutures

Our latest #Cybersecurity Roundup highlights #CPVirtual, @Huntresslabs, @Entrust_Corp and @InsightEnt.… twitter.com/i/web/status/1…

March 5, 2021
ChannelFutures

RT @Channel_Expo: A HUGE thank you to our amazing #CPVirtual sponsors and exhibitors! 👏 @ATTBusiness @DellTech @8x8 @lumentechco @telarus @…

March 5, 2021
ChannelFutures

.@okta acquiring rival @auth0 in $6.5 billion all-stock transaction. #security dlvr.it/Rtzwdp https://t.co/4LvHCJuwsR

March 4, 2021
ChannelFutures

.@MicrosoftTeams features are coming to @MSFTDynamics365, the company announced at @MS_Ignite. #MicrosoftIgnite… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@PreciselyData acquired by Clearlake Capital, @TAAssociates. #digitaltransformation dlvr.it/RtzbKg https://t.co/1rNYnTScxq

March 4, 2021
ChannelFutures

Thanks for attending #CPVirtual. Here's a Day 3 wrap and a look ahead to #CPExpo Homecoming in November!… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@Veeam announces six annual Impact Partner Awards, with @SHI_Intl, @LogicalisUS, more. #cloud… twitter.com/i/web/status/1…

March 4, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X