Ed Bott piece on the FUD spreading by Open Source people about Secure Boot in UEFI has a problem: It itself is FUD.
I do not agree that the Secure Boot requirement in UEFI is FUD by open source people. First: There is real fear. The fear that PC makers’ implementation of UEFI might lock everyone out except the most dominant player, Microsoft in this case. In the worst case scenario, they would lose access to extremely large number of potential customers. That’s legitimate fear however you define the word fear.
Second, there is plenty of Uncertainty. As it stands, UEFI created the uncertainty for people developing and using open source operating system. Without the requirement to bypass Secure Boot in UEFI standard, there is clearly uncertainty is whether they will be locked out of their own computers and their customers’ computers.
As for the last component ‘Doubt’, it is certainly doubtful that all UEFI implementation will provide ability to boot more than one operating systems, especially cheaper one. Now you might say it is then up to the consumer to choose between different implementation. Unfortunately, this statement is only true for tech-savvy consumers. The average joe consumer would not know the different or care about the different. When they do it is likely to be too late. However, more alarming to me is the secure boot process raise cost to all OS vendors. It is extremely unlikely that a way to provide enough booting keys to secure-boot sufficient number of OSes in a way that will sustain the healthy computing environment can be found. In this case, only the dominant players benefit at the expense of smaller players. Microsoft and RedHat, probably SuSE and Ubuntu, are large enough to absorb this extra cost. Other smaller players won’t be able to afford the costs. That is bad.
However, Professor Anderson blog post highlight the fact that with worst nastiness of enforcing Secure Boot and providing no way to bypass it, nasty government can force citizens to use altered versions of software that allows draconian censorship rules to be applied or to enforce snooping on its citizens’ online activity. Microsoft’s turnover is larger than a lot of small countries so it probably will ignore them. However, there are still a lot of big countries out there that can twist Microsoft arms. Now tell me this is not legitimate fear?
Back to the article by Mr Bott. That’s a piece full of PR material from computer vendors. None of the comment Mr Bott sought and got commit to provide ways to secure boot at least two operating systems in meaningful ways. With this I do not mean vendors committing to allow non-secure boot on all computers they sell. All I ask for is a meaningful number of computers to be sold with more than one OS to be secure-booted. That is a low threshold, and vendors cannot even met that.
As an article claiming to dispel FUD, it not only failed its objective, but might eventually turn out to be the seminar piece proving the claim of the opposition.
Do I see the hand of Microsoft in the UEFI Secure Boot problem? No. However, my opinion is on the line of Brian Proffitt opinion. To me, secure boot make sense for Microsoft, and if it locks out competition, it would be a nice benefit that they won’t want to let go of. Who would?
In business, you cannot expect Microsoft to come out to defend a healthy computing environment, especially if a healthy computing environment is not really necessarily in a company’s interest.
However, what I can see is antitrust action coming. We are more likely to see the first salvo on the European side of the pond. The non-requirement to support more than one operating system,which in effect is what UEFI do with no need for non-secure boot or in the secure boot universe, no need to support more than one OS) raises legitimate unfair competition concerns. Like mobile phone roaming charges, where one cannot point one’s finger at any single mobile operator for anti-competitive behaviour but their collective action is not in the consumer’s interest, the industry itself is skewing against the interest of consumers, thus raising antitrust concerns.
Ultimately, I believe secure boot will strangle itself. Either someone found a way to break the system, or the implementation bring so much practical problems that it will be abandon. Personally I would like to see it abandoned on the grounds that consumers realized it restricts their freedom. That way it will be a long time before we see a repet of secure boot. Since I subscribe to RMS’s statement that this is Treacherous Computing and Prof Anderson view that this is Trusted Computing 2.0, if the consumers wake up then we won;t see Treacherous Computing 3.o.