Thanks HQSQ for posting
, The free software Foundation calls upon
Last week, nearly at the end of 2012, the free software Foundation (FSF) appealed, asking people to continue to support the anti-monopoly Secure Boot, hope that the signer can reach 50,000 people (currently 40,000). I feel that this call is important. If we do not support, will not be free in the future to use the hardware, install the software you want.
This is no alarmist talk. And because the events directly relevant to Windows 8 operating system, it means everything is imminent.
Next, I according to their own understanding, talk about what had happened. If you are a Linux fan, or like to install the operating system, the following content directly related to you.
Second, the BIOS and UEFI
All when the computer starts, run the BIOS program, used to initialize the hardware.
Since after the birth of the personal computer, has been the case. In the past 30 years we have used a similar figure on the screen, set the hardware parameters. Needless to say, the BIOS has become increasingly do not apply.
In 1998, Intel led joint AMD, AMI, and Apple, Dell, HP, IBM, Lenovo, Microsoft and Phoenix industries major manufacturers started to develop a new generation of BIOS. This project is called “Unified Extensible fixed interface” (Unified Extensible Firmware Interface), known as UEFI. 2005 version 1.1 is now version 2.3.
Future power, will not run computer BIOS, UEFI BIOS. Wait for it to end, and then load the operating system.
Third, Microsoft’s attitude
UEFI is a very advanced, future-oriented specifications. But cannot be promoted for a long time, because Microsoft does not support.
Windows operating system is a mainstream desktop market system, if it does not deploy the UEFI code, there is no hardware vendors will follow. So, ordinary consumers know little about the new specifications.
Unexpected change occurred in September 2011, suddenly without any warning, Microsoft announced that Windows 8 will support UEFI.
This is a good thing. However, the problem is that Microsoft is not interested in the entire UEFI, Secure Boot but a child of UEFI specifications. It was to forcibly deploy Secure Boot.
Four, Secure Boot
Part of the Secure Boot UEFI. Relationship between the local and the overall relationship.
Secure Boot the purpose of is to prevent malware intrusion. Its approach is to use the key. UEFI provides that Board when manufactured, can be built a number of reliable public key. Then, anything you want to this operating system or hardware drivers that are loaded on board, must pass through these public key authentication. In other words, the software must be signed with the corresponding private key, or the Board refuse to load. Because malicious software cannot be certified, so there is no way to infect Boot.
This idea is good. However, UEFI not prescribe which public key to be reliable, nor who is responsible for issuing public key, left hardware vendors themselves to determine.
Now, Microsoft is requested, motherboard manufacturers built-in public key Windows 8.
V, Windows 8
First of all clear, in case that does not open the Secure Boot, Windows 8 to be installed. This is no different and the installation of a previous version of Windows.
However, Microsoft provides, all pre-installed Windows 8 manufacturers (OEM manufacturers) must turn on Secure Boot. Therefore, consumers buy a preinstalled Windows 8 desktops or notebooks, above you want to install other operating systems (including a previous version of Windows) is impossible, unless you close the Secure Boot, or other operating systems to Windows 8 public key authentication.
If you choose to turn off the Secure Root, it comes pre-loaded with Windows 8 will not be able to use, you need to reinstall.
Six, instance: MSI motherboard
Journalist Sam Varghese of ITwire, did an experiment that would like open Secure Boot on board, how to install the operating system.
Subject is the company MSI Z77A-G41 motherboard. It comes with Secure Boot capabilities, is off by default.
The first step, press Delete key when boot, enter the BIOS, select Windows 8 Configration options.
The second step, select the last Secure Boot options.
The third step, turned on (Enabled) Secure Boot feature, and then select the last Key Management (key management) option.
The fourth step, enter the public key provided by the manufacturer, which is Windows 8 ‘s public key (currently, any other operating systems there is no such key. ）
The fifth category, after you install the Windows 8, enter the confirm-securebootuefi command at the command line interface, the result is true, secureboot feature is turned on.
According to Sam Varghese test, after you open a Secure Boot and install other operating systems (including a previous version of Windows), all rejected by the Board.
Seven, the impact on Linux
Secure Boot specification is intended, let the operating system manufacturers choose their own public key, pass certification. But in fact, only the Microsoft company had so motherboard manufacturers built-in public key, other companies do not have this ability.
Therefore, if you want to open the Secure Boot Linux system installed on the motherboard, the system must be certified by Windows 8.
Currently, Microsoft Windows 8 key entrusted to Verisign, a certificate is issued. Operating system vendor through certification, it is necessary to spend $ 99, buy a digital certificate from Verisign, embedding their own operating systems.
Latest news is that all distributions of Linux, Ubuntu has purchased a digital certificate, Fedora and SUSE planned purchases, other releases not to make a decision.
Therefore, Windows 8 installed on your computer preinstalled Linux (or other operating system) best practice is to enter the BIOS, turn off the Secure Boot. However, this means that you spend money to buy Windows 8 will not be able to use, but for the average user, this is technically difficult.
Eight public key unacceptable, why Windows 8?
Now look, Linux buy Windows 8 digital certificates, is only relatively easy solution at the moment. However, this practice is not acceptable.
First, the public key system controlled by Microsoft, unpredictable consequences. If Microsoft decides to replace and repeal this public key, Linux would have to follow up.
Secondly, the Linux boot manager Grub is a GPL license, the license (third edition) included with the software is expressly prohibited under non-GPL license key, so the Boot Manager to use a non-GPL license.
Again, only a few large Linux distributions have the ability to purchase a digital certificate, smaller releases and users ‘ own version was eventually need its own public key.
Nine, on mobile devices
Secure Boot impact on mobile devices, worse than the PC.
Microsoft clearly stipulated that all PC boards must have a closed Secure Boot options. This is not because Microsoft’s goodwill, but because if this is not done, it will certainly be antitrust prosecution.
However, in the area of mobile devices, Microsoft is not dominant, so it does not concern all Secure Boot installed Windows Mobile device must be turned on, and there was no close option.
Microsoft’s Tablet PC Surface RT is a prime example. Its Secure Boot is open, can not close, but used a different desktop computer, Microsoft Windows 8 operating system’s public key, and does not provide a way to obtain a digital certificate. So in theory, it would not be possible in Surface RT installation on other operating systems.
Reports also said that, smart phones with Windows Phone 8 operating system will also use this approach. Then, the user would have been impossible to install other operating systems on Windows Phone.
Secure Boot is intended to ensure the security of the system, but now appear to be vendors protected monopoly, competition a means.
In addition to Microsoft, Apple has the same tendencies. Other operating system installed above the next-generation iPhone and iPad, it seems impossible.
Free Software Foundation calls upon anti-Secure Boot monopoly, is this: users should have the freedom of use of the hardware and software, the operating system should be open, rather than closed.
As a specification, the free software Foundation was not opposed to Secure Boot, it only requires hardware manufacturers to provide convenient, makes it easier for users to install and manage the public key by using a hardware platform for all operating systems (as well as device driver) remain open.
In my view, this is a perfectly reasonable request, to guarantee users ‘ freedom and the ecological health of the industry is extremely important. Let us support this action (signature and contributions), pay close attention to further development of events.
(End · Ruan Yifeng)