Microsoft has recently released the developer preview of Windows 8. Windows 8 represents a complete overhaul of the traditional Windows user interface and it has everyone excited and talking about it.
However, there are certain aspects of Microsoft’s upcoming operating system that users should find worrying – especially those who support free and open source software. According to Microsoft, for a system to get the Windows 8 certification (that is the Windows 8 logo that desktops/laptops will have), the system must have UEFI Secure Boot.
UEFI Secure Boot
UEFI stands for Unified Extensible Firmware Interface. It has been developed as a replacement for BIOS. UEFI evolved from EFI (Extensible Firmware Interface) which was developed by Intel. The UEFI defines the software interface between the operating system and the firmware.
Secure Boot is one of the features of UEFI 2.3.1. The basic idea behind Secure Boot is to make only approved code run on the hardware. Secure Boot requires two types of keys – Platform Key (PK) and Key Exchange Keys (KEKs). Both the Platform Key and the Key Exchange Keys have a public key and a private key each. The public key can be shared around, but the private key is kept secure. For authentication, both the public key and the private key are required.
The hardware will be shipped with the public part of the PK and the KEKs already written in the signature database. The private part of the keys will be stored securely with approved companies. For a system to boot on that hardware, the executable has to be first signed by a KEK private key. If the corresponding public part of the KEK private key that was used to sign the executable is found in the signature database, the system boots. Otherwise it does not.
In case new KEKs needs to be added to the signature database, it needs to be signed by the private part of the PK.
UEFI Secure Boot is meant to ensure that only approved code runs on the hardware and increase security by eliminating threats of malware such as rootkit, bootkits etc.
With Windows 8 set to be released next year, Microsoft has released the requirements for the Windows 8 certification. The Windows 8 certification is needed if an OEM wants to sell their system with the Windows 8 logo.
The certification requirement states that the system needs to have UEFI Secure Boot.
UEFI Secure Boot creates a problem for open source software. Major Linux distributions might be able to get their KEKs added to the approved keys of the UEFI organization and ship their distribution signed. However, for security reason, they will not be allowed to release the private key used to sign it.
This means that if a user decides to compile Linux from source or maybe change something in an approved distribution, he will not be able to run it on his system because Safe Boot will no longer be able to authenticate it.
Freedom vs Security
This question about UEFI Safe Boot raises the question of whether you want freedom or security.
It is not yet clear, if OEMs will be able to get the Windows 8 certification if the user is given the option to turn off Safe Boot, if desired. If Safe Boot can be disabled, everything is fine – those who want security can keep it enabled and those who want freedom can turn it off.
However, Windows users far exceeds users of Linux and other open source OSs. If Microsoft dictates that the system cannot have the option to turn off the UEFI Safe Boot, the OEMs will comply. If Safe Boot cannot be turned off, it will represent an attack on the users’ freedom. The notion that we “own” the hardware but what code we can run on it is dictated by someone else is ridiculous.
[via Greg Kroah-Hartman]