Anti-malware hardware has the potential to make it illegal and impossible to choose to run Linux

It's been years since the idea of "trusted computing" was first mooted -- a hardware layer for PCs that can verify that your OS matches the version the vendor created. At the time, TC advocates proposed that this would be most useful for thwarting malicious software, like rootkits, that compromise user privacy and security.

But from the start, civil liberties people have worried that there was a danger that TC could be used to lock hardware to specific vendors' operating systems, and prevent you from, for example, tossing out Windows and installing GNU/Linux on your PC.

The latest iteration of Trusted Computing is called "UEFI," and boards are starting to ship with UEFI hardware that can prevent the machine from loading altered operating systems. This would be a great boon to users -- if the PC vendors supplied the keys necessary to unlock the UEFI module and load your own OS. That way, UEFI could verify the integrity of any OS you chose to run.

But PC vendors -- either out of laziness or some more sinister motive -- may choose not to release those keys, and as a result, PC hardware could enter the market that is technically capable of running GNU/Linux, but which will not allow you to run any OS other than Windows.

What's more, UEFI may fall into the category of "effective access control for a copyrighted work," which means that breaking it would be illegal under the DMCA -- in other words, it could be illegal to choose to run any OS other than the one that the hardware vendor supplied.

Secure boot is optional, but there is likely to be a fair amount of pressure applied by proprietary OS makers to enable it. One could imagine that those vendors might also provide a way to turn off secure boot (from a BIOS-like menu for example), but that is something that might be exploited by rootkits and other malware, so there may well be resistance to allowing that kind of option. Protecting users from rootkits and the like is certainly useful, but there is a competitive advantage as well. Hardware vendors can ensure that only the code they approve can run on the hardware, and proprietary OS vendors will be largely unaffected because their keys will be in the signature database. One would hope that the protection against malware is the primary motivation, but the ability to lock out free OSes is likely seen as a plus.

It is Linux and other free systems that could suffer most from secure boot implementations. While it would be possible for various distributions to get their keys added, that wouldn't help anyone who wanted to run a tweaked version of the "approved" bootloader or kernel. Distributors would not be able to release their private keys to allow folks to sign their own binaries either. Each key is just as valid as any other, so malware authors would just pick up those keys to sign their wares. Exposed keys would also find their way onto the forbidden list rather quickly one suspects.

UEFI and "secure boot" (via /.)



  1. If the released the keys then malware could be signed to also run. 

    I’d rather take my chances with the malware.

  2. I heard the same thing ten years ago. And five years ago. And I’ll hear it again also in another five years. This just won’t happen. If nothing else (and there are a lot of things else…), IT departments run their own kernels and there’s just no way to keep that hardware from consumers at large.

    Also, tablets are designed to fill this “restricted casual computing” niche. As long as there are general-purpose PCs, this kind of tinkering will be part and parcel.

    1. Previous versions of this fight have been different, because of the number of big industrial players who were invested in GNU/Linux — HP, IBM, etc — none of whom are in the PC business. The major proprietary OS vendors have historically put a lot of pressure on OEMs to lock hardware, and now they’ve got even more motivation, thanks to the success of the “app store” model.

      1. I still just don’t buy it. App store apps are (more or less, generally speaking) bound to the OS already; they are their own lock-in, just as brick-and-mortar apps have been in the past. I don’t see how the app store changes anything.

        Even if we assume the worst case that the big boys like Dell _all_ implement this across the board, there will still be independent PC vendors like, say, System 76 (not an endorsement, just a random name). In the worst reasonable case scenario (i.e. barring government-mandated TC), this just means that free PCs will cost, at a guess, maybe $100 more. Further, this is just until competition and economies of scale kick in. Let’s just say that Thinkgeek sold $76M in trinkets last year to a customer base which would probably be quite interested in buying the unfettered computer…

  3. And because we the uneducated masses can not be trusted to know how it works, we will never know what else was put in with it.  Look at the laws they are trying to pass to protect the copyright business model, outlaw free speech, and any other attack on our liberties.  How soon until they just sneak in a required set of code that makes you trackable, and funnels the things you say to a system looking for “suspicious” behavior.

    And while we have heard about this in the past, now we have a public so terrified that every brown person is a terrorist they willingly accept their rights being taken away by a law… because I’m good they would never use it on me.

    This sounds terrifying

  4. Ironic, of course, because the absolute best way to avoid malware is to run Linux/OSX.Hmm..I wonder who has been spearheading this?

    Microsoft has long been on a crusade against Linux, which they (rightly) see as their biggest competitor. 

    Especially in this age where so much software is run in browser, it makes less and less sense to pay for an OS.

    Microsoft, being the master of dirty tricks, would love to see something like this. 

    The MS anti-trust trial of ten years ago was a complete sham. They ignored the most galling anti-competitive behavior of MS- they have long strongarmed OEMs into not offering Linux, or risk losing their friendly licensing deals with microsoft. 

    There is no technical reason for every hardware maker not to offer linux in dual boot mode on every PC they sell, it would not increase their costs in any way, and would offer users a guaranteed ‘clean boot’ environment for doing online banking etc. securely.

    The ONLY reason they don’t is Microsoft’s strongarming. This is simply an evolution of that.

    Windows might sometimes be more convenient to use (and other times much less convenient), but every person who is paying attention and cares about net liberty has a moral obligation to avoid Microsoft products, and avoid giving any money to Microsoft, whenever possible.

  5. I suspect that restrictive trading like this would be illegal under European law – MS has already been caught out here.

  6. A manufacture has the right to do as they wish. Let’s hope that what they wish is a happy, loyal customer base.
    Toshiba chooses not to pay licensing fees to AMD for certain video driver updates.
    This is probably to sell more Qosmio series with beefier video cards to gamers.
    I don’t game but would like to update my Satellite video drivers so I am screwed.
    While I would like to see 100% support in driver updates from Toshiba I can understand it may not be cost effective for them.
    Still Toshiba is my brand of choice and I am very happy so far. (going on 8 years and 2 laptops now)

  7. This was put in matter-of-factly as part of Rainbows End, and I thought this was by far the least realistic thing Vinge had in that book. While there will be some manufacturers that put out TC-enabled hardware that can’t run arbitrary OSes (and there have been in the past… Macs, notably, for a long time, and various other ‘turn key’ systems in the 80s and early 90s), two things always happen to such products: 1) just as with all forms of copy-protection, all forms of user-lockout eventually get broken: we can run Linux on GirlTek organizers, ffs, and the harder something is made out to be (regardless of whether or not it’s actually worth doing) the more effort will be made at actually doing it; 2) products incapable of performing those tasks that their competitors are capable of performing tend to lose (notable exception: the iPod, which remained popular through sheer hipsterism during the period prior to the point when J Random Primate could install Linux on one with one click if he felt like playing BreakOut). Basically, if TC systems keep people from doing anything they feel like doing, not only will TC systems be circumvented, but those alternatives to TC systems will profit from those too lazy to use someone else’s rooting code.

  8. If this comes to pass, malware makers will likely be at an advantage compared to FOSS types. Anyone who deliberately releases a key will find it blacklisted in short order (albeit there are always questions about how well revocation mechanisms will work), but someone whose key is stolen will do their best to conceal that fact for as long as they can. And if they’re big enough, revocation and re-up would have a big enough impact (think Service Pack Day multiplied by a zillion) that it might not happen at all.

  9. I have some faith in hardware vendors. I’m a Linux user and I usually put together my own PCs from parts. As long as there is any kind of parts market, then there will always be enough prebuilt PCs on the market without any kind of lock down to fill the demand for non commercial OS users. And I think that all major PC manufacturers would find themselves having to offer a few models in their lineups at the very least without any lockdown. While the vast majority of consumer purchasers would not care, the percent that would, and the percent of businesses that would, would be significant enough to effect product lineups across the board. 

    Sure, normal PC users and some businesses that change their mind about their OS choices at some point may be inconvenienced, but then that will make them think twice about their next purchase, which will subsequently be reflected in hardware vendor design choices.

    Even if implemented, the idea would not last very long IMHO.

    1. We live in a world where the art of regulatory laws ‘protecting’ people from ‘dangerous’ products, in order to enshrine established industry players, has become something of an art form.

      In ten years, if these become popular, is it inconceivable that such laws could be passed, to ‘protect the public from malware and viruses (and, ehrm, non-microsoft/apple operating systems)?’ 

      Look at food – in many cases, truly healthful food is restricted, and junk food is promoted, all in the name of ‘public safety.’

      As it is, these initiatives would absolutely and forever cripple the growth of desktop linux. Currently, you can be turned on to Linux by a friend who pops a disk in your drive. If these became common, for the vast majority of non-techie users (who tend to use mainstream vendor PCs), this would be cut off. You would have to buy a computer to use Linux on it; thus only people who are already Linux fans would buy computers capable of running it.

  10. Yet another reason to build your own. Buy parts; assemble them the only way they fit together. Install what you damn well please.

  11. P.S. Hey..what happens if, after they produce a few tens of millions of locked down motherboards…someone leaks the key and it gets on digg? What then???

  12. This week, I uninstalled linux from my main box after 5 years of using Slackware, Gentoo, and Ubuntu. I use linux now as a headless Samba box in the office. It’s *great* for that. 

    I went to Windows 7 because linux is either totally worthless as a desktop machine if you want any flexibility or don’t want to spend 15% of your time trying to figure out why something like your USB ports don’t work, or, it’s slow and klunky like Ubuntu. The only distro the compared to Windows 7 in terms of speed was Gentoo. Which took 2 days to compile and actually broke a machine once while building X. 

    I tried, I really did, to use linux on the desktop. It’s not there. During my whole 5 year experience, every year was the “year of the linux deskotp.

    So, frankly, as much as I intellectually care about this, I find it hard to really be worked up about. Just being honest. 

  13. I’m really not too worried about this. It’ll eventually end up like DVD-Video. Some anonymous Scandinavian will crack the one or two popular implementations of this DRM, beyond repair.

    Linux vendors will sell unfettered machines that lacked the DRM to start with. Linux users who want to use whatever bad or good hardware they like will execute the cracks and continue to do whatever they want with their PCs.

  14. This is why every purchaser of such a device must insist the manufacturer provide the keys, else the product should be returned. Would you buy a car with a proprietary electrical system that didn’t let you install aftermarket parts? I’m sure Richard Stallman has something similar to say along those lines.

  15. In a world where there is every single day more: open software, more desktops, laptops and tablets capable of running linux, more arduino devices, more maker faires, more commits on github, the idea that there might be something for other people offends a certain set of nerds.

    It’s precisely like American Christians offended at the “war on christmas”.

  16. Strictly speaking, this is a extension to UEFI added to the latest version of the specification. It just happens that UEFI is built to be more capable and extendable then BIOS ever was, and so do not have to go with the TPM that older variants of the concept used. One can use UEFI both with and without this. Still, i wonder how that Linux based “BIOS” is getting along…

  17. I don’t think the DMCA is applicable here.  Just because TC sort of looks like DRM if you squint at it just right doesn’t make it legally the same.  The technical measure is not protecting copyrighted material, so it is not a DMCA violation to circumvent it.

    This never got tested in the Sony vs GeoHot case, which ended in settlement, I suspect, because Sony weren’t super confident they could win.

    So this stupid scheme would be cracked, and installer packages would be up on Debian non-us within weeks.

  18. So this applies to boards that are made for large scale distributors to be used in office machines that will never be leaving the office they were destined for? Seems like kind of a moot point already since IT depts. build their own servers from appropriate parts (or at least, good departments do) and simply wouldn’t include a board that has this.

    So as long as you assemble your PC yourself, a task that requires the ability to read a colour coded chart and operate a screwdriver safely, this won’t affect any home open source users. Building a PC may have once been an arcane art but now its so easy a child can do it. 

  19. Listen people, you’re given a choice between two fine operating systems, which satisfies most of the consumer market.  Why would you need or want more than that? 

    Be happy with what you’ve been supplied by our corporate overlords, and stop rabble rousing.

    — Andrew Davies
       Coca-Cola drinker

  20. Give me JTAG or give me death!

    There is a way to have the (purported) security offered with this scheme, while also offering the flexibility for everyone. Just make the keys area physically accessible via a set of JTAG pins, or at least solder pads. And it could be write-only.

    The other option is a complete chipping of the BIOS, like it’s done with some gaming consoles. A chip piggybacked on the original one, and chip-enable signals toggled with a switch to select the one the user wants.

    There is a lot of prior art for this in the world of game consoles – which are nothing more than a specific kind of generic-purpose computer, locked down in a pretty much similar way.

    Legal or not, there will be ways. And if they have laws, we have soldering irons. Which means we will win at the end – or at least not lose, which in fourth-generation warfare on the decentralized side more or less equals winning.

  21. I’d file this under “wouldn’t it suck if?” rather than “imminent threat.”

    I simply can’t picture the de facto outlawing of specific operating systems. Samizdat black markets where people sell printouts of Linux kernels and USB sticks that offer clean installs… great sci-fi, but I just can’t seem to get myself afraid that it might actually happen. Like retchdog said, there will always be computer manufacturers (like System76) that will fill the “untrustworthy computing” niche.

  22. Watch closely now, as the American protectionists get ugly, try to monopolize computing world-wide! Watch me mail order a computer from China,or india, Ubuntu already installed, for free as usual!

  23. There are two separate issues here, the first is whether manufacturers will lock down their hardware so that only Windows can run and only with authorized drivers. The second is whether Linux can be signed so that it can be booted under this type of BIOS.

    The first concern is not valid because any manufacturer who locks down the BIOS to that degree will prevent anyone writing or even testing drivers on that machine. That would make it impossible to properly test the machine during manufacture for a start.

    The requirements for Windows-8 are simply that the BIOS check for signed boot by default. If there is a market for machines that can run Linux, manufacturers will produce them. I can’t see any reason why the manufacturers would not want to do so, Linux is a significant market.

    The second concern is a problem that RMS and the Linux community created intentionally. They have known that signed boot path is something that the enterprise computing world has wanted for decades. Without trusted boot any O/S is going to be suspect. In the security world, any O/S with a million or more lines of code is going to be full of holes. Any O/S is only as secure as the most incompetent coder allowed to write unmanaged code.

    When the first proposals for signed boot were made ten years ago, RMS rewrote the GPL to expressly prevent GPL code from being used in a trusted boot scheme. As a result the current Linux bootloader, GRUB2 is under GPL3 and cannot be signed unless the signer discloses the signing key (which would breach their license for the cert).

    The upshot is that Linux is going to be much less attractive for servers than at present until there is a GPL2 bootloader that can be signed. If a Linux machine is compromised there will be no means of getting back to ground truth. Even a clean install can’t guarantee recovery from a rootkit with a firmware leave behind.

    1. The GPL3 was written to protect against third party holding the signing key. The igniter was Tivo, but similarly would be say the *AAs holding the right to yay or nay any piece of software on a piece of hardware that could output audio or video.

  24. I don’t think that MS would be the most likely candidate to implement such OS locking features in shipped hardware. No names, but glowing fruits come to mind… 

Comments are closed.