Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers

A quiet announcement from the Fedora Linux community signals a titanic shift in the way that the computer market will work from now on, and a major threat to free/open operating systems. Microsoft and several PC vendors have teamed up to ensure that only operating systems bearing Microsoft's cryptographic signature will be able to boot on their hardware, meaning that unless Microsoft has blessed your favorite flavor of GNU/Linux or BSD, you won't be able to just install it on your machine, or boot to it from a USB stick or CD to try it out. There is a work-around for some systems involving a finicky and highly technical override process, but all that means is that installing proprietary software is easy and installing free/open software is hard.

This is a major reversal. For many years now, free/open OSes have been by far the easiest to install on most hardware. For example, I have installed Ubuntu on a variety of machines by just sticking in a USB stick and turning them on. Because the OS and its apps are free, and because there are no finicky vendor relationships to manage, it Just Works. On some of those machines, installing a Windows OS fresh from a shrinkwrapped box was literally impossible — you had to order a special manufacturer's version with all the right drivers to handle external CD drives or docking stations or what-have-you. And the free/open drivers also handled things like 3G USB adapters better than the official drivers (not least because they didn't insist on drawing a huge "WELCOME TO $SOME_STUPID_PHONE_COMPANY" box on the screen every time you connected to the Internet.)

At issue is a new facility called UEFI, which allows a computer's bootloader to distinguish between different operating systems by examining their cryptographic signatures. In theory, this can be used to alert you if malicious software has modified your OS, putting you at risk of having your passwords harvested, your video and sound secretly captured, and your files plundered. But rather than simply alerting users to unsigned ("I have found an unknown operating system and I can't tell if it has dangerous software in it, continue? [Y/N]") or changed OSes ("Your computer has been modified since the last time it was turned on, and now has a version of Windows that can't be verified") Microsoft and its partners have elected to require a very complex and intimidating process that — by design or accident — is certain to scare off most unsophisticated users.

Fedora has opted to solve this problem by paying to receive Microsoft's blessing, so that UEFI-locked computers will boot Fedora without requiring any special steps. The payment is comparatively small ($99). When you multiply $99 by all the different versions and flavors of free/open operating systems, it adds up to a substantial revenue stream for Microsoft cost to, and drag upon the free/open software world.

What's more, free/open OSes that don't pay the $99 Microsoft tax will not boot at all on Microsoft-certified ARM-based computers, because Microsoft has forbidden it partners from booting an OS that hasn't been signed by Microsoft, even if the user takes some affirmative step to install a competing system.

This is a tremor before an earthquake: the hardware vendors and the flagging proprietary software vendors of yesteryear are teaming up to limit competition from robust, elegant and free alternatives.

Here's Fedora's Matthew Garrett explaining their decision:

We've been working on this for months. This isn't an attractive solution, but it is a workable one. We came to the conclusion that every other approach was unworkable. The cause of free software isn't furthered by making it difficult or impossible for unskilled users to run Linux, and while this approach does have its downsides it does also avoid us ending up where we were in the 90s. Users will retain the freedom to run modified software and we wouldn't have accepted any solution that made that impossible.

But is this a compromise? Of course. There's already inequalities between Fedora and users – trademarks prevent the distribution of the Fedora artwork with modified distributions, and much of the Fedora infrastructure is licensed such that some people have more power than others. This adds to that inequality. It's not the ideal outcome for anyone, and I'm genuinely sorry that we weren't able to come up with a solution that was better. This isn't as bad as I feared it would be, but nor is it as good as I hoped it would be.

What about ARM

Microsoft's certification requirements for ARM machines forbid vendors from offering the ability to disable secure boot or enrol user keys. While we could support secure boot in the same way as we plan to on x86, it would prevent users from running modified software unless they paid money for a signing key. We don't find that acceptable and so have no plans to support it.

Thankfully this shouldn't be anywhere near as much of a problem as it would be in the x86 world. Microsoft have far less influence over the ARM market, and the only machines affected by this will be the ones explicitly designed to support Windows. If you want to run Linux on ARM then there'll be no shortage of hardware available to you.

Implementing UEFI Secure Boot in Fedora

(Thanks, Deborah!)