As technology enthusiasts, we are familiar with the workings of the boot mechanism in computers. We know which option to tweak in the boot settings to ensure that the CD/DVD disk is the first boot device, rather than the hard disk. Some of us might be interested in tweaking the BIOS, while still others may even have “flashed” it at some point of time. Nothing new here, to be honest. While our desktops have come to the wobbly windows of Compiz Fusion, the BIOS still looks mundane. Yet, it does what it’s meant to do and does it well for everyone — freedom lovers and proprietary software users alike.
However, in all likelihood, the days of happy booting as we know it may soon be gone! Yes, our “friends” at Microsoft have done it again. They are taking one of the core aspects of computing and making it, well, painful for freedom lovers. In other words, meet UEFI, short for United Extensible Firmware Interface.
So, what’s it all about?
Microsoft claims that UEFI “ brings the BIOS into the 21st century.” And how does it manage to do that? Well, for a start, unlike the old BIOS, UEFI boots up instantly. It is capable of handling disks as large as over two terabytes (yes, you read that right: >2 TB). Furthermore, UEFI is independent of CPU architecture. And lastly, it brings the much needed eye-candy element to the booting mechanism. Figure 1 shows where in the stack this comes in.
Sounds good so far, doesn’t it? Now, here is the tough part. Any new technology with scope for restrictions is bound to have proprietary giants lurking around it — and UEFI is no exception. To quote Gary Richmond, “… mooted changes to the UEFI firmware specification contain the implicit possibility that GNU/Linux would effectively be an ‘unauthorised’ operating system…”
In short, machines with UEFI on board may simply be incapable of booting GNU/Linux, BSD or any other open source OS.
But we can always override the default settings, right?
Actually, no. Any changes to the UEFI firmware will require a digitally signed image or “key” that can only be had via the OEMs or, obviously, Microsoft. Naturally, the latter will not only deny licensing such keys, but compel OEMs to withhold them as well.
And of course, Microsoft will not admit it that easily, will they?
They are justifying this act by claiming it to be an enhanced level of protection against rootkits, boot-time viruses and other malware. Picture this: we know GNU/Linux is not malware. But what if general users of the Windows desktop wish to give Ubuntu or Fedora a spin? They can’t boot it, as the UEFI mechanism will reject the boot disk as unauthorised (or, in other words, “malware”)! How is GNU/Linux going to win converts in such a case? Now, that is a tricky question!
Let’s assume for a moment that Microsoft gives in and allows dual-booting GNU/Linux with Windows 8. Yet again, there is a technical catch. In order to boot under the digitally signed keys, open source boot loaders such as GRUB will need to incorporate proprietary signatures within their code. This goes against the very ideology of FOSS, and, more precisely, will not be possible under the terms of the GPL.
Okay, what now?
Before you panic, here is another angle: the digital-signature mechanism in UEFI may have a loophole that has been spotted by the community pretty recently. UEFI, generally speaking, will be supported on Windows 8 devices only (even though certain Windows versions like Vista SP1 x64 do support UEFI, the “proper” integration will be shipped with Win8 only). As a result, older versions of Windows, such as XP, Vista, and perhaps even 7, might fall in the same category as GNU/Linux — unauthorised operating systems. While this is mere speculation, chances are that Microsoft will use UEFI as a tool to drag more users into its infamous “upgrade cycle” — either upgrade to Windows 8, or, well, upgrade to Windows 8!
In addition, while conventional boot-loaders will perhaps fail to make the cut once UEFI comes into play, alternatives such as WUBI might still go strong.
And, on a slightly more radical note, chances are that UEFI’s digital keys will reject many restore-and-recovery tools too. Obviously, GNU/Linux users will not be the only ones suffering — or complaining.
There is also speculation that given the gigantic success of Android (read: gigantic failure of Windows Mobile), Microsoft might employ this secure booting concept to seize a considerable portion of tablets and other portable devices for its Mobile OS.
Any reactions yet?
To begin with, hacking or jail-breaking the UEFI will not be possible, as in all probability, Microsoft intends to get the digital signatures copyrighted. Google Chromebooks also comes with such secure booting options, but they can be disabled under Developer Mode.
Along similar lines, One Laptop Per Child (OLPC) devices are also boot-protected by default, but the protection can be eliminated by requesting a unique key, and then running the firmware command disable-security. The logic behind the OLPC mechanism is to prevent the theft of laptops from children.
In such a case, Microsoft’s act can by no means be called ethical. Linux Australia is planning to appeal to the Australian Competition and Consumer Commission (ACCC) claiming that the digital signatures in UEFI are non-competitive, and are a ploy to establish monopoly control over the market by unethical methods.
Also, going beyond the FOSS community, this move has not been welcomed by OEMs and hardware vendors either, as they will be at the receiving end of the end users’ angry reactions to their inability to boot other operating systems.
The community response
Both Red Hat and Canonical are members of the UEFI forums. Thus, they are equally aware of the outcome if Microsoft has its way. Tactically, this might not matter much, as Microsoft commands both the financial and strategic resources to influence the entire forum.
Technically, on the other hand, Linux already supports both UEFI and BIOS firmware, while Microsoft Windows supports UEFI only in its newer releases. Clearly, the open source community is ahead. Of course, there exist certain bugs, but most of them will be patched sooner than later.
As mentioned above, the GPL of GRUB might not allow the inclusion of proprietary code in the boot-loader itself. Certain distros are considering abandoning GRUB (GPL licensed) and migrating to LILO (BSD licensed) since the BSD license allows the inclusion of non-free code, and thus, LILO can be considered a worthy option (though nearly overlooked, it still continues to be in active development).
Another easier, though slightly less secure option could be to invent a public access key for all boot-loaders.
To sum it up…
Most bloggers and Internet users are speculating about the results of these stealthy war games being played around UEFI. In any case, if the worst happens, rest assured that the community will indeed figure a way out. After all, most Ubuntu users have learnt to use the Windows logo key on their keyboards to bring up the Unity sidebar, haven’t they? As of now, all we can do is wait and watch!
- Gary Richmond. Free Software Magazine
- Microsoft Developer Network Blogs
- AskUbuntu Forums
- Chromium OS Documentation
- OLPC Organisation Wiki
- ZDNet article on Linux Australia action