| Installing Linux on Windows 8 PCs: No easy answers
A computer built with
"Secure Boot" configured such that it cannot be "turned off" by the computer's
owner is:
1) Environmentally harmful
2) Anti-consumer
3) Likely,
an abuse of monopoly power
1) Environmentally harmful:
There is a joke:
"Operating Systems ( OSs ) are like Dinosaurs, they grow until they die." In
practice this statement is generally true. By way of example consider Windows
XP; when it first came out it would run reasonably with only 256 MB of RAM.
However, after 3 service packs nothing less than 1000 MB will due. Likewise,
Debian is constantly growing, both in terms of the number of packages that are
available and in terms of the number of DVDs required to hold a complete
release. What this means is that the OS that a computer starts out with may not
be the best OS for that machine over the full life of its hardware in which case
the machine can be re-purposed by installing an up-to-date, but light weight OS
on it so that it can still be useful.
Moreover, if a computer's OS ceases to
be supported in terms of security updates, it will become necessary to migrate
the computer to a new OS even if it could still support the needs of its current
OS.
Now, consider a Unified Extensible Firmware Interface ( UEFI ) based
computer that is aging or using a no longer supported OS, where "Secure Boot"
cannot be deactivated.
Since it will only support the Operating Systems
(OSs) provided by the one/few company/ies who's keys are integrated into its
UEFI the options available to the owner in terms of installing alternate OSs
will be extremely restricted. Indeed, it is in fact likely that there will be
no practical options available at all, while there would be several options if
"Secure Boot" could be deactivated.
The upshot of this is that otherwise
useful machines will have to be discarded and new computers built to replace
them, simply because the manufacturer failed to give their customer the option
of turning "Secure Boot" off. Hence, building machines with non-deactivateable
"Secure Boot" is environmentally harmful.
2) Anti-Consumer:
For the
reasons outlined above, consumers will need to discard otherwise useful machines
and replace them with new machines simply because a non-deactivateable "Secure
Boot" will prevent the computer's owner from installing an appropriate OS for
the machine. This enforced premature obsolescence is obviously harmful to
consumers.
3) Likely, an abuse of monopoly power:
While it is
conceivable that a manufacturer would chose to unilaterally make their own
computers less useful for their customers than the computers provided by their
competitors through the means of denying their customers any way to deactivate
"Secure Boot", this seems improbable outside of two explanations, both of which
involve the likely abuse of monopoly power.
One is that the
manufacture/service-provider wants to lock their customers into some variant on
the theme of a walled-garden that they plan to control. Once trapped in the
garden, the customers then find themselves restricted to whatever options and
terms the manufacture/service-provider decides to offer. While there may be
competition outside of the walled-garden, it does those who find themselves in
said garden little good, since they cannot avail themselves of that competition
without discarding the investment that they have placed in their current
machine. These customers are therefore subject to an effective monopoly of the
manufacture/service-provider's making. While such a scenario would not be
surprising in terms of say a U.S. cell phone carrier, since they have near
monopoly status already, in the more competitive PC Computer market, taking such
a strategy seriously risks damaging the brand name as people begin to associate
it with the strictures invited by the effective monopoly.
In the context of
PCs, the more probable explanation is that some third party will have coerced
the manufacturer. Few third parties will actually have any means of effecting
such coercion. An exception to the last statement would be the supplier of the
OS that the manufacturer may wish to install on their machines. Such a supplier
would be able to configure their OS such that it will not run except on machines
that have "Secure Boot" active even against the will of the computer's owner. (
Enforcing such a configuration is made much easier if the OS is proprietary. )
Obviously, wise manufacturers will avoid OSs with such harmful restrictions
unless some powerful market forces impel them to offer the OS in spite of this
harmful aspect. Few market forces are that powerful besides one or another
version of monopoly. Hence the appearance of computers with non-deactivateable
"Secure Boot" is a strong indicator of the abuse of monopoly power. ( Note: In
the case where the company providing the OS has been adjudicated as being a
monopoly, then the word "Likely," may be omitted from the title of this section.
)
"PJ: That's because Microsoft is a bully. They could easily
arrange for vendors to give users options."
It is simple
minded to say so, but one of the purposes of government is to protect normal
people from adult bullies. Any one of the above three issues is reason enough
to outlaw implementations of “Secure Boot” that prevent the owner of the
computer from deactivating the feature. The combination of the three makes it a
no brainer. The problem, is that there will be lobbying to prevent an
appropriate law from passing.
The advantage that we have is that getting an
appropriate law passed in even one or two jurisdictions will create a very
awkward situation for those that would abuse “Secure Boot”. Either they have to
explain to their shareholders why they are pulling out of the markets that
protect the environment and enforce consumer rights, or they will have to
explain to their abused customers why they are damaging the environment and
restricting consumer rights everywhere they can, when they can justify
protecting the environment and honoring consumer rights where they are
enforced.
So the questions are two fold:
1) Who, within the free
software community can/will spearhead the lobbying needed to get the appropriate
legislation passed? I am thinking the EFF would be appropriate if they are
willing, but I would welcome other proposals.
2) Which nations/states are
most likely to be sufficiently enlightened to pass this legislation? I am
thinking Brazil, India, Germany, California and Texas, but again I am eager to
hear what the rest of you would suggest.
P.S.
I would like to take a
moment to explain why “Secure Boot” is always quoted when I write. The problem
is that while that is the name of the feature, it is a misnomer since the
technology really will not secure the computer. As long as OSs require security
patches, there will always be ways to corrupt the machines. More over, it is
inevitable that the secret keys required to make “Secure Boot” function
according to design will get out. At that point any UEFI machine that fails to
let the user revoke the old key and install new ones will simply be a risible
failure.
Lest someone get the wrong idea that “Secure Boot” will actually
secure anything, I put the words in quotes as a means of warning the unwary. It
is important that we keep the fact that it is a misnomer in mind, both so that
we are not lulled into false sense of security regarding our own machines, and
so that we can make this clear to lawmakers that they might understand that
there is little value in the technology except for those who would be
king.
For those who are still unclear, a more accurate name for the feature
would be Restricted Boot.
[ Reply to This | Parent | # ]
| 
