My learned colleague Bryon Moyer pointed out to me a recent news item regarding a lawsuit by a Linux user group that is suing Microsoft for anticompetitive practices.
Now before we start, let’s take a moment here to check our preconceptions at the door. If, after reading the words “Linux” and “Microsoft” you’ve already decided who’s the good guy in this lawsuit, then shame on you. Engineering is supposed to be a data-driven profession. An honest engineer wouldn’t draw conclusions based on zero evidence. If we were as quick to judge other individuals, it would be called prejudice or racism, and those are not admirable characteristics in an engineer.
Moving on, the suit alleges that laptops preloaded with Windows 8 come with a UEFI-compliant boot loader burned into ROM, and that the ROM prevents owners from nuking Windows and installing another operating system, specifically Linux. Microsoft, for its part, says UEFI is an open standard that has been around for years, and that laptops and desktop PCs have been using UEFI boot code with no problems. In essence, Microsoft is asking, why raise this issue now?
For background, UEFI is the “unified extensible firmware interface” standard that was formed by the mellifluously named UEFI Forum. It’s meant to be a next-generation replacement for the pseudo-standard BIOS found in PCs since the Mesozoic Era. There are 11 major companies behind UEFI, including the usual assortment of PC makers such as Dell, Lenovo, HP, Intel, AMD, Phoenix, American Megatrends – and Apple. That last member should give conspiracy theorists pause.
Although UEFI has its roots in Windows/x86/PC boot loaders, it’s specifically designed to be CPU independent and OS neutral. For example, there are ARM-based UEFI boot loaders.
UEFI also has a “secure boot” feature, which is where our lawsuit enters the picture. To thwart hacking, UEFI can optionally be configured to load only operating systems that have the appropriate digital signature. That doesn’t mean you can never change the OS or update drivers; it just means you have to digitally sign them first.
While security is a laudable goal, it runs counter to the Linux mindset of openness. If you’re tweaking your Linux configuration every few days (or hours), you can’t be bothered to apply for a new signature with each build. But without an approved signature, the UEFI boot ROM in your machine won’t boot your code. What’s a Linux user to do?
The more militant Linux users in the crowd proclaimed that UEFI was “Microsoft’s Secret Plan to Take Over the World.” The vast majority of PC users are completely unaware of it. The few people who fall in between those extremes see UEFI as useful technology with some unintended side effects.
The Spanish user group that filed the lawsuit alleges – with some justification – that the security features reflect an agreement between hardware makers and Microsoft, not the hardware maker and the customer, and that this violates various European Union treaties regarding competition.
As the disinterested third party in this dispute, the European Commission says, “… on the basis of the information currently available to the Commission it appears that the OEMs can decide to give the end users the option to disable the UEFI secure boot.” In other words, we don’t see a problem. Regardless of its first-blush analysis, however, the European Commission is required to investigate the complaint further.
Having never loaded an OS image onto a UEFI-equipped machine, I can’t say with any certainty that it’s easy to disable the ROM’s security. But that’s the prevailing wisdom. If you don’t want the secure boot feature, don’t use it. Your boot ROM will then happily boot whatever you tell it to, which is what boot ROMs have been doing since time immemorial. And which hackers have exploited for almost as long. If booting only approved code is important to you, then you probably don’t want to be repaving your hard drive every few days anyway.
I’m sure there are clever ways around this conundrum, but I can’t think of any offhand. The typical Linux user will want to load exactly one Linux image, just as most Windows users don’t reinstall their operating system very often. But updates present a problem. Windows updates (which Windows 8 pushes automatically, whether you want them or not) come with a pre-approved digital signature. Linux updates may not do that, especially if you’re hand-tuning your own Linux. In those cases, we’re back to disabling UEFI’s secure-boot feature, and you’ve lost an important anti-hacking device. C’est la vie.
While I can sympathize with the Linux group’s dilemma, I don’t find their argument compelling. UEFI is not Microsoft’s technology (or at least, not entirely Microsoft’s), and it does seem to be serving a useful purpose. Although UEFI can refuse to load unrecognized code, it does so only if the user/programmer asks it to. Given that UEFI’s secure-boot feature is easily disabled, I don’t see a problem.
It’s easy to jump to the defense of a group of Spanish volunteers working on Linux, and just as easy to declare Microsoft Corporation the Great Satan. But neither reaction does our industry any good, nor does it do credit to one’s individual character. I’m willing to give Microsoft a pass on this one and wait until the parties deliver more information before making up my own mind.