Linked by Thom Holwerda on Fri 22nd Jun 2012 23:17 UTC
Ubuntu, Kubuntu, Xubuntu After Fedora, Ubuntu has now also announced how it's going to handle the nonsense called "Secure" Boot. The gist: they'll use the same key as Fedora, but they claim they can't use GRUB2. "In the event that a manufacturer makes a mistake and delivers a locked-down system with a GRUB 2 image signed by the Ubuntu key, we have not been able to find legal guidance that we wouldn't then be required by the terms of the GPLv3 to disclose our private key in order that users can install a modified boot loader. At that point our certificates would of course be revoked and everyone would end up worse off." So, they're going to use the more liberally licensed efilinux loader from Intel. Only the bootloader will be signed; the kernel will not.
Thread beginning with comment 523480
To view parent comment, click here.
To read all comments associated with this story, please click here.
vaette
Member since:
2008-08-09

"Where are the lawyers? B/c this has to be stopped."

Suing to prevent the implementation of Secure Boot is certainly getting the government involved. Also the definition of what is a "standards body" seems to shift very quickly with how the person defining it feels about what they are doing. I could certainly start a non-profit that publishes documents that say that everyone should implement secure boot all day.

Reply Parent Score: 2

ricegf Member since:
2007-04-25

Good point, but you're missing mine.

Having the "government regulate what software and hardware we may make" is not the same as asking "Where are the lawyers" to pursue enforcement of existing anti-trust laws.

For example, a lawyer can sue (in the judicial branch) to stop Microsoft from using their dominance in the OS market to drive all competitors out of the web browser market in an effort to control the Internet.

But that's very different from the government (in the executive or legislative branch) specifically regulating what software can be made to browse the web.

Rephrased, citizens can leverage the government for anti-trust and consumer protection from dominant businesses without demanding that the government actively run those businesses.

Or yet another way, the government can function as the referee without also playing quarterback for one or both teams.

Hope I'm making the distinction clear.

Reply Parent Score: 3

vaette Member since:
2008-08-09

There is a point there, though I think people are a bit quick to jump to the legal attacks based on the convicted monopolist status of Microsoft. One has to understand that Microsoft is not the only company in the Secure Boot game. I also think that one has to accept at least that Microsoft implements Secure Boot and pushes for it a bit.

The thing one could consider is preventing Microsoft from making Secure Boot a Windows 8 logo requirement, but on the other hand the logo requirement is likely the only thing that is ensuring that all x86 systems will have a toggle and key update facility for Secure Boot. Left to themselves many motherboard manufacturers would likely implement Secure Boot (simple checklist feature) either way, but putting in the key update stuff probably has somewhat poor returns in reality.

Mostly what I want to get said though; legal interventions is a dangerous game. Launching challenges against Microsofts uses of cryptography will make principled stands against limitations on cryptography use a bit trickier.

Reply Parent Score: 3

Delgarde Member since:
2008-08-19

Good point, but you're missing mine.

Having the "government regulate what software and hardware we may make" is not the same as asking "Where are the lawyers" to pursue enforcement of existing anti-trust laws.


What makes you think this breaches existing anti-trust laws? Because while I agree that it's intended as an anti-competitive move, the courts will see that Microsoft are *requiring* their vendors to provide a "disable secure-boot" function, which kind of defeats the argument. Not only that, they're offering (for a nominal charge) a certificate service to competitors who might lack the influence to get their own certificates distributed by vendors.

So, you still think enforcing existing anti-trust laws will help?

Reply Parent Score: 2