+++ Steve Langasek [2012-07-07 15:58 -0600]: > On Sat, Jul 07, 2012 at 11:09:57PM +0200, Andreas Barth wrote: > > * Steve Langasek (vor...@debian.org) [120707 22:54]: > > > On Fri, Jul 06, 2012 at 10:14:01AM +0200, Josselin Mouette wrote: > > > > If OTOH we have to pay a fee just for our software to work on platforms > > > > that just happen to be using Microsoft’s certificate, this is clearly > > > > abusive. I would object to do so, and I believe we would (at least in > > > > Europe) have a very strong case in court against such practice. > > > > Note that the Windows 8 requirements stipulate that users must in all > > > cases > > > retain the ability to disable Secure Boot on their x86 systems from the > > > firmware. It's really a question of ease of installation, and whether > > > Secure Boot provides any additional security protection that we think it's > > > worth providing to Debian users out of the box. > > > IIRC it's not the same on embedded hardware. > > The distinction is between x86 and ARM, and the Windows 8 cert requirements > for ARM appear to have as their goal to prevent any other OS to be bootable > on that hardware.
Which is pretty outrageous IMHO and may well become a serious problem once PC-like ARM hardware becomes widely available (laptops and capable tablets). It is very disappointing that once they agreed to free-up x86 everyone said, 'oh that's alright then', failing to appreciate that ARM hardware will (likely) be just as ubiquitous as x86 quite soon. Hopefully enough people will produce hardware that isn't crippled in this way, but if Windows 8 is a popular platform one may get a greatly restricited choice. Will Android machines make secure boot turn-offable or another key installable, or will thay follow the Microsoft lead and lock everything down too? A competition case is much harder to bring here because Windows has almost zero share on ARM and can use that as an excuse. Of course, as we know in Debian architecture is really irrelevant to the question of 'is this OS dominant and using its dominance in one area to restrict competition in another'? This makes the ARM/x86 distinction in the rules a devious scheme to reduce competition, which seems to be working so far (and in our case prevent us using such computers usefully at all). In an ideal world the fact that can't unlock your device and install another OS will be seen as a consumer disadvantage and reduce the supply of hardware with no ability to install alternate keys, but that seems an unlikely outcome, as most people don't care, or won't until it's too late. I'm not sure what we can actually do about this technically. Approximately nothing, except look for ways to hack the secure boot mechanism on interesting hardware. I can't recall if the rules for arm actually prevent the bootloader allowing the loading of other keys, or just prevent turning off secure boot. I think the latter, but as there is no requirement for this feature it may be rare in practice. By making this easily available in UEFI I suppose that may encourage manufacturers to enable it. > So I don't think you should expect MS to sign any UEFI > ARM bootloader binaries at all. Quite. Wookey -- Principal hats: Linaro, Emdebian, Wookware, Balloonboard, ARM http://wookware.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120708131523.gy13...@stoneboat.aleph1.co.uk
