Please create an account to participate in the Slashdot moderation system


Forgot your password?
Operating Systems Ubuntu Linux News Your Rights Online

FSF Criticises Ubuntu For Dropping Grub 2 For Secure Boot 296

sfcrazy writes "The Free Software Foundation (FSF) has published a whitepaper suggesting how free operating systems can deal with UEFI secure boot. In the whitepaper, the foundation has criticized the approach Canonical/Ubuntu has taken to deal with the problem. The paper reads: 'It is not too late to change. We urge Ubuntu and Canonical to reverse this decision, and we offer our help in working through any licensing concerns. We also hope that Ubuntu, like Fedora, will actively support users generating and using their own signing keys to run and share any versions of the software, and not require users to install a key from Canonical to get the full benefit of their operating system.'"
This discussion has been archived. No new comments can be posted.

FSF Criticises Ubuntu For Dropping Grub 2 For Secure Boot

Comments Filter:
  • by crazyjj ( 2598719 ) * on Monday July 02, 2012 @11:56AM (#40517733)

    I would like to refer every single person who henceforth asks the question "Why hasn't Linux ever gone mainstream?" to the parent post.

  • by Anonymous Coward on Monday July 02, 2012 @12:01PM (#40517763)

    I'd say the ultimate solution is for every linux fan to stop recommending computers with locked BIOSs, push hardware with coreboot, and to ignore distros which aren't playing ball. Cracking it is the pragmatic solution.

  • by GeneralTurgidson ( 2464452 ) on Monday July 02, 2012 @12:05PM (#40517797)
    Go ask Novell how well chasing that Microsoft interoperability trains works.
  • by ArsonSmith ( 13997 ) on Monday July 02, 2012 @12:11PM (#40517841) Journal

    How will Microsoft deal with the loss of all 8 of those sales.

  • by shentino ( 1139071 ) <> on Monday July 02, 2012 @12:13PM (#40517863)

    Sadly I think this may well be true in the future if hacking your own PC is treated by Microsoft the same way that modchipping your PS is treated by Sony

  • Re:The FSF (Score:5, Insightful)

    by mvdwege ( 243851 ) <> on Monday July 02, 2012 @12:17PM (#40517891) Homepage Journal

    I realise it must have been a great trauma to you to have RMS jump through your window wielding a katana and forcing you to install gNewsense GNU/Linux, but seeking counselling is a better solution than going on about it on Slashdot.

    Wait, that did not happen? Oh, you were confusing 'criticizing' with something else; and implying that the FSF have no right to express their criticisms. Hmmm. Seems like a prime example of the pot calling the kettle black, don't you think so yourself?

  • by Anonymous Coward on Monday July 02, 2012 @12:19PM (#40517911)

    Linux will never go mainstream because there are trolls on the internet? Gosh.

  • by SuricouRaven ( 1897204 ) on Monday July 02, 2012 @12:19PM (#40517917)
    Microsoft's key is the only one that you can be sure all computers will have, and so the one all vendors will have to sign with. Making it pointless for them to even have their own keys. By design, I am quite sure: The limit is one-key-only because it was always intended that only one vendor would survive. Microsoft.
  • by Anonymous Coward on Monday July 02, 2012 @12:20PM (#40517925)

    So far there's no indication that you need to hack anything. Microsoft requires that PC's sold as certified for for Windows 8 allow you to enter custom mode and load your own certs. The reason Linux Distros are going the routes they are, using a Microsoft Signed boot loader, is that they want something that will be bootable on any machine out there with out having to enter the bios. While your typical users here on slashdot probably doesn't have any problems entering their bios and adjusting Bios settings for many other users is something they've never done and it's going to be extremely specific to that mfgs implementation on that particular hardware so no general set of instructions is possible.

  • a sea change (Score:5, Insightful)

    by Anonymous Coward on Monday July 02, 2012 @12:30PM (#40517997)

    This is the start of a sea change in who controls our computers. Yes, for now you can turn it off (oh, sorry, unless you're using an ARM system), but this is just the first step. They can't go the entire way all at once. They've tried before, and learned they have to go one step at a time. Each step doesn't seem so bad, until finally, all the cards fall into place.

    Already most of our mobile devices no longer belong to us, unless you manage to defeat the device's security that is meant as security against YOU, the owner of the device. Bought anything with iOS, or about 95% of the Android devices? Or WP7? Sorry, someone else owns it even after you purchased it. That's the world that many powers like Microsoft and many governments desire for the whitebox PC. A locked down device that obeys other masters, only booting "trusted" OSs that let those masters have the final say over what your computer does. Because a world where a billion individuals had control over their own computers could not be allowed to persist. It threatens too many corporations and governments.

    Of course, people will buy these increasingly locked down PCs just like they are falling all over themselves to buy tablets, so this world WILL come to pass. All we can do is figure out how to deal with it.

  • by betterunixthanunix ( 980855 ) on Monday July 02, 2012 @12:35PM (#40518049)

    for someone to hack the secure boot BIOS

    So it's come to the point of having to attack our own computers just to run the software we want? The fact that we have to resort to these measure is a sign of just how bad things have gotten.

    provide an easy way for users to reflash theirs from Windows or whatever OS is preinstalled

    So to run free software, I have to first agree to yet another license for proprietary software? That is a step backwards if I have ever seen one.

    No doubt this will prevent windows being reinstalled but unless you want a dual boot machine I doubt this matters much

    There are lots of people who want or need dual boot. I would guess that a substantial fraction, maybe even a majority, of GNU/Linux users have dual boot. People should be free to use their computers the way they want, which includes the freedom to dual boot.

  • Re:The FSF (Score:1, Insightful)

    by Osgeld ( 1900440 ) on Monday July 02, 2012 @12:37PM (#40518085)

    Whoa easy killer, I didnt know they personally came in and saved you and your family from terrorist mere moments before being shot in the head. I just think its funny that a group that advocates software freedom always gets their panties in a big ole wad when someone does something they didnt like. Fuck them its none of their concern what Ubunutu uses as a bootloader, thats (gasp) freedom.

  • by Microlith ( 54737 ) on Monday July 02, 2012 @12:37PM (#40518093)

    stop recommending computers with locked BIOSs

    So eventually all of them?

    push hardware with coreboot


    Cracking it is the pragmatic solution.

    Nor is pushing hardware that doesn't exist.

  • by kervin ( 64171 ) on Monday July 02, 2012 @12:38PM (#40518103) Homepage

    Novell made a killing and and was an industry powerhouse for decades. Much of their wealth came from making the Microsoft environment easier to use.

    Also many of Microsoft's biggest competitors started of by being compatible with Microsoft. Google providing Exchange protocol services, Office file format compatibility, same with Apple, OpenOffice, etc. And that hasn't worked out too bad for them.

  • by Anonymous Coward on Monday July 02, 2012 @12:39PM (#40518107)

    [Disclaimer: I’m always posting anonymously, since I consider the /. moderation system fundamentally broken.]

    I assume you mean that the moderation system results in you getting modded down constantly. Try making a post that makes your point without being condescending and repeatedly insulting others. You might find you don't get modded down nearly as often. Unless your post is completely nonsense. Those get modded down for good reason - and that's a sign of an effective system.

  • by betterunixthanunix ( 980855 ) on Monday July 02, 2012 @12:40PM (#40518117)

    Canonical is making the right choice for their users.

    Funny how when I was growing up, free/libre software meant that the users did not have to rely on companies like Canonical to make their choices for them.

  • by CrimsonAvenger ( 580665 ) on Monday July 02, 2012 @12:48PM (#40518205)

    Is there any way to get editors who know enough English to at least filter out sentences like:

    The Free Software Foundation (FSF) has published a whitepaper recommending free operating systems how to deal with UEFI secure boot.

    It's not like it would have been hard to change it to:

    BLOCKQUOTE>The Free Software Foundation (FSF) has published a whitepaper recommending ways for free operating systems to deal with UEFI secure boot.

    And yes, I know that being a grammar nazi is unfashionable. But illiteracy really does work to convince people you have nothing to say worth reading...

  • by asdf7890 ( 1518587 ) on Monday July 02, 2012 @12:53PM (#40518243)
    You seem to be errantly conflating "true geek" with "anal self-important elitist prick".

    Many geeks use Ubuntu as there are various places where it is the right tool (or at least one of the appropriate options) for the job.
  • by Microlith ( 54737 ) on Monday July 02, 2012 @12:54PM (#40518253)

    And it's always been on the thin edge of the razor. Microsoft has readily yanked their chains by changing the file formats and protocols, keeping them perpetually behind in terms of compatibility.

    As for Novell, compatibility providing a few years of bounty is meaningless when the source of that bounty turns around and uses their monopoly to effectively drive you from the market. All you've done is made them more powerful.

  • by JerkBoB ( 7130 ) on Monday July 02, 2012 @12:55PM (#40518267)

    Sadly I think this may well be true in the future if hacking your own PC is treated by Microsoft the same way that modchipping your PS is treated by Sony

    I haven't really been paying attention to what Sony has been doing (don't own a PS3), but I wonder if Sony really cares about modchipping itself, or if they just want to keep modded consoles off of PSN?

    The latter seems reasonable to me... If you want to mod the console, fine. Just don't expect to be allowed to play in the sandbox with all of the unmodded consoles. You know if they let modded consoles on that games would be flooded by griefers and other annoying breeds of adolescent (chronological or mental).

    Not picking a fight, just wondering if I'm missing something...

  • by seandiggity ( 992657 ) on Monday July 02, 2012 @01:01PM (#40518347) Homepage

    Although it was obvious the FSF would take this position, as it should, isn't it strategically wise to have multiple solutions for users to load a (mostly) free software OS on hardware with UEFI? For similar reasons, I think it's good to have Android devices running ClockworkMod so that they may boot CyanogenMod/Replicant. I understand that we (free software advocates) should always be encouraging consumers to make smart choices and purchase devices that will run free software (and a complete free software stack, when that's possible).

    However, free software would become an "oasis in a desert", rather than a large and thriving ecosystem, if binary blobs, non-free drivers, non-free BIOS's, firmware hacks, etc. weren't around. It would become increasingly difficult to bring in more users. Those who have developed free software implementations to replace proprietary ones originate from all over the free software spectrum, so the pool of developers would also shrink.

    I think you always want both: the hardcores who will run free software and free software only, and those who will make compromises on devices until (if/when) stable free software is developed for those devices. The FSFE's advice on installing CyanogenMod [] seems like a sensible approach that takes this into consideration. Likewise, why not help someone install as much free software as possible on a device with a non-free BIOS/bootloader?

    It seems to me that UEFI will die a quick death if we A) fight very vocally against it, B) convince powerful corporations and governments that it's bad for them, C) ignore it where/when we can, and D) help others to circumvent it when necessary. It doesn't seem much different than the DRM problem in that way.

    I would be very happy with Canonical's UEFI strategy if the following from this past /. comment [] can be done:

    - Canonical will get efilinux signed with microsoft keys. So GRUB2 has to be made bootable from efillinux (efilinux is rather primitive, it just loads a kernel from a set collection of blocks from the device and run it. It shouldn't be too much difficult to have efilinux load and execute a GRUB2's "stage 1.5" or "stage 2"). Thus efilinux is the part that needs to be signed with microsoft's key (and efilinux's license makes it possible. Although that also means that you won't be able to hack it).


    - GRUB2 can load coreboot (an opensource firmware) payloads, so it could also load SeaBIOS (a legacy BIOS implementation as a coreboot payload). - GRUB2 can also load windows XP's boot loader. So if any of the above is possible (either chainloading efilinux to grub2, or signing grub2 in a gplv3 compatible way). That means that grub2 could be used to boot windows XP on secure-boot hardware. (with seabios providing the legacy bios compatibility, and windows XP's ntldfr being loaded from grub2).

    That unfortunately-complex method of chaining together multiple bootloaders seems to allow for any OS, even legacy ones, to boot (or at least attempt to boot) on UEFI hardware. Such a door might be closed if Canonical decides it won't play ball with Microsoft, and that seems like a door worth having open. However, I welcome any rebuttals...I don't know nearly enough about the issue.

  • by Nerdfest ( 867930 ) on Monday July 02, 2012 @01:02PM (#40518371)

    We've been at that point for quite a while now. Have a look at any of the iDevices. Even some of the Android phones have locked bootloaders (which don't restrict which apps you can install, but they limit your OS options). We're just seeing it spread, much like the locked Apple market is spreading to Windows metro.

  • Re:The FSF (Score:4, Insightful)

    by UnknowingFool ( 672806 ) on Monday July 02, 2012 @01:14PM (#40518481)

    The FSF: we don't like how Ubuntu uses UEFI instead of Grub 2. We think this is bad for these reasons . . .

    You: "Sure does like to dictate what people use, kinda funny that way"

    I believe you did confuse "criticize" with "dictate" or accused the FSF of doing something it did not do. Unless "criticize" and "dictate" changed meaning in the English language recently.

  • by quetwo ( 1203948 ) on Monday July 02, 2012 @01:19PM (#40518545) Homepage

    Drivers are only a part of the problem. The biggest is the fragmentation, of well, everything. The UI is different for every distro, every version, and every update. The configuration files are different for every distro, version and update. Besides a few very well known apps, compatibility of binaries and apps are a real crap-shoot.

    Linux will become mainstream the second that the number of CSE graduates outnumbers any other major in society.

    Think about it another way -- there are probably more copies of "Windows 7 for dummies" sold then there are installs of Linux being used as a desktop. With configurability, comes the loss of the mainstream. And plus, most UI/UX/usability in most Linux based apps don't follow the KISS method...

  • by Bill_the_Engineer ( 772575 ) on Monday July 02, 2012 @01:46PM (#40518893)

    With Android, Linux is quite popular with mobile.

    Actually no.

    The linux kernel is the choice of most of the embedded community (which Google Android is part of) and has garnered its mainstream acceptance in this market since the kernel was first introduced. Google picked the Linux kernel to host the Android OS not only because it was free, but because the Linux kernel was already prevalent in the embedded market and was compatible with the ARM processor. Android OS may have increased the number of units sold with the Linux kernel installed, but it DID NOT make Linux mainstream in the embedded market.

    Android didn't even make Linux mainstream to the general public. The consumer has no direct contact with the kernel, nor is Linux mentioned in any marketing done by Google to the general public. In this case, the linux kernel is just a part of a much bigger OS being installed on a mobile phone. I think when most people think of Linux they think of the Linux kernel with the Posix compliant runtime environment. Android does not fit this definition.

    Nitpicks aside... Linux only has mainstream acceptance in the embedded and server market. People purposely choose a Linux OS to run on a server. People do NOT choose a Linux OS to run their phone (well not a lot of them), they instead choose Android OS which Google spent large amounts of money to market it. My point being that in order to be considered "mainstream" the community at large would consider picking your product directly versus as an internal part of a much more popular product.

  • by Junta ( 36770 ) on Monday July 02, 2012 @01:56PM (#40519023)

    RedHat have tried to work with Vendors and educate folks about why this is a bad thing

    The key word here being 'tried'. It really hasn't done anything to change the ubiquity of MP3 and h264. In that case, the momentum (mp3 is as good as the alternatives technically and has been around longer) or technical merit (h264 hs *no* unencumebered competition to acheive the same results) far offsets the ideology of 'free' for most of the world that we must live in. We aren't sufficiently better off in drivers due to RH's stance (fglrx and nvidia drivers are still pretty much required to extract value out of the respective hardware). What gains have been made have been mostly occured due to the inconvenience of the hardware makers (easier to just provide source than maintain shims) and not due to hard user demands. Practically speaking, you add rpm-fusion or download from the hardware vendor in Fedora. Ubuntu makes that easier, and while some might appreciate the purity, the common end user is simply annoyed that their hardware choices they are driven to make aren't as supported as they reasonably could be.

    they've even undone this feat with kneeling towards Redmond (secureboot)

    Actually, from a practical perspective, Ubuntu states a plan to not have signing as soon as possible, meaning user-compiled drivers are still viable. Fedora/RH plans to be signed all the way up the stack, meaning you will have more difficult time with self-compiled modules. It seems like Canonical's aversion to GRUB2 is due more to lack of due diligence on GPLv3 implications and not of some sort of MS agenda. I also wonder if MS will ultimately block Canonical's plan for lack of protection against the boot loader becoming a circumvention mechanism for Windows 'secure' boot.

    All in all, I think Canonical on a technical level is losing it, some out of what seems to be desperation in chasing a business model now (ubuntu tv, now ubuntu phone) some out of hubris (some statements around unity's lack of configurability has been met with some strong hubris), but I don't think they are trying to close up the ecosystem and I don't think that Debian free and Red Hat's stance make a meaningful difference to the freedom of the components we use.

  • Re:The FSF (Score:2, Insightful)

    by Anonymous Coward on Monday July 02, 2012 @02:10PM (#40519173)

    Come on, are you serious? I can take a lot of criticism about the FSF: they're too radical, their software takes forever to be released, their beards are out of fashion... but one thing I don't think you can seriously debate: they are on our side. They are here to help us, they are the good guys.

  • by ugglybabee ( 2435320 ) on Monday July 02, 2012 @02:42PM (#40519535)

    I'd say the ultimate solution is for every linux fan to stop recommending computers with locked BIOSs, push hardware with coreboot, and to ignore distros which aren't playing ball. Cracking it is the pragmatic solution.

    I've been using Linux for ten years, since August of 2002, and I don't know what the FUCK any of this means.

  • by mitzampt ( 2002856 ) on Monday July 02, 2012 @03:27PM (#40520121)
    Platform fragmentation that keeps developers and publishers away, tons of UI/UX rough edges, very powerful customization that is never backed by some serious graphical utility just configuration files so that newcomers can get scarred of screwing up (or screwing up again and again), cool technologies and flashy features that changes the environment every Thursday or so, being pushed before stabilizing core software, plethora the apps each written in a dozen programming languages, widget set, frameworks, dozens of libraries to parse command-line parameters or whatnot, lack of proper contingencies when screwing up (especially when dealing with xorg)

    I still love the platform even if it's all over the place. Linux isn't popular because one of it's strengths, diversity, is being prioritized more than anything. Many people can't see that scratching an itch in three different places has no chance of 100% effectiveness.
  • by Nemyst ( 1383049 ) on Monday July 02, 2012 @10:26PM (#40523505) Homepage

    There's a new Windows OS every 2-5 years, each with relatively minor changes from the older version.

    In comparison, there are dozens of active concurrent Linux distros all releasing new versions with often jarring UI differences (hello, Unity!).

    Windows is usually very conservative and stable in its UI design.

MESSAGE ACKNOWLEDGED -- The Pershing II missiles have been launched.