I think UEFI Secure Boot is a shuck and a bald-faced Microsoft anti-competitive tool. I’ll get to my reasons in a moment, because my most important point comes first:
Every purchase of a Windows license is an attack on Linux. Linux has not won, and Microsoft is as dangerous as ever.
Every time you buy a computer that bundles a Windows license just to save a few bucks over buying a Linux machine, you’re shooting yourself in the foot. It doesn’t matter that you blow Windows away and install Linux– it still counts as a Windows sale, which reinforces your vendor’s belief that they need Windows users and can safely ignore Linux users. It sends money to Redmond. It rewards all the junkware, adware, and spyware vendors that load their garbage on Windows PCs. And it cements the anti-competitive status quo more firmly. Buying Android devices sends a significant revenue stream into Microsoft’s pockets– Linux PCs and bare hardware are almost our only remaining options to avoid paying the Microsoft tax.
Independent Linux vendors like System76 and ZaReason do more than stuff Linux into off-the-shelf machines. They do their own engineering and design, build with quality components, and use hardware that supports open drivers. So you don’t need to worry about custom drivers or lockin, but can use your machines however you see fit. You’re not going to be plagued with strange errors and bad performance from sub-par electronics. You get good stuff that you control and better service.
UEFI Secure Boot is More Microsoft Abuse
Microsoft has a long history of gaming and bullying standards organizations. Probably the most egregious example was their scorched-earth all-out assault on the ISO/IEC during the MS-OOXML standard debacle, including costing Massachusetts CIO Peter Quinn his job, and flooding ISO with new members whose sole purpose was to vote for MS-OOXML.
Microsoft scored a quiet coup when they got their proprietary, closed exFAT filesystem (essentially it’s FAT64, an extension of the creaky antique FAT12, FAT16, and FAT32 filesystem line) made part of the SDXC specification for Flash storage media. The Free exFAT driver is immature and its developers are working in the dark because the spec is closed. Nor is there a commercial exFAT for Linux users, but only the Tuxera driver for OEMs.
Those are just two out of many hundreds of possible examples. And now we come to the UEFI Secure Boot. A lot of people are all excited over the phrase “Secure Boot” because it sounds like a good thing. Sure, who wouldn’t want a secure boot to keep all those pre-boot malwares off their nice Linux boxes?
What Linux pre-boot malwares? If you’re multi-booting Linux and Windows, then you’re at risk for everything. If you’re not running Windows I can’t promise that you’re immune. But your risk is magnitudes lower.
The biggest flaw in Secure Boot is the spec requires a single Platform Key. You can add more keys, but they must be signed by the Platform Key. This is the cause of all the woe from Microsoft requiring all Windows 8 systems to ship with Secure Boot turned on– if you want to multi-boot Linux and Windows 8 you have to disable Secure Boot, or figure out how to generate keys for Linux that are signed by the Windows Platform Key. You cannot easily use Secure Boot for Windows 8 and disable it for Linux.
Posted from WordPress for Android