UEFI - the new TCPA

[Quasar]

Didn't get fed-up enough during SOPA, PIPA, ACTA, etc?

Here comes the next front in the war against general computing: UEFI, a BIOS substitute being implemented across the board, and being required for certification against Windows 8, that can lock you out from your own system.

This is more or less an implementation of the original core goals of TCPA, with trusted boot facilities that will verify the operating system is not modified in any "unauthorized" way - including by the end-user - like those currently used in the boot chains of cellphones and game consoles. Trusted boot is a fundamental cornerstone for building a full DRM software stack. There is almost no other purpose for it.

Microsoft is demanding that this restrictive feature not only be included in all new x64 PC's, but that it be enabled by default and, beyond not requiring manufacturers to allow it to be disabled in the first place, is recommending that they not do so. Any ARM device is in fact not allowed to disable "Safe Boot", and therefore cannot have any other operating system installed on it.

A more blatant attempt to sledgehammer the entire computing world under the Microsoft reich could not be devised.

[Technician]

We can't win at this point.

[exp(x)]

Quasar said:

like those currently used in the boot chains of cellphones and game consoles

Yeah, and those have never been broken before.

[Quasar]

exp(x) said:

Yeah, and those have never been broken before.

Not saying it'll be unbreakable. Does that mean it's still not a gigantic step in the wrong direction?

Especially when new laws threaten to make the penalties for DMCA violations into felonious crimes or terrorist acts. You know, circumvention of "technological measures," as which trusted boot platforms like UEFI qualify.

[Technician]

Quasar said:

Especially when new laws threaten to make the penalties for DMCA violations into felonious crimes or terrorist acts.

That's my number-one fear. They're essentially calling you a pirate or a hacker, and throwing you in jail for modifying something you've paid for, guilty of only "intent".

[hex11]

How about all the shops that run Linux/BSD servers, or use OSS on embedded ARM devices? It's not like Microsoft can just force them to pony up cash for licenses and eat the costs of migrating all their stuff to a single vendor who will then have them by the balls.

[Quasar]

hex11 said:

How about all the shops that run Linux/BSD servers, or use OSS on embedded ARM devices? It's not like Microsoft can just force them to pony up cash for licenses and eat the costs of migrating all their stuff to a single vendor who will then have them by the balls.

Do you mean like how the Electronic Health Records industry did not manage to consolidate a monopoly by successfully making it required by law for all medical institutions in the United States that bill Medicaid or Medicare to use their software, a group of programs which can only be certified by a mysterious appointed board of industry pundits who keep the criteria for certification secret until the application is filed, and then require re-certification for every modification made to the program and oh did I mention it costs every time you have to re-apply?

Oh wait, that's exactly what they did. It's called the HITECH Act and was sneaked into Obama's ARRA crock. My own workplace is now in the red trying to pay a $300K-and-growing bill because of this, and I can no longer work on Prometheus, a program I poured a huge amount of effort into pulling back from the brink, because it doesn't meet these requirements (even though it kept this place running efficiently for ten years).

[Phml]

I'd try to understand this new topic, but everytime there's a new OS or important thing like that:
1) IT people tell me I should be worried for my privacy, my rights, my car insurance and my goldfish collection
2) 6 months pass
3) important thing is released
3) 6 more months pass
4) IT people yell at me for using outdated software and not having upgraded to that important thing

[Quasar]

Phml said:

I'd try to understand this new topic, but everytime there's a new OS or important thing like that:
1) IT people tell me I should be worried for my privacy, my rights, my car insurance and my goldfish collection
2) 6 months pass
3) important thing is released
3) 6 more months pass
4) IT people yell at me for using outdated software and not having upgraded to that important thing

Those are different IT people yelling on either end of that equation though, aren't they? :P

I dunno. But I am very glad all of a sudden that I am an old-hardware aficionado. I need to add some more machines to my stockpile apparently, before they get outlawed.

[Phml]

Those are different IT people yelling on either end of that equation though, aren't they? :P

Sometimes, they are one and the same... :)

This is not a serious jab at anyone, of course. It's understandable people may have to move with the industry standard even if they have concerns, or pros may outweigh cons, etc.. It does get complicated enough it feels safer to just let people in the know handle that between themselves and cross fingers hoping my computer won't become sentient and use my private information to order necrophilia porn the next time it boots up.

[Vordakk]

Quasar said:

with trusted boot facilities that will verify the operating system is not modified in any "unauthorized" way...

I'm obviously just as alarmed as the rest of you about this, but what exactly are they qualifying as an "unauthorized" mod of an OS? I'd like to learn more about this; could you recommend a good link that presents more information about UEFI?

[Maes]

Technician said:

We can't win at this point.

Why do you think I and hex11 keep hoarding all the good machines (ya know, Pentium III with normal BIOS and the such)? ;-)

Also, screw those "different IT people". I prize my constancy: I only use Windows XP SP3 (the last of the good ones) or Linux. There, just put it in their ass.

[Quasar]

Vordakk said:

I'm obviously just as alarmed as the rest of you about this, but what exactly are they qualifying as an "unauthorized" mod of an OS? I'd like to learn more about this; could you recommend a good link that presents more information about UEFI?

Any mod is an unauthorized mod. For ARM devices, according to Microsoft, that includes installing a different OS.

Try Wikipedia, for a start. The article there has links to many more sources.

[Blastfrog]

Christ man, will this ever stop? What would happen if a company decides to voluntarily make their own hardware without these restrictions?

[Aliotroph?]

This is about as bad as it gets. It's a good thing I've watched enough cyberpunk movies to know how hide in dark places when they come looking for people jailbreaking their computers! :p

[GreyGhost]

Let's try looking on the bright side, if the sheeple realize that they won't be able to keep their video library, mp3 collection, the odd game they'd downloaded or their stash of porn on that shiny mew PC and that they'll be barred from some/many of their favorite websites, they might vote with their wallets and let Windows 8 rot on the vine.

* either I'm hallucinating or a squadron of pigs just flew past my window *

Sodaholic said:

What would happen if a company decides to voluntarily make their own hardware without these restrictions?

Their customers won't be able to run Windows 8 on it, though personally I don't consider that a disadvantage.

[Reisal]

Quasar, got any links for this?

[GreyGhost]

Start here, and here

[printz]

Aliotroph? said:

when they come looking for people jailbreaking their computers! :p

Well, as long as I don't use a jailbroken computer to infringe on copyrights, access classified information [that they might encrypt right on my computer] or try to do things on the Internet only genuine owners are allowed, I should be OK, right? I could have two computers, one clean, used for general tasks, and another jailbroken and engineered for whatever programming experiments I might try, in privacy.

[Gez]

I think that's where antitrust commissions should simply ban Windows 8 given the anticompetitive measures taken by Microsoft.

[DoomUK]

Why can't Microsoft see that if they impose this kind of restriction, people are less likely to go out and buy their new OS? Or am I being naive and assuming the majority of people even care and don't just want to flash their Windows 8 PC around as a fashion accessory.

[Blastfrog]

DoomUK said:

Or am I being naive and assuming the majority of people even care and don't just want to flash their Windows 8 PC around as a fashion accessory.

I doubt your average consumer would know or care, unfortunately.

[GreyGhost]

Your average consumer is going to be sold on the eye candy and will have to find out the hard way what "Trusted Computing" is all about.

printz said:

Well, as long as I don't use a jailbroken computer to infringe on copyrights, access classified information [that they might encrypt right on my computer] or try to do things on the Internet only genuine owners are allowed, I should be OK, right?

So long as your jailbroken computer is unable to connect to a network and you tell nobody about it or your secret experiments - you might be OK.

[Mr. T]

M$ abusing a feature of EFI, man I'm shocked lol

[printz]

Will home users who have always used Windows and never tried to modify it in a deep way be affected by this new junk?

GreyGhost said:

So long as your jailbroken computer is unable to connect to a network and you tell nobody about it or your secret experiments - you might be OK.

I don't know how I would be jailed for playing with the device I bought, unless I actually tried to do business or something illegal with it. There's nothing that should prevent me from reverse-engineering something if I keep it in my home and don't use the new knowledge for piracy. Sure, the police would suspect something if they see it, but that's their job.

[GreyGhost]

IANAL - attempting to bypass or neuter secure boot would probably be a breach of anti-circumvention provisions in both the DMCA and EUCD regardless of your intentions. Not that that matters - you're already guilty of thoughtcrime.

[Nomad]

I'm not TOO worried about this, because surely it breaches some kind of anti-trust, anti-monopoly statute already in place.

[Snarboo]

Nomad said:

I'm not TOO worried about this, because surely it breaches some kind of anti-trust, anti-monopoly statute already in place.

I'm wondering this myself, especially now that Apple has their hands in the x86 pie. What might happen is that a motherboard's firmware is only tailored to run one specific OS, say Windows or OSX, much like most motherboards only accept Intel or AMD processors. Hard to say really, especially since I'm not on expert on these sort of things.

[Maes]

Snarboo said:

What might happen is that a motherboard's firmware is only tailored to run one specific OS

Probably we'll revert back to a situation similar to the early years of home computing, but with a twist.

If you take a look at the machines that defined that era (8-bit like Amstrad CPC, Sinclair Spectrum, Commodore 64, etc. and even 16-bit like Atari ST, Amiga etc. ), those machines were de facto very specific OS/hardware combinations, with little leeway for alternatives.

The main difference with the UEFI situation is that nobody tried to force a de jure prohibition against running another OS on any of these machines: it would be pointless. The availability or less of alternative OSes was limited by technical limitations and user/market demand.

[printz]

Maes said:

The main difference with the UEFI situation is that nobody tried to force a de jure prohibition against running another OS on any of these machines: it would be pointless. The availability or less of alternative OSes was limited by technical limitations and user/market demand.

I don't understand why users have to be controlled against using other OSes and not, say, manufacturers. What, are open-source utilities terrorist tools?