UEFI

Speculation is that Microsoft will force hardware vendors to hard wire their computers so that they can only boot Windows 8, through a feature called UEFI. See here, here, here, and here.

Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.

A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.

The Microsoft position is that demanding all computers have UEFI locked in by the hardware will 1. prevent Microsoft viruses from infecting the computer and 2. make it boot faster. You could not update the computer to a newer version of Windows, or any other OS, yourself because you are not the corporation who controls the “key” installed into the computer firmware. It would eliminate BIOS as well. We also noted from the block diagrams that it will automatically reformat the hard disk and re-install everything to original factory state if it sees any unauthorized change in the kernel, firmware, or device drivers. Every software installed must have an officially approved corporate purchased “key”. There is no non-profit controller of these required “keys” they would be controlled by for-profit corporations, which means only those permitted by the corporations would be allowed to provide software: the ability of individuals to innovate would be completely eliminated and the only software available would be strictly what Microsoft or another mega corporation chooses to allow.

The reason we got away from CP/M and other one-of-a-kind computers in favor of the IBM PC / BIOS standardized model was to escape the problems involved with exactly this sort of thing. On the flip side, it could focus all innovation in the Linux environment.

EDIT: 03 OCT 2011  I wonder if it is possible to add a key for Linux in the BIOS when the computer boots. If BIOS is eliminated, as I have heard is Microsoft’s intent, then of course this would be impossible. However prior notebooks with Trusted Platform Module (TPM)  hardware have had BIOS entries to program that hardware. It seems if BIOS was eliminated for this important functionality then a separate boot image would become available to provide that functionality, possibly booting with FreeDOS. As you know, TPM provides hardware encryption of the hard disk to prevent unauthorized users from procuring sensitive data. When starting a computer which has TPM one would also insert a USB Memory Stick with the key file on it, or type a security phrase into the console at startup. The keys are usually at least 128 or 256-bit. The TPM hardware would not make the entire computer useless because the TPM can be cleared, but the HD would then be undecodable and need to have the OS reinstalled.

From Wikipedia:

The Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It also includes capabilities such as remote attestation and sealed storage. “Remote attestation” creates a nearly unforgeable hash key summary of the hardware and software configuration. The extent of the summary of the software is decided by the program encrypting the data. This allows a third party to verify that the software has not been changed. “Binding” encrypts data using the TPM endorsement key, a unique RSA key burned into the chip during its production, or another trusted key descended from it.[3] “Sealing” encrypts data similar to binding, but in addition specifies a state in which the TPM must be in order for the data to be decrypted (unsealed).[4]

A Trusted Platform Module can be used to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. For example, it can be used to verify that a system seeking access is the expected system.

Generally, pushing the security down to the hardware level in conjunction with software provides more protection than a software-only solution. However even where a TPM is used, a key is still vulnerable while a software application that has obtained it from the TPM is using it to perform encryption/decryption operations, as has been illustrated in the case of a cold boot attack.

The TPM is also known by the name of the (former) United States Senator Ernest “Fritz” Hollings. The name, “Fritz chip” was coined by Professor Ross Anderson, author of “Security Engineering” and Professor at the University of Cambridge[5

In the second paragraph I see that a unique hardware identifier is burned into the TPM chip at the factory, which can be used to uniquely identify the system as that authorized to run the software on it, or to track the computer (or user). This could be a way for Microsoft to eliminate the odious “License Key” typing and “activation” when installing Windows, but it could also be a way to invade end-user privacy, after the late 1990’s Microsoft attempt to do so by embedding the CPU serial number in Word and Excel documents to track the author. This could also be used to deny the legal owner of the license the right to use his license on whatever computer s/he so chose, as when replacing an obsolete computer with a newer machine, to require every upgrade to re-purchase all software again at a cost several times the value of the computer hardware (Office $499, OS $230, Antivirus $50, etc.). One way to protect both Microsoft and the legal license owners would be to standardize the TPM chip, make it socket-able on the computer hardware, and provide the chip with each ‘Full’ boxed copy of Windows. This is an approach similar to the SIM chip provided with mobile phones. Microsoft’s interest would be protected because their software cannot be run without that specific chip, and the license owner’s interest would also be protected because she or he can take that chip out of the old computer and install it in the new computer. An upgrade to the Windows OS would not include the chip — it would already need to be there from the prior ‘Full’ license.


Comments are closed