Home » Incidencias » 138
UEFI and restricted boot
submitted by lammi87, 12:30, 6 Julio 2012
ARGUMENTO: other
ESTADO: opened
PRIORIDAD: high
Descripción:

Hi, this is lammi87

In the near future, all ARM based devices might have UEFI implemented in a way which would prevent free operating systems to be installed and used on those devices. These restrictions might spread to other architechtures as well. This is dangerous and everyone should opose it. The question is how are we going to take it into account here on h-node. At the moment there is no mention about UEFI anywhere.

I suggest we add new entries to computers' pages where the user must specify if UEFI is enabled by default, if it can be disabled and wether it prevents free operating systems to be used on the device. Possible set of entries could look like this:

does it have UEFI?					yes
							no
							not-specified

does UEFI restrict usage of free operating systems?	yes
							no
							there is no UEFI
							not-specified 

is UEFI enabled by default?				yes
							no
							there is no UEFI
							not-specified


can UEFI be disabled by the user?			yes
							no
							there is no UEFI
							not-specified

The problem with these entries is that they overlap the following existing entries a bit and changing them might be difficult (I'm not sure):

does it have a free BIOS?				yes
							no
							not-specified

can free operating systems be installed?		yes
							no
							not-specified

What do you think? How should we implement this? Should we do this in some way before some devices with UEFI are released or should we wait for their release? Should we discuss this matter in the mailing list?

Mensajes:
tonicucoz:

If I've correctly understood, the UEFI should replace the BIOS, is it right? If this is the case that we should add an option to the BIOS entry in this way:

does it have a free BIOS?				yes
							no
						not-specified
                                                it has UEFI

About the "can free operating systems be installed?" entry we should rename it in order to include UEFI, I have to think how..

submitted by tonicucoz, 06:13, 7 Julio 2012
lammi87:

Hi, this is lammi87.

I got a few messages from the mailing list conserning this issue so I'll include them here:

Message #1 from Antonio Gallo

Hello,

inside the notebook category at h-node.org we have an entry to specify if a free operating system can bee installed:

"can free operating systems be installed?"

not-specified
no
yes

perhaps we could change it in order to include UEFI restrictions, such as:

"Does UEFI (Restricted Boot) prevent the installation of a free operating system?"

in this case we shouldn't add a new entry

What do you think?

see also this issue at h-node.org:
http://www.h-node.org/issues/view/en/138

Should UEFI replace BIOS? If this is the case we should add an option to the BIOS entry:

does it have a free BIOS? 
yes
no
not-specified
it uses UEFI

Message #2 from Michał Masłowski

     "Does UEFI (Restricted Boot) prevent the installation 
     of a free operating system?"

There are many other standards/bootloaders that can do the same, 
"can free operating systems be installed" expresses the same. 
Unless someone wants to boycott just UEFI Restricted 
Boot and not Restricted Boot using a different bootloader.

     Should UEFI replace BIOS? If this is the case we should 
     add an option to the BIOS entry:

     does it have a free BIOS? 
     yes
     no
     not-specified
     it uses UEFI

There are both free and nonfree implementations of UEFI, so this
shouldn't be in this entry.

BIOS, UEFI, boot firmware and other names refer to what is exactly the
same thing for our purposes. Maybe call it "boot firmware" and explain
that BIOS and UEFI implementations are boot firmware? (Might be
confused with firmware running on other processors.)

Seen a longer list of primary boot loaders in
https://en.wikipedia.org/wiki/Booting.

There is an unrelated issue of "can free operating systems be installed"
not being clear. I consider it to refer to installation of systems
modified by the user without asking anyone (so they would e.g. need to
disable Secure Boot first or add their own keys), although this isn't an
issue if a free operating system is one of the FSF-listed free distros
with no plans to have signed kernels in their installation media. There
are devices that allow installation of custom kernels but not
bootloaders (e.g. Nexus S and probably many other phones, although we
don't list them on h-node), we could add a "partial" value with a
request for details in the description if such cases occur.
submitted by lammi87, 09:33, 7 Julio 2012
lammi87:

Thanks for your messages Antonio and Michal. It seems this issue is more complicated than I thought.

BIOS, UEFI, boot firmware and other names refer to what is exactly the same thing for our purposes. Maybe call it "boot firmware" and explain that BIOS and UEFI implementations are boot firmware?

I agree. Maybe we should change the "does it have free BIOS?" entry to:

does it have free boot firmware?		yes
						no
						not-specified

and add a link to the wiki/help page where we explane what we mean by "boot firmware", that is BIOS, UEFI, Coreboot, etc. This way, we can keep the devices' pages simple. They would become a mess if we would add all the entries I first suggested and even more if we would add similar entries to all other non-free "boot firmware".

This issue is a bit complicated so we absolutely need to improve our wiki/help pages about this matter. We must specify really clearly and easy to understand way which "boot firmware" is free and which is not (UEFI vs. UEFI with Restricted Boot).

What do you think?

submitted by lammi87, 10:51, 7 Julio 2012
salsaman:
I think you need to add more details, for example: does it support Secure boot ? if yes, - can it be disabled ? - how many keys does it support ? If it cannot be disabled, and it only supports 1 key then it is Restricted boot.
submitted by salsaman, 20:30, 9 Julio 2012
lammi87:

So, how about this:

does it have free boot firmware?		yes
						no
						not-specified

with a link to explanations on help/wiki about what we mean by boot firmware (BIOS, Coreboot, UEFI, etc) and what is considered as free boot firmware (coreboot only?).

can free operating systems be installed?	yes
						no
						not-specified

If user selects "no" it means that either there is restricted boot implemented on the device or that installation is not physically possible (can there be such a case?).

does it have restricted boot?		        yes, can be disabled
						yes, cannot be disabled
                                                no
						not-specified

with a link to explanations on help/wiki about what restricted boot is, how UEFI can implement restricted boot but doesn't always do so and how to check if there is restricted boot and if it can be disabled.

submitted by lammi87, 10:28, 10 Julio 2012

Write below your motivation

h-node.org is a hardware database project. It runs the h-source PHP software, version SVN-387, available under the GNU General Public (GPLv3) License.
JavaScript license information