Tuesday, November 15, 2011

Secure Boot - its here and been here for quite awhile ...

There's been a lot of noise with Microsoft requiring Secure Boot for Windows 8 OEMs. For those of you unfamiliar with it, Secure Boot requires that the boot chain is signed, and this 'feature' must be enabled by default. Although I have been unable to find specific details, it appears that the chain of trust needs to extend from BIOS/UEFI all the way down to the kernel. Obviously, requiring a signed boot chain makes using FOSS platforms like Ubuntu or Debian an impossibility short of having the UEFI Platform Key and resigning the entire chain.

Steven Sinofsky's MSDN blog has a fairly good overview how it works. Canonical and Red Hat also have a good white paper on why secure boot is a serious problem for Linux distributions. Even if secure boot itself can be disabled, it *greatly* rises the bar for general end-users to successfully install Ubuntu on their machine. In addition, it is the responsibility of OEM and BIOS manufacturers to provide the option to disable it.

There already has been a long history of OEMs removing BIOS options or introducing DRM; for instance, locking out VTx on Sony laptops, or restricting laptops to only accept 'branded' wifi and 3G cards. Given this track record, can OEMs realistically be trusted to have this option available?

What most people don't realize is that secure boot itself is not a new concept; its simply part of the Trusted Computing initiative, and has been implemented on embedded platforms for many years. If you own any iPhone, or one of the vast majority of Android devices, you are using a device that either has the secure boot feature, or something very close. This especially painful in Android as Google's security system restricts users to a *very* limited shell and subset of utilities which can be used on non-rooted devices. WebOS, Maemo, and to my knowledge Meego give the end-user full unrestricted access to the boot chain and you can swap kernels and even the entire OS out if one was so motivated.

Although it is still an ongoing problem, several vendors such as HTC, Samsung, Motorola (kinda), and even Sony. In the Android community, having unlockable bootloaders has been a welcome middle ground in the traditionally restrictive and locked-down world of cellular devices.

While some may argue that such locks are necessary to protect consumers, it is perfectly feasible to create devices with unlocked bootloaders that are still secure. The Nook Color's is an Android powered eReader. It's stock firmware doesn't allow sideloaded applications or even access to a user shell via adb, but the BootROM on the device attempts to boot from the microSD card before eMMC, making it possible for enterprising users to easily modify the underlying OS (as well as making it physically impossible to brick the device due to a bad flash). Barnes and Nobles even sells a book on rooting the Nook Color; it was right next to the devices on display at the time. In addition, they've continued the tradition of easily modifiable devices with both the Nook Simple Touch, and the Nook Tablet.

One of the most impressive attributes is the possibility of running Ubuntu on it. The absolute poster child for this is the Toshiba AC100. For those of you unfamiliar, it ultralight netbook that shipped with Android 2.1/2.2 with easy access to the built in flash via the mini-USB port on the side of the device. Due to the valiant efforts of the AC100 community, Ubuntu was ported to this device, and became a supported platform with images available on cdimages.ubuntu.com. If you were an attendee at UDS, you likely saw several AC100s all running Ubuntu.

This brings me to the point that motivated me to write this post in the first place. One of the most impressive tablets I've seen to date is the ASUS eeePad Transformer, an Android tablet with fully dockable keyboard. I have one of these devices, and its one of the most impressive and usable Android tablets I own. Sadly, such a powerful device was hobbled from its true potential due to ASUS's decision to ship the device with a locked and encrypted bootloader. Surprisingly, the Secure Boot Key (SBK) was acquired and released to the wild, making it possible to reflash the device. Sadly, even with the SBK, the device's bootloader is still extremely hobbled compared to the AC100 making flashing a slow and difficult process.

In response, ASUS refreshed the eeePad's hardware to the new B70 SKU, which has a new Secure Boot. Despite this, a root exploit was recently found to allow people to circumvent these restrictions and install customs ROMs. It is however only a manor of time before ASUS responds and releases a new update that fixes this bug.

Steven Barker (lilstevie) on xda-developers successfully created a port of Ubuntu to the Transformer. Currently, installing Ubuntu on the Transformer requires nvflash access, so its not possible to use his image on the newly liberated B70 devices. I am certain that a new method of installing via an update.zip will be developed for those of us with hobbled devices.

It is a showcase of what is possible when you have open hardware, and also proves one indisputable point: any 'trusted boot' or DRM scheme can and will be defeated; at best you piss off your userbase, and at worst, you force users to exploit bugs to gain control of their device. As it is impossible to reflash these devices from the bootloader, a failed kernel flash WILL brick these devices, increasing warranty and support costs as users try to return their now broken devices.

In closing, while there have been some victories in ongoing war of open hardware vs. trusted comptuing, the road ahead still remains very murky. Victories in the mobile market have shown that there is a market for open devices. Google's own Nexus One was sold as a developers phone and as a way to encourage manufacturers to raise the bar. It sold well enough to recoup its development costs.. While there is no official statements, the Nokia N900 is suspected to have broken all sales expectations, backed up by the fact that Angry Birds sold extremely well on the Ovi Store for the N900.

From the article in question:
What reaction have you had in terms of sales and customer feedback?

Angry Birds had already been launched on App Store before it came out on Ovi Store, and it had a great review average from iPhone reviewers and users alike, so we expected a good reception from N900 users as well.

Even so, we were quite surprised by just how the N900 community immediately took the game to heart. The game obviously made many people very happy, and that is really the greatest achievement that anyone who creates entertainment for a living can hope for. Well, maybe the greatest achievement is huge bundles of cash, but making people happy comes a close second.

In the first week that Angry Birds has been on the Ovi Store, it has been downloaded almost as many times as the iPhone version in six weeks. Given that most N900 users have not even used Ovi Store yet, we are confident that there will be many more downloads in the months to come, and are sure that the N900 version will be very profitable.

That being said, with Microsoft pushing secure boot and trusted computing down everyone's throats with Windows 8, it is hard to say what the future might hold for those of us who want to own our devices.

1 comment:

Anonymous said...

I'm currently having a conversation about this piece on reddit, but I notice you've 0 comments here on your actual blog and feel kinda bad about that. You might want to consider switching to wordpress and installing the backtype connect plugin so that comments from reddit, etc. will show up here too :)