German govt comes out against Trusted Computing and Secure Boot

Trusted Computing and Secure Boot, especially Secure Boot, are supposed to boost the security of devices that you own. Yes, devices that you own! However, judging from the manner that Secure Boot has been implemented, it sure feels like you do not own that device you bought with your money. Hence the phrase Restricted Boot is more apt.

And since corporations now run the government, a corporation with enough power (and money… the power comes from the money) can dictate what you can do on and with that device that you own. Microsoft’s ability to dictate to hardware vendors, and by proxy, dictate to you, how secure boot can be implemented, is a very good example.

So far, who has challenged Microsoft? Other than dissenting voices from the Free Software and Open Source community, nobody.

But the German government has made an official statement on Secure Boot (and Trusted Computing). Since it’s just a position statement, it does not count as a legal challenge to Microsoft, but it’s s start. The Free Software Foundation Europe was the first to report on this German government statement.

Here are key points that they made:

3. Complete control by device owners
Device owners must be in complete control of (able to manage and monitor) all the trusted computing security systems of their devices. As part of exercising control over their devices, device owners must be able to decide how much of this control to delegate to their users or administrators. Delegating this control to third parties (to the device manufacturer or to hard- or software components of the device) requires conscious and informed consent by the device owner (i.e., also with full awareness of possible limits on availability due to measures taken by the third party to whom control options were delegated).

With Restricted Boot, you are no longer in charge of your device, especially a computer preloaded with a Microsoft Windows 8 operating system.

4. Freedom to decide
When devices are delivered, trusted computing security systems must be deactivated (opt-in principle). Based on the necessary transparency with regard to technical features and content of trusted computing solutions, device owners must be able to make responsible decisions when it comes to product selection, start-up, configuration, operation and shut-down. Deactivation must also be possible later (opt- out function) and must not have any negative impact on the functioning of hard- and software that does not use trusted computing functions.

I agree. Give me all the fancy security features, but let me decide whether I want to turn any on or not. Even when enabled by default, make it easy for me to disable them.

6. Private use
The Federal Government explicitly calls on makers of trusted computing devices and components (both hard- and software) to offer devices and components also to private users which allow owners complete control over the trusted computing security system at all times.

Nice statement, but the German government needs to do more than “call on makers.” They have an obligation to protect consumers from mega-monopolies. For starters, an anti-trust investigation of the license agreement between Microsoft and hardware vendors will be a step in the right direction.

While we await a more meaningful action from the German government, what has the government over here in our America done or said about this?

You may read the complete German government statement in a PDF file available here.

Related Posts

Students line up for new free software master at open universities Two of Europe's open universities, the Universitat Oberta de Catalunya in Spain and Open Universiteit in the Netherlands, are about to start the firs...
Why I switched from Postgres to MongoDB, then to Neo4j When you're about to start a project and are trying to make a decision on the what applications to use, one way to proceed is to find out what other p...
Hone your penetration testing skills using 70+ recipes from the Kali Linux Cookbook The latest edition of Kali Linux, Kali Linux 2016.1, or Kali Rolling, was released more than a week ago. For those new here, Kali Linux is a deskto...
How to build a Kali Rolling ISO of doom Editor: When you've finished building your Kali Rolling ISO of doom, take another step and enhance your ethical hacking and online penetration testing...
Backdoor in OpenBSD’s IPSEC stack? This following is the email exchange between Theo de Raadt and Gregory Perry. Theo is the lead coder of OpenBSD, and Gregory was a former contributor ...
How to write the first for loop in R In this tutorial we will have a look at how you can write a basic for loop in R. It is aimed at beginners, and if you’re not yet familiar with the bas...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.

One Comment

  1. Geez, I feel like my computer is turning into a tablet or smartphone, where I’ll have to jailbreak it before I can even load the software I want, onto it. 🙁

    Actually, this is one of the reasons I have yet to purchase a tablet. Once I can dual boot GNU/Linux with KDE touch screen plasma desktop, then I’ll buy a tablet. Until then, I’m sticking with laptops… so long as I can keep installing the OS of my choice on them…

Leave a Comment

Your email address will not be published. Required fields are marked *