UEFI secure booting and the future

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
zerozero

Re: UEFI secure booting and the future

Post by zerozero »

so from now on we have 2 options:
- flash a "clean" bios (obtained where? will the manufacturers have it on their site available, and will microsoft be happy with this?)
- disable secure boot in order to boot and install any form of linux (won't this have a negative psychological effect on nOObs?)
neither is a good option and in a way microsoft wins always :evil:
altair4
Level 20
Level 20
Posts: 11427
Joined: Tue Feb 03, 2009 10:27 am

Re: UEFI secure booting and the future

Post by altair4 »

For those who are may not know there is a rebuttal to Microsoft's rebuttal (?) here: http://mjg59.dreamwidth.org/5850.html

It doesn't look like Matthew Garrett is particularly convinced by Microsoft's assessment.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
User avatar
xenopeek
Level 25
Level 25
Posts: 29507
Joined: Wed Jul 06, 2011 3:58 am

Re: UEFI secure booting and the future

Post by xenopeek »

altair4 wrote:For those who are may not know there is a rebuttal to Microsoft's rebuttal (?) here: http://mjg59.dreamwidth.org/5850.html

It doesn't look like Matthew Garrett is particularly convinced by Microsoft's assessment.
Thanks for the link. I hope Microsoft goes ahead and does this. Just like with their bundled browser, the EU will see this for what it is--a monopolist strong-arming its customers (hardware vendors) and anti-competitive practices. We have strong competition laws in the EU, and if Microsoft goes ahead with this, the way the article from Matthew foreshadows it, we can look forward to another giant lawsuit and settlement and enforced rollback of this. It is a good move for Microsoft to try to cut out Linux, Android and others for competing with Windows 8, but it will not fly here.

I have some rude remarks about Microsoft about this, but I'll keep it polite.

I'm wondering the FSF hasn't yet piped in on this. (I recently converted to Stallmanism, and seek the words of the Prophet Richard Stallman on this...)
Image
DrHu

Re: UEFI secure booting and the future

Post by DrHu »

From the link given by the OP, this is the problem: windows 8
--it is essentially anti-democratic and anti-consumer (anti-competitive, dare one say not free?(market) enterprise/capitalist), but so: nothing new there, we've all seen it already..
  • How will we be able to get newer cheap windows OS supplied computers and install our favorite OS, if this continues..
  • From the link by the OP
    A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.
--we all, I think like that Microsoft has been able to drive the consumer prices down for computers via their mass marketing and would sorely miss it, if it disappeared..

I think the general problem is that people (read governments, commercial interests) all want to find/manage or control access.
  • The only thing this does is push monitoring closer to the user..
Therefore we get ideas such as hardware locks, and trusted computing networks etc
--don't forget that the government has been in bed with ISP suppliers (the Internet backbone) from the beginnings to ensure their access
BigSteve_G

Re: UEFI secure booting and the future

Post by BigSteve_G »

From what I've read elsewere (the reg I think) the main idea with this is to make sure only the installed & un--modified Windows 8 can be used to boot a system presumably to prevent pirated copies of Windows being used, stop local hacks using Live discs & make the end user feel safe by going on about the new secure boot.

-Also from what I understand if someone buys a Windows 8 machine when Windows 9 comes out they cant even upgrade unless they buy a new machine (nice money making idea) then there's data rescue - no more "system wont boot? I'll use a Linux disc to copy the HDD to USB then I'll reinstall Windows for you"

On the plus side, going off the above screen shot by Vinncent it looks like this feature can be turned off or on, lets hope so other wise those of us who make a little beer by doing data rescue will have problems like..... erm... putting their HDD in our machines? - ok maybe we wont have a problem :-)
altair4
Level 20
Level 20
Posts: 11427
Joined: Tue Feb 03, 2009 10:27 am

Re: UEFI secure booting and the future

Post by altair4 »

According to Matthew Garrett, "here are the facts":
# Windows 8 certification requires that hardware ship with UEFI secure boot enabled.
# Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option.
# Windows 8 certification does not require that the system ship with any keys other than Microsoft's.
# A system that ships with UEFI secure boot enabled and only includes Microsoft's signing keys will only securely boot Microsoft operating systems.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
rijnsma

Re: UEFI secure booting and the future

Post by rijnsma »

xenopeek wrote:
altair4 wrote:For those who are may not know there is a rebuttal to Microsoft's rebuttal (?) here: http://mjg59.dreamwidth.org/5850.html

It doesn't look like Matthew Garrett is particularly convinced by Microsoft's assessment.
Thanks for the link. I hope Microsoft goes ahead and does this. Just like with their bundled browser, the EU will see this for what it is--a monopolist strong-arming its customers (hardware vendors) and anti-competitive practices. We have strong competition laws in the EU, and if Microsoft goes ahead with this, the way the article from Matthew foreshadows it, we can look forward to another giant lawsuit and settlement and enforced rollback of this. It is a good move for Microsoft to try to cut out Linux, Android and others for competing with Windows 8, but it will not fly here.

I have some rude remarks about Microsoft about this, but I'll keep it polite.

I'm wondering the FSF hasn't yet piped in on this. (I recently converted to Stallmanism, and seek the words of the Prophet Richard Stallman on this...)
Agree fully!!
karashata

Re: UEFI secure booting and the future

Post by karashata »

I'm not overly worried about this possible issue, my understanding is that UEFI Secure Boot will only be required to be enabled by default for OEMs and manufacturers to receive the "Designed for Windows 8" logo as part of the licensing program. While some OEMs and manufacturers are bound to do the minimum to meet the requirements and may not include a way to disable it in the UEFI, any reasonable OEM or manufacturer will probably include an option to disable it. I don't believe UEFI Secure Boot is *required* in order to actually boot and run Windows 8, as that would prevent any upgrade path for current users on older hardware, and MS so far isn't known for doing that (except in the sense that newer versions do usually require relatively modern hardware)... I would like to think they'd prefer that people with existing hardware be able to upgrade to Windows 8 if they so chose...

That said, while our options might be reduced by lazy OEMs or manufacturers not including an option to disable Secure Boot in the UEFI, and we'll have one extra step to perform when planning a Linux installation (which might be a touch annoying, but I'm sure we'll get used to it...), I doubt we'll be left high-and-dry with no way to run Linux on newer hardware. If anything, if and when we find hardware that doesn't support Linux due to an inability to disable Secure Boot, we leave poor/negative reviews on it and demand refunds. Eventually OEMs are bound to get the message: There's a Linux user-base out here that demands we be able to continue to use our operating system of choice. If you fail to support us in our endeavour, we'll take out business elsewhere to someone who will.
lexon

Re: UEFI secure booting and the future

Post by lexon »

Is this suppose to be part of the BIOS? If it is, then even putting in a new formatted hard drive will not work.
I have done a couple 'Tops with new drive saving the W drive if needed. Drives are cheap if you know how to shop on line.
I avoid dual boot like the plague.

L
karashata

Re: UEFI secure booting and the future

Post by karashata »

UEFI is a replacement for the older BIOS, and Secure Boot is a part of UEFI.

I'm unsure how Secure Boot will handle a freshly formatted drive without any OS on it (though, technically, an empty drive would mean no code to check, so it would probably display a "no bootable media" error...), but adding a new hard drive without changing/replacing the existing boot drive, or adding any other new hardware, shouldn't make Secure Boot prevent the system from booting, at least from my understanding. AFIAK it only checks to verify that the code being booted is signed, and will prevent it from booting if it's not, the hardware configuration shouldn't affect that.

Secure Boot would probably prevent the system from booting on unsigned media, though, so only OEM-provided restore discs and Windows 8 install discs would probably work. (Though, what OEM these days actually sends restore discs anymore, nowadays it's usually a partition on the drive and if you want discs you need to burn them yourself... OEMs would need to make sure their utilities make signed discs then... I wonder how that'll work out...)

One more reason for OEMs and manufacturers to include an option to disable UEFI, upgrading or replacing an existing boot drive. Even that is necessary once in a while with a Windows system. (Though, I suppose it would be an excuse for lazy/cheap OEMs to say "Oh, if anything happens to your hard drive and it needs replacement, you'll have to take/send it back here for maintenance."... *sigh*)
User avatar
xenopeek
Level 25
Level 25
Posts: 29507
Joined: Wed Jul 06, 2011 3:58 am

Re: UEFI secure booting and the future

Post by xenopeek »

For the next few years businesses will continue to use Windows XP or Windows 7 (some even Windows Vista), even on new hardware. They'll want the hardware to be Windows 8 ready, but they are not going to jump to Windows 8 after having just started migrating to Windows 7 this year... Any hardware vendor who doesn't want to shoot his own foot is going to make sure his hardware will also run (at least) Windows 7--meaning the ability to switch off UEFI secure boot.
Image
rijnsma

Re: UEFI secure booting and the future

Post by rijnsma »

I can't trust M$.
http://www.winrumors.com/red-hat-employ ... ification/
One of a lot of web-articles.
acerimusdux
Level 5
Level 5
Posts: 635
Joined: Sat Dec 26, 2009 3:36 pm

Re: UEFI secure booting and the future

Post by acerimusdux »

1. UEFI is a replacement for BIOS, so a UEFI computer or motherboard doesn't have a BIOS.
2. These features will be controlled by the UEFI; any decent motherboard will likely allow you to boot into a UEFI setup menu, and should have options to either disable secure boot, or to add your own keys, if desired.
3. The bigger risk is going to be on smaller devices, where manufacturers are already often reluctant to allow user control of what OS is running.
4. While the screenshot provided by MS of the Samsung tablet shows the option to disable Secure Boot, they also make it clear this will be entirely up to the hardware vendor whether to provide this capability.
5. In some respects the hardware vendors are a bigger threat here than MS. Secure Boot is a standard part of UEFI; this wasn't really initiated by MS, they simply decided to support it in Win 8. Yes, they also require it to be enabled in the firmware, but that's the only way it could work. It wouldn't add any security otherwise.
6. I guarantee there will be at least some OEMs who will want to test and see if they can get away with locking you into their provided OS.

So this is likely going to be less a catastrophic change, than potentially a continued slow erosion, which can be fought as long as consumers only chose to buy hardware which they are able to themselves control.

It probably is worth raising a ruckus over though, as if there is a big enough outcry over this, then maybe more hardware vendors will be eager to be able to advertise that their own systems provide UEFI implementations which will allow users to install whatever hardware, operating systems, and software they wish.
rijnsma

Re: UEFI secure booting and the future

Post by rijnsma »

It is unacceptable in my opinion that a user maybe can't anymore install some kind of
operating system, because Windows is so vulnarable for attack, that the industry would
follow M$ in its (U)EFI-demands.

This UEFI-thing must ALWAYS!! be switchable or whatever. So the 'user' has never that problem.

It is almost a human right to be protected from destroying the tools with which you work, by a 'company', that
for years produces unsafe cr*p and which does like to cover things this way (like they always did with small
marketplayers!! They have the money.)

This is the knife on the throat which I always expected from M$. Just not cutting yet.
But when you wait long enough... They think of something. Now and in the future.
johnalexrob

Re: UEFI secure booting and the future

Post by johnalexrob »

rijnsma wrote:I can't trust M$.
http://www.winrumors.com/red-hat-employ ... ification/
One of a lot of web-articles.
Of all the comments on that site that site that I read, not a single person on that site seemed to know what they were talking about. It is a helpful security addition, but it cuts freedom and none of them could see that. They all seemed to think that all Linux users would just build their own computers to get around this. I guess that's what you get on a site full of Windows users. And it's not just Linux users that are getting blocked out-it's FreeBSD users, it's OpenSolaris users, and it's Windows XP users, too! Regardless of what OS you use, it still has to be illegal somehow. Before you know it, we're all going to be paying MS to build our own computers, too.
rijnsma

Re: UEFI secure booting and the future

Post by rijnsma »

It is one of many articles on the web, I mentioned.
Let's hope there will be as much as possible awareness.
Before one knows there could be a problem.
I think I know how some CEO's think and deal...

http://www.itworld.com/it-managementstr ... linux-mess

pcr-online
[..]
Cambridge University security engineering professor Ross Anderson raised the red flag on the Lightbluetouchpaper security research blog, saying that Microsoft pushing for mandatory UEFI support meant "unauthorised operating systems like Linux and FreeBSD just won’t run at all."
"The extension of Microsoft’s OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate. It is clearly unlawful and must not succeed," said Prof Anderson.[..]
http://www.pcr-online.biz/news/37081/Mi ... -OS-claims

Maybe nothing is wrong, but maybe there is..
johnalexrob

Re: UEFI secure booting and the future

Post by johnalexrob »

The simple fact that MS does not require that OEMs allow the secure boot to be disabled (which they could very easily do) shows that they are being anti-competive. They want to limit the available choices for users of other OSes. They want to make other OSes seem less secure than Windows because they have to have that security option disabled. They know that some OEMs will not add that option if they are not forced to do so (or asked by MS). If the vendors don't, they seem like the bad guys because they did not provide the option or the keys (and reverse engineering the keys would be illegal). On top of that, as Garrett said, it also opens up all kinds of problems with the GPL and kernel.

To the average Windows user, it seems like a welcome feature, and it really is, but they believe that MS is adding it to protect the user. If you read between the lines, you see they are not protecting the user, but themselves. What's even worse, chances are that they will get away with it.

Also, about that Stallmanism, I read that page, and it is a serious religion? It was written so seriously that I couldn't tell if it was a great metaphor or really a religion.
User avatar
xenopeek
Level 25
Level 25
Posts: 29507
Joined: Wed Jul 06, 2011 3:58 am

Re: UEFI secure booting and the future

Post by xenopeek »

johnalexrob wrote:Also, about that Stallmanism, I read that page, and it is a serious religion? It was written so seriously that I couldn't tell if it was a great metaphor or really a religion.
It's not serious. But if there is one person fighting for your basic freedoms as a computer user, it is Richard Stallman. He regularly pokes a bit of fun himself (see this on his website: http://stallman.org/saint.html.

Edit: back on topic of UEFI secure booting and the future.
Last edited by xenopeek on Wed Sep 28, 2011 12:22 pm, edited 1 time in total.
Image
rijnsma

Re: UEFI secure booting and the future

Post by rijnsma »

Peace man... :D
AlbertP
Level 16
Level 16
Posts: 6701
Joined: Sun Jan 30, 2011 12:38 pm
Location: Utrecht, The Netherlands

Re: UEFI secure booting and the future

Post by AlbertP »

It's all very interesting but, what's the relation between Stallmanism and UEFI secure boot? This topic is named "UEFI secure booting and the future".
Registered Linux User #528502
Image
Feel free to correct me if I'm trying to write in Spanish, French or German.
Locked

Return to “Open Chat”