Linux Mint Forums

[KBD47]

This makes me angry:
http://www.itworld.com/open-source/2794 ... ertificate
The very thing many of us feared regarding UEFI. MS would love to keep Linux on a leash, looks like it may happen

[/dev/urandom]

Ah, bad journalism.

Fedora 18, due in November, will be the first version able to run on computers that use UEFI (Unified Extensible Firmware Interface)

Fedora 16 (meanwhile 17) runs well on my UEFI laptop. I presume the wording is just wrong.

[xenopeek]

Instead of reading that media drivel, read the Matthew Garret's (of Red Hat) announcement on this topic: http://mjg59.dreamwidth.org/12368.html

I think "Capitulates To MS" is sensationalism. Matthew goes on to explain in detail why this is for now the workable solution to make Fedora 18 boot on Windows 8 certified hardware without the user having to do anything special. And the $99 one-time fee for getting the signing key is paid to Verisign, not Microsoft. Secure boot will also make Linux more secure. Though the current implementation is not ideal for Linux, the Fedora developers have found a way to integrate it into Fedora without the user needing to notice. I think that is a victory over the earlier perspective we had on Linux's future on Windows 8 certified hardware...

Read Matthew's article and make up your own mind on this

PS. UEFI is not a problem for Linux, unless it has secure boot enabled.

[Habitual]

re: http://mjg59.dreamwidth.org/12368.html

Good read, but it eerily similar to the conversations we had the week after Phil Zimmerman released PGP.
"signing"..."keys"..."trust".

[KBD47]

More about this:
http://boingboing.net/2012/05/31/lockdo ... g+Boing%29
If UEFI can be easily disabled, it would not be much of an issue. I wonder about dual and multi-booting.

[aes2011]

More about this:
http://boingboing.net/2012/05/31/lockdo ... g+Boing%29
If UEFI can be easily disabled, it would not be much of an issue. I wonder about dual and multi-booting.

Even without secure boot, I get the impression that loading a Linux OS (for dual boot) onto a PC already having Windows +UEFI instead of the old BIOS is technically far more demanding.

[KBD47]

That's what I'm thinking. I also think the days of just handing someone a Mint DVD to try Linux may be gone. Once you have to start messing with UEFI to get Linux to run people are going to get nervous about trying Linux IMO.

[lsatenstein]

Matthew Garrett has made a correction in his statement that might make this more palatable:

The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access edit: The $99 goes to Verisign, not Microsoft - further edit: once paid you can sign as many binaries as you want), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.

I see several unaddressed issues with UEFI. One is the signing authority uses certificates from Verisign. 2) There is no alternate signing authority (Thwate is one I like).
Another issue is the problem with installing a system when there is no internet. How can we complete this activity?

The third one has to do with Virtual Machines (VM). If the VM has to also have a certificate, then will it be necessary for the operating system that is installed under VM to need one too?

If I add or remove a printer, or a different hard disk, are these hardware devices going to be secured as well?

With UEFI, what I foresee as a tendency is for operating systems to be deployed on the web, and we will do a remote boot. That way, one source on the web has all the updates and we always have the most recent version. Our data may be local, but we boot mint, fedora, debian, etc, from a website via a remote file system and fast internet.

One justification for UEFI was security. That implies that rights management software such as Selinux and other rights management software will become redundant. That may be a plus if these things do not have to be maintained.

For me, even with UEFI, if you do a dual boot configuration, there is a likelihood that from Linux you may not be able to read your unencrypted Windows Partitions. I share files between Windows 7 and Linux from Linux and would not want to stop doing this.

We think we require hard disks greater than 3 terrabytes each. I think that we are better off with several smaller hard disks, first of all, for rapid access, and secondly, for spreading data across smaller drives which together, give a seamless impression of petabyte storage. SSD's may also change the whole discussion about UEFI.

UEFI bios should be discarded in favor of a TPM. (Trusted Platform Module). The TPM has a microprocessor and functions as a smart card and more. Now someone would tell me that we need both, UEFI and TPM.

Sigh.... A discussion until reality comes to all of us with new hardware.

[KBD47]

Another good article about this:
http://www.itworld.com/it-managementstr ... till-sucks
At the risk of sounding pessimistic, I think this is another nail in Linux's coffin. Anything that makes it harder to get Linux to work on a MS machine is going to repel potential new Linux users. The best thing that can happen is a quick, widely available hack that totally disables this. I think in the end secure boot will be a joke, but it will be a bad joke on Linux, and MS will get what they really want--no competition on the desktop. Yet they are so two-faced, now that they have Linux basically further crippled for the foreseeable future, they are pretending to befriend Linux: http://www.pcworld.com/businesscenter/a ... azure.html but I think what it comes down to is that MS has now found a way to make $ on free software.

[KBD47]

I think in the end for Linux to not only thrive but to survive, we need laptops, netbooks, ultrabooks, and tablets with Linux pre-installed. I know there are a few out there already, but we need a widely available selection of hardware with Linux on board.