Fedora Capitulates To MS

Chat about Linux in general
Post Reply
KBD47
Level 7
Level 7
Posts: 1808
Joined: Fri Jul 29, 2011 12:03 am

Fedora Capitulates To MS

Post by KBD47 » Fri Jun 01, 2012 11:15 am

This makes me angry:
http://www.itworld.com/open-source/2794 ... ertificate
The very thing many of us feared regarding UEFI. MS would love to keep Linux on a leash, looks like it may happen :(

User avatar
/dev/urandom
Level 5
Level 5
Posts: 619
Joined: Sun Jul 17, 2011 8:02 pm

Re: Fedora Capitulates To MS

Post by /dev/urandom » Fri Jun 01, 2012 11:25 am

Ah, bad journalism.
Fedora 18, due in November, will be the first version able to run on computers that use UEFI (Unified Extensible Firmware Interface)
Fedora 16 (meanwhile 17) runs well on my UEFI laptop. I presume the wording is just wrong.
Linux is not the only answer! :: eD2k/Kad mirrors for Linux Mint and LMDE.
Users who misspell "Windows" as "Windoze" intentionally will be considered stupid.

Image

User avatar
xenopeek
Level 24
Level 24
Posts: 24134
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Fedora Capitulates To MS

Post by xenopeek » Fri Jun 01, 2012 1:37 pm

Instead of reading that media drivel, read the Matthew Garret's (of Red Hat) announcement on this topic: http://mjg59.dreamwidth.org/12368.html

I think "Capitulates To MS" is sensationalism. Matthew goes on to explain in detail why this is for now the workable solution to make Fedora 18 boot on Windows 8 certified hardware without the user having to do anything special. And the $99 one-time fee for getting the signing key is paid to Verisign, not Microsoft. Secure boot will also make Linux more secure. Though the current implementation is not ideal for Linux, the Fedora developers have found a way to integrate it into Fedora without the user needing to notice. I think that is a victory over the earlier perspective we had on Linux's future on Windows 8 certified hardware...

Read Matthew's article and make up your own mind on this :wink:

PS. UEFI is not a problem for Linux, unless it has secure boot enabled.
Image

Habitual
Level 13
Level 13
Posts: 4870
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Fedora Capitulates To MS

Post by Habitual » Fri Jun 01, 2012 2:05 pm

re: http://mjg59.dreamwidth.org/12368.html

Good read, but it eerily similar to the conversations we had the week after Phil Zimmerman released PGP.
"signing"..."keys"..."trust".

KBD47
Level 7
Level 7
Posts: 1808
Joined: Fri Jul 29, 2011 12:03 am

Re: Fedora Capitulates To MS

Post by KBD47 » Sat Jun 02, 2012 11:44 pm

More about this:
http://boingboing.net/2012/05/31/lockdo ... g+Boing%29
If UEFI can be easily disabled, it would not be much of an issue. I wonder about dual and multi-booting.

aes2011
Level 5
Level 5
Posts: 506
Joined: Wed Jul 06, 2011 10:39 pm

Re: Fedora Capitulates To MS

Post by aes2011 » Sun Jun 03, 2012 11:39 am

KBD47 wrote:More about this:
http://boingboing.net/2012/05/31/lockdo ... g+Boing%29
If UEFI can be easily disabled, it would not be much of an issue. I wonder about dual and multi-booting.
Even without secure boot, I get the impression that loading a Linux OS (for dual boot) onto a PC already having Windows +UEFI instead of the old BIOS is technically far more demanding.

KBD47
Level 7
Level 7
Posts: 1808
Joined: Fri Jul 29, 2011 12:03 am

Re: Fedora Capitulates To MS

Post by KBD47 » Sun Jun 03, 2012 12:53 pm

That's what I'm thinking. I also think the days of just handing someone a Mint DVD to try Linux may be gone. Once you have to start messing with UEFI to get Linux to run people are going to get nervous about trying Linux IMO.

lsatenstein
Level 1
Level 1
Posts: 16
Joined: Sat Dec 03, 2011 2:33 pm

Re: Fedora Capitulates To MS

Post by lsatenstein » Tue Jun 05, 2012 4:33 pm

altair4 wrote:Matthew Garrett has made a correction in his statement that might make this more palatable:
The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access edit: The $99 goes to Verisign, not Microsoft - further edit: once paid you can sign as many binaries as you want), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.
I see several unaddressed issues with UEFI. One is the signing authority uses certificates from Verisign. 2) There is no alternate signing authority (Thwate is one I like).
Another issue is the problem with installing a system when there is no internet. How can we complete this activity?

The third one has to do with Virtual Machines (VM). If the VM has to also have a certificate, then will it be necessary for the operating system that is installed under VM to need one too?

If I add or remove a printer, or a different hard disk, are these hardware devices going to be secured as well?

With UEFI, what I foresee as a tendency is for operating systems to be deployed on the web, and we will do a remote boot. That way, one source on the web has all the updates and we always have the most recent version. Our data may be local, but we boot mint, fedora, debian, etc, from a website via a remote file system and fast internet.

One justification for UEFI was security. That implies that rights management software such as Selinux and other rights management software will become redundant. That may be a plus if these things do not have to be maintained.

For me, even with UEFI, if you do a dual boot configuration, there is a likelihood that from Linux you may not be able to read your unencrypted Windows Partitions. I share files between Windows 7 and Linux from Linux and would not want to stop doing this.

We think we require hard disks greater than 3 terrabytes each. I think that we are better off with several smaller hard disks, first of all, for rapid access, and secondly, for spreading data across smaller drives which together, give a seamless impression of petabyte storage. SSD's may also change the whole discussion about UEFI.

UEFI bios should be discarded in favor of a TPM. (Trusted Platform Module). The TPM has a microprocessor and functions as a smart card and more. Now someone would tell me that we need both, UEFI and TPM.

Sigh.... A discussion until reality comes to all of us with new hardware.

KBD47
Level 7
Level 7
Posts: 1808
Joined: Fri Jul 29, 2011 12:03 am

Re: Fedora Capitulates To MS

Post by KBD47 » Wed Jun 06, 2012 9:59 pm

Another good article about this:
http://www.itworld.com/it-managementstr ... till-sucks
At the risk of sounding pessimistic, I think this is another nail in Linux's coffin. :( Anything that makes it harder to get Linux to work on a MS machine is going to repel potential new Linux users. The best thing that can happen is a quick, widely available hack that totally disables this. I think in the end secure boot will be a joke, but it will be a bad joke on Linux, and MS will get what they really want--no competition on the desktop. Yet they are so two-faced, now that they have Linux basically further crippled for the foreseeable future, they are pretending to befriend Linux: http://www.pcworld.com/businesscenter/a ... azure.html but I think what it comes down to is that MS has now found a way to make $ on free software.

KBD47
Level 7
Level 7
Posts: 1808
Joined: Fri Jul 29, 2011 12:03 am

Re: Fedora Capitulates To MS

Post by KBD47 » Wed Jun 06, 2012 10:42 pm

I think in the end for Linux to not only thrive but to survive, we need laptops, netbooks, ultrabooks, and tablets with Linux pre-installed. I know there are a few out there already, but we need a widely available selection of hardware with Linux on board.

Post Reply

Return to “Chat about Linux”