Jump to content


locked down UEFI


  • Please log in to reply
42 replies to this topic

#26 OFFLINE   mac

mac

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 534 posts

Posted 11 November 2011 - 05:26 PM

QUOTE (lewmur @ Oct 28 2011, 03:10 PM) <{POST_SNAPBACK}>
Canonical, Red Hat and FOSS all put together don't have the clout to force OEM's to do anything.  Only MS, or the anti-trust depts of the worlds govts have that power.  And, of course, MS's purse strings have proven before to be to much of a temptation for govt politician to resist.  Just look at what happened with the .docx situation.


I hate to burst your bubble lewmur, but:
QUOTE
Leading PC makers confirm: no Windows 8 plot to lock out Linux
By Ed Bott | November 2, 2011, 5:29am PDT

Summary: The drumbeat from Linux advocates about a key security feature in Microsoft’s forthcoming Windows 8 is getting louder. They call it an anti-Linux plot. But the two leading PC makers disagree with them. I’ve got exclusive details.


You can read the rest here.

Oh, and there's this:

QUOTE
Linux Foundation: Secure Boot Need Not Be a Problem
By Katherine Noyes, PCWorld

There's been considerable concern in recent weeks over the secure boot mechanism planned for Microsoft's upcoming Windows 8, primarily among Linux users and others worried that the technology will make it impossible to run alternative operating systems on Windows 8 certified PCs.

Such fears were only compounded when the Free Software Foundation weighed in with its own statement of concern about what the technology might mean for users of free and open source software.

On Friday, however, the Linux Foundation added its own voice and perspective to the mix with an explanation of why secure boot doesn't necessarily have to be a bad thing for Linux users.

'If It Is Implemented Properly'

Secure boot offers “the prospect of a hardware-verified, malware-free operating system bootstrap process that can improve the security of many system deployments,” write Linux Foundation Technical Advisory Board Chair James Bottomley and Technical Advisory Board Member Jonathan Corbet in the group's six-page document (PDF).

“Linux and other open operating systems will be able to take advantage of secure boot if it is implemented properly in the hardware,” they add.

That's a big “if,” of course, and the paper makes several key recommendations to help ensure that happens.


The rest of the article is here.

Edited by mac, 11 November 2011 - 05:58 PM.

Mac
"Long ago, when men cursed and beat the ground with sticks,
it was called witchcraft. Today it's called golf." -- Will Rogers (1879-1935)

#27 OFFLINE   réjean

réjean

    Discussion Deity

  • Forum MVP
  • 4,306 posts

Posted 13 November 2011 - 08:23 PM

Good! Now I feel better. stretcher.gif
Not that I would want to install Win 8 on any of our machines, mind you.
registered linux user #374889

#28 ONLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 18,444 posts

Posted 13 November 2011 - 09:23 PM

AWWWW! No anti-Linux conspiracy? Darn!  pinch.gif
Posted Image

#29 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 14 November 2011 - 05:13 PM

Yeah, we'll have to put the pitchforks and torches away......

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#30 ONLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 18,444 posts

Posted 14 November 2011 - 06:14 PM

BURN THE WITCH! Oh, umm... sorry. I get carried away when someone mentions pitchforks and torches.
Posted Image

#31 OFFLINE   lewmur

lewmur

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,219 posts

Posted 15 November 2011 - 10:01 AM

QUOTE (mac @ Nov 11 2011, 03:26 PM) <{POST_SNAPBACK}>
I hate to burst your bubble lewmur, but:


You can read the rest here.

Oh, and there's this:



The rest of the article is here.
First of all, I addressed Ed Bott's article several post back.  I'll just add that IMHO, he is a blatant MS shill.

As to the Linux Foundation quote, the key word is "necessarily".  I'll say it one more time for those who aren't paying attention.  MS could end the controversy with a "stroke of the pen".  All they need to do is add the "on/off switch" requirement to their Win 8 logo license.  Then the "necessarily" goes away.


#32 OFFLINE   crp

crp

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,498 posts

Posted 15 November 2011 - 02:30 PM

QUOTE (lewmur @ Nov 15 2011, 07:01 AM) <{POST_SNAPBACK}>
First of all, I addressed Ed Bott's article several post back.  I'll just add that IMHO, he is a blatant MS shill.
then you have not read him for the past couple of years
QUOTE (lewmur)
As to the Linux Foundation quote, the key word is "necessarily".  I'll say it one more time for those who aren't paying attention.  MS could end the controversy with a "stroke of the pen".  All they need to do is add the "on/off switch" requirement to their Win 8 logo license.  Then the "necessarily" goes away.
Baloney, MS has no requirement to enforce such a measure. They should only be held responsible for not demanding NO off/on switch.
If the OEM wants to be a knucklehead about it, that is their prerogative.
Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience. ~C. S. Lewis

#33 OFFLINE   lewmur

lewmur

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,219 posts

Posted 15 November 2011 - 02:57 PM

QUOTE (crp @ Nov 15 2011, 12:30 PM) <{POST_SNAPBACK}>
then you have not read him for the past couple of years
Baloney, MS has no requirement to enforce such a measure. They should only be held responsible for not demanding NO off/on switch.
If the OEM wants to be a knucklehead about it, that is their prerogative.

I read Mr. Bott only occasionally because his articles are always slanted. Like the way he attacked Apple for the way they handled the rare malware aimed at the Mac.   And that that attack was  proof that the Mac was just as vulnerable as a Winddows Pc.

And I did NOT say MS was required to do anything.  I said they could end the controversy by doing something.  It will be up to the anti-trust enforcers to determine what they will be required to do.

#34 OFFLINE   abarbarian

abarbarian

    Discussion Deity

  • Forum MVP
  • 3,630 posts

Posted 18 November 2011 - 10:08 AM

http://www.muktware.com/news/2958

QUOTE
India may not be a huge contributor to the development of Open Source and Linux, despite being and IT force, it is definitely becoming a big user of Open Source. Emerging economies like Brazil already champion the adoption of Open Source and India is not far behind.

The Indian government recently prepared a draft for the "Policy on Device Drivers for Procurement of Hardware for e-Governance". The goal of the policy was to ensure that computers must be capable of running on all general purpose operating systems including GNU/Linux and not just Microsoft Windows.


When Brazil (and all of south america) India, China, Asia and Russia oh and Europe get their act together I think you will find that Microsoft will be no more than a small footnote in computing history. This latest attempt to lock in the  world to their products is doomed to fail as many countries already realise that commercial lock in is bad. The open source snowball may be slow at the moment but it is gaining momentum and when it rolls the end will be so quick that if you blink you will have missed it. One day it will be Microsoft king of computing the next day it will be Microsoft ? Whats that?   cool.gif
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#35 OFFLINE   lewmur

lewmur

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,219 posts

Posted 21 November 2011 - 02:47 PM

QUOTE (mac @ Nov 11 2011, 03:26 PM) <{POST_SNAPBACK}>
I hate to burst your bubble lewmur, but:


You can read the rest here.

Oh, and there's this:



The rest of the article is here.

Here is the another article about the Linux Foundations position.  Again, the headline suggest that there "need not" be a problem.  But read further.  For that to be true, then MS has to agree to several provisions that it has not agreed to at this point.  So it still come down to MS "doing the right thing".

#36 OFFLINE   Peachy

Peachy

    Anarquista De Sartorial

  • Forum Moderators
  • 5,378 posts

Posted 01 April 2012 - 04:50 PM

A little late to the discussion, but here's Microsoft's response to this issue: http://blogs.msdn.com/b/b8/archive/2011/09...-with-uefi.aspx

From my perspective, I couldn't care less whether my computer has a Windows 8 certified logo. As long as the vendor of the motherboard I want allows me to disable secure boot then I'm fine. If it doesn't, they don't get my money. For people that don't plan on installing Linux, this is a good thing that OEMs will lock down their computer with secure boot. These people aren't in the market for a Linux compatible computer and the fact that they will be protected from rootkits and bootkits is a good thing.

'freedom...is actually the reason that men live together in political organisations at all. Without it, political life as such would be meaningless. The raison d'Être of politics is freedom, and its field of experience is action'.
My Flickr Photo Blog Posted Image
del.icio.us bookmarks Posted Image


#37 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 01 April 2012 - 05:24 PM

I think that the demand might be low enough that many manufacturers will release unlocked hardware, sadly.

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#38 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,633 posts

Posted 02 April 2012 - 11:44 AM

QUOTE (ross549 @ Apr 1 2012, 04:24 PM) <{POST_SNAPBACK}>
I think that the demand might be low enough that many manufacturers will release unlocked hardware, sadly.

Adam


do you mean "won't" release?
Posted Image

#39 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 02 April 2012 - 02:46 PM

Whoops! My mistake. wink.gif

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#40 OFFLINE   crp

crp

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,498 posts

Posted 02 April 2012 - 03:26 PM

The issue is not just the ability to put a Linux or BSD or whatever non-msWindows OS on the pc. What about being able to put on XP or Win7 or Win9? For that matter, will Win8 SP5 be so different that the OS will be locked out?
Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience. ~C. S. Lewis

#41 OFFLINE   Peachy

Peachy

    Anarquista De Sartorial

  • Forum Moderators
  • 5,378 posts

Posted 02 April 2012 - 06:36 PM

QUOTE (crp @ Apr 2 2012, 03:26 PM) <{POST_SNAPBACK}>
The issue is not just the ability to put a Linux or BSD or whatever non-msWindows OS on the pc. What about being able to put on XP or Win7 or Win9? For that matter, will Win8 SP5 be so different that the OS will be locked out?


As long as the UEFI firmware has a BIOS compatibility mode then installing non-UEFI aware operating systems should still be possible. It should be possible to install Windows 8  with Secure Boot disabled; you just won't get the guarantee that your installation will be safe from rootkits.

The purpose of Secure Boot is to allow OEMs to protect the UEFI installation by blocking unsigned bootloaders. All Microsoft is asking is that if you want a Windows 8 sticker on your computer then you need to have Secure Boot enabled (and no way to disable it most likely). I suspect it would be very easy to compromise a UEFI system because the ESP (EFI System Partition) is FAT32. Secure Boot would be one way to protect the system.

'freedom...is actually the reason that men live together in political organisations at all. Without it, political life as such would be meaningless. The raison d'Être of politics is freedom, and its field of experience is action'.
My Flickr Photo Blog Posted Image
del.icio.us bookmarks Posted Image


#42 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,633 posts

Posted 02 April 2012 - 10:14 PM

i've heard it said, perhaps here too, that some brilliant linux kernal guy will figure a way to bluff uefi, or whatever is put in place.

any merit to that thought??

ps
i believe non-reversable hash is bunk.  
given a large enough sample, and a moderate super-computer,
and alogrithms we the non-govt people can use, it should be easy enough to defeat.
Posted Image

#43 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 03 April 2012 - 04:26 AM

I think someone will find a way around it... much in the same way as the jailbreakers and rooters find a way. wink.gif

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users