securitybreach Posted February 14, 2014 Share Posted February 14, 2014 See, I can switch between UEFI and Bios: It also has a 3D mouse driven mode and instant on crap: 1 Quote Link to comment Share on other sites More sharing options...
goretsky Posted February 14, 2014 Share Posted February 14, 2014 Hello, Actually, I believe the certificate is issued by Verisign, not Microsoft. No idea why other OS vendors haven't gone out and bought their own certificates, or set up their certificate authorities, etc. From your average motherboard manufacturer's POV, I'm sure they'd love to boast their motherboards had more certs than their competitors' offerings. Regards, Aryeh Goretsky 1 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted February 14, 2014 Share Posted February 14, 2014 http://www.elpauer.org/2011/10/the-secure-boot-controversy/ I think this taken from the comments of the above explain a freedom lovers point very well. Wait a minute — you’re suggesting *Verisign* be the authority to certify organizations and to maintain a list of keys for UEFI? That’s crazy. Remember back in the “dark ages” of SSL where Verisign was the only game in town? Nobody wants to go back to those days — those were the days where signed SSL keys were prohibitively expensive, and so the “solution” was to create other CA’s, which then created problems of too many CA’s. Having any one authority be the gatekeeper also causes serious issues of TRUST AGILITY. See: http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity The only possible solution here is for UEFI to mandate that the owner of the computer have the “master key” to their own UEFI bootloader. Yes, this means that the machine will be vulnerable to User Error, but there’s NO other way to allow the computer owner to retain their freedom, and so not giving the user this freedom, one way or another, is another attempt at a power grab, and that /*IS*/ Microsoft’s fault for writing their Windows 8 sticker spec such that the user doesn’t get any override choice. The two comments above this are well worth a read especially this one. Fortunatly, matthew garrett presented an elgant solution to allow to add keys without hurdle or compromising security: http://mjg59.dreamwidth.org/6503.html I hope such a solution is implemented. Microsoft will help this become a reality when **** freezes over at a push. Quote Link to comment Share on other sites More sharing options...
raymac46 Posted February 14, 2014 Share Posted February 14, 2014 I know Gigabyte does not turn on Secure Boot. In fact I couldn't find any mention of it in the EFI setup so I didn't need to worry about it at all. This is on a motherboard straight from Newegg and the system it's in has only Linux installed. It is using EFI and GPT for sure though. 1 Quote Link to comment Share on other sites More sharing options...
raymac46 Posted February 14, 2014 Share Posted February 14, 2014 Those of us who come from the antediluvian computer era remember when the BIOS was - well, a BIOS. It orchestrated all the hardware/userspace interactions. As time passed more and more of the BIOS functions got switched over to the O/S (through drivers for the hardware) and now we are at the point where the BIOS is a one trick pony it seems. BIOS means "Boot It or Stop" I guess. Even doing this one thing the 1980s BIOS has its limitations and really in the long run will disappear. It's early days but UEFI is going to take over eventually. I think this whole thing would be far less controversial if the Secure Boot issue hadn't got mixed in. Just my $0.02 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted February 14, 2014 Share Posted February 14, 2014 See, I can switch between UEFI and Bios: Once again, you are DA' MAN! 1 Quote Link to comment Share on other sites More sharing options...
sunrat Posted February 15, 2014 Author Share Posted February 15, 2014 I think this whole thing would be far less controversial if the Secure Boot issue hadn't got mixed in. Just my $0.02 Secure Boot is a non-issue for Linux, it only affects Windows. Turn it off and forget about it. Sure it would be nice if it worked seamlessly but it doesn't, and focussing on it misses the point of the original article I posted. 1 Quote Link to comment Share on other sites More sharing options...
raymac46 Posted February 15, 2014 Share Posted February 15, 2014 (edited) In fact if you're building your own machine to run Linux (or even Windows 8,) your motherboard may not come with Secure Boot enabled at all. You can certainly install Win 8, Linux or dual boot in that case without any problems. The only people who will have to worry are those who have Windows 8 pre-installed on (say) a Dell x86 computer and want to dual boot Linux. In that case they will have to switch it off. At this point in time you still have the option to go with legacy boot using BIOS and MBR, or if you wish UEFI and GPT. The choice is still there. Edited February 15, 2014 by raymac46 2 Quote Link to comment Share on other sites More sharing options...
goretsky Posted February 20, 2014 Share Posted February 20, 2014 Hello, There are plenty of other certificate authorities out there besides VeriSign. Comodo, GoDaddy and Thawte all come to mind, and there's plenty of others. Regards, Aryeh Goretsky 1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted February 20, 2014 Share Posted February 20, 2014 Secure Boot is a non-issue for Linux, it only affects Windows. Turn it off and forget about it. Sure it would be nice if it worked seamlessly but it doesn't, and focussing on it misses the point of the original article I posted. That would depend on the computer/device. Not all devices have the ability to disable, even temporarily, SecureBoot: If you have an ARM tablet running Windows RT (like the Surface RT or the Asus Vivo RT), then you will not be able to disable Secure Boot or install other OSes. Like many other ARM tablets, these devices will only run the OS they come with. If you have a non-ARM computer running Windows 8 (like the Surface Pro or any of the myriad ultrabooks, desktops, and tablets with an x86-64 processor), then you can disable Secure Boot completely, or you can install your own keys and sign your own bootloader. Either way, you can install a third party OS like a Linux distro or FreeBSD or DOS or whatever pleases you. From HowToGeek.com: If I Buy a Computer with Windows 8 and Secure Boot Can I Still Install Linux? How to Boot and Install Linux on a UEFI PC With Secure Boot Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 20, 2014 Share Posted February 20, 2014 Hello, There are plenty of other certificate authorities out there besides VeriSign. Comodo, GoDaddy and Thawte all come to mind, and there's plenty of others. Regards, Aryeh Goretsky GoDaddy? Ha... I wouldn't let them sign a cast much less something security related. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted February 20, 2014 Share Posted February 20, 2014 Danica Patrick can sign anything I own. 1 Quote Link to comment Share on other sites More sharing options...
goretsky Posted February 21, 2014 Share Posted February 21, 2014 Hello, I was just using Go Daddy as an example; it is not a company I would do business with, either. But, the point stands that there are a lot of CA's out there. Frankly, given the existing companies out there, I really would like to see the open source community start up a reasonably transparent CA (not to mention domain registrars, etc.) that operated as a non-profit. Regards, Aryeh Goretsky 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted February 21, 2014 Share Posted February 21, 2014 I've never used GoDaddy!, but just out of curiosity... what's wrong with them? Quote Link to comment Share on other sites More sharing options...
crp Posted February 21, 2014 Share Posted February 21, 2014 I've never used GoDaddy!, but just out of curiosity... what's wrong with them? Politics . The company supported SOPA. 2 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 22, 2014 Share Posted February 22, 2014 Politics . The company supported SOPA. Yup, they outright supported SOPA and then changed their mind because of the backlash. GoDaddy backed one of the most destructive laws ever to threaten the internet. It was only after 50,000 GoDaddy users left in protest that they changed course. http://www.authormedia.com/6-reasons-authors-should-avoid-godaddy/ 1 Quote Link to comment Share on other sites More sharing options...
goretsky Posted February 22, 2014 Share Posted February 22, 2014 Hello, On a personal note, I had a run-in with CEO Bob Parsons back in the late 1980s (or maybe 1990) on CompuServe. He was a bit of a jerk. That, of course, was many years before this: http://en.wikipedia.org/wiki/Bob_Parsons#Elephant_shooting_controversy Regards, Aryeh Goretsky 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted February 22, 2014 Share Posted February 22, 2014 AH! OK, that answers that. Thanks, folks! I'll remember that in the future should I need a domain service or hosting service. 2 Quote Link to comment Share on other sites More sharing options...
Cluttermagnet Posted July 17, 2014 Share Posted July 17, 2014 Roger- Thanks for a truly great link! It's going to take me a good while to digest all that. I'll work at it. That guy writes very well, quite polished IMO. As he notes, UEFI itself is a work in progress, and his own piece rapidly evolved as soon as he released it and started getting comments. BTW I was totally occupied with some electronics design and building back last winter (northern hemisphere), so this thread pretty much flew by me at the time. Great discussion, guys... 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.