Windows 8 Secure Boot Would 'Exclude' Linux

Author	All Replies
FF4me @rr.com	Windows 8 Secure Boot Would 'Exclude' Linux From The Register: Computer scientists warn that proposed changes in firmware specifications may make it impossible to run “unauthorised” operating systems such as Linux and FreeBSD on PCs. Proposed changes to the Unified Extensible Firmware Interface (UEFI) firmware specifications would mean PCs would only boot from a digitally signed image derived from a keychain rooted in keys built into the PC. Microsoft is pushing to make this mandatory in a move that could not be overridden by users and would effectively exclude alternative operating systems, according to Professor Ross Anderson of Cambridge University and other observers. UEFI is a successor to the BIOS ROM firmware designed to shorten boot times and improve security. The framework, a key part of Windows 8, is designed to work on a variety of CPU architectures. If the draft for UEFI is adopted without modification, then any system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux. A signed version of Linux would work, but this poses problems, as tech blogger Matthew Garrett explains. The upshot of the changes is that considerable roadblocks might be placed in the way of running alternative operating systems on PCs. Anderson describes this as a return to the rejected Trusted Computing architecture – which at that point involved force-feeding DRM copy-protection restrictions – which may be far worse than its predecessor. Anderson concludes that the technology might violate EU competition law in a rallying call on Cambridge University's Light Blue Touchpaper blog here. More: ● Next-gen boot spec could forever lock Linux off Windows 8 PCs ● Will Windows 8 succeed in locking out GNU/Linux? ● Windows 8 OEM Specs to Prevent Linux Dual Boot?
	to forum · permalink · 2011-09-21 09:10:13 ·
JohnInSJ Premium join:2003-09-22 San Jose, CA Reviews: ·PHONE POWER ·Comcast	Seems simple enough - don't buy hardware that includes a win8 license you'll never use anyway, if you don't intend to use it. For IT people this would be a feature - they already attempt to lock down corporate PCs as much as possible, this would just be yet another tool in the toolbox. For someone who wants to go to Frys and build a PC from parts to run linux, they would just select a motherboard that supported any OS. Seems like the market will easily shake this out as either a great thing, or a bad idea. -- My place : »www.schettino.us
	to forum · permalink · 2011-09-21 10:13:32 ·

Liontaur Lets Get Boincing Already Premium,MVM,ExMod 2004-06 join:2001-11-03 Salmon Arm, BC	reply to FF4me From my rather limited reading on the subject, it's only OEM computers that would have this limitation. So don't buy a dell or hp or other OEM and you'll be ok. i'm thinking that most (not all by any means) people who are running non-MS OSs are the kind of people who build their own rig anyways. But this is still going to hurt the cause until a workaround is discovered. People can run unsigned code on gaming consoles using various methods so i'm sure someone will figure out how to do it on an OEM computer too. -- Are you ready to start BOINCing
	to forum · permalink · 2011-09-21 10:23:57 ·
TuxRaiderPen join:2009-09-19	reply to JohnInSJ said by JohnInSJ: Seems simple enough - don't buy hardware that includes a win8 license you'll never use anyway, if you don't intend to use it. For IT people this would be a feature - they already attempt to lock down corporate PCs as much as possible, this would just be yet another tool in the toolbox. For someone who wants to go to Frys and build a PC from parts to run linux, they would just select a motherboard that supported any OS. Seems like the market will easily shake this out as either a great thing, or a bad idea. ms will FORCE/MANDATE that this be included in all MB's so who's MB will you purchase that doesn't have this feature? And if its not an option to disable via jumper or option in the BIOS? ? ? Which you can bet that it won't be! This is a clear attack at stopping the spread of Linux to the desktop. One of the reasons I prefer to purchase parts and build my own, I get what I want, not some limited selection, and I don't pay to support crud I don't use... but if the MB makers are the only ones with the ways to make signed images then, and you can be sure that a certain company will push that... This has huge implications down the roads for all kinds of hardware... and needs to be cut off now.
	to forum · permalink · 2011-09-21 10:29:01 ·
TuxRaiderPen join:2009-09-19	reply to Liontaur said by Liontaur: From my rather limited reading on the subject, it's only OEM computers that would have this limitation. So don't buy a dell or hp That would be a pretty big loophole, along with with issues in the supply chain. If it makes it in one place it will spread. Nothing good can come of this for Linux.
	to forum · permalink · 2011-09-21 10:30:37 ·
FF4me @rr.com	reply to FF4me Here's a video which details Microsoft's plans.
	to forum · permalink · 2011-09-21 10:36:44 ·
Cabal Premium join:2007-01-21 Austin, TX Reviews: ·Suddenlink	reply to Liontaur said by Liontaur: So don't buy a dell or hp or other OEM and you'll be ok. i'm thinking that most (not all by any means) people who are running non-MS OSs are the kind of people who build their own rig anyways. And if you never plan on using a laptop, that will work great. -- Are you now or have you ever been a member of the Islamic religion?
	to forum · permalink · 2011-09-21 12:23:06 ·
Maxo Your tax dollars at work. Premium,VIP join:2002-11-04 Tallahassee, FL	reply to JohnInSJ said by JohnInSJ: Seems simple enough - don't buy hardware that includes a win8 license you'll never use anyway, if you don't intend to use it. Sure, that's good if you know in advanced that the computer you are purchasing will always only run Windows. But that's impossible to know, and it creates a huge roadblock to competition. If a Windows user is curious about Linux, then they would have to purchase a completely brand new computer, probably one built from scratch with a MOBO that doesn't have this /feature/, just to see if Linux is a good alternative for them. This becomes a huge roadblock for any alternative OS, and any user who is interested in pursuing an alternative OS. I don't think there is any chance of the market shaking this one out. People just buy PCs, they happen to come with Windows on them, as the de facto default, and this move will make the hurdle of them thinking that anything else out there is viable so large that it simply would not be reasonable for them to pursue such an idea. So they won't and the market will keep artificially pushing forward with an unhealthy monoculture. -- "Padre, nobody said war was fun now bowl!" - Sherman T Potter »maxolasersquad.com/ »maxolasersquad.blogspot.com »www.facebook.com/maxolasersquad
	to forum · permalink · 2011-09-21 12:51:51 ·
DigitalXeron There is a lack of sanity join:2003-12-17 Hamilton, ON	reply to TuxRaiderPen said by TuxRaiderPen: [snip] ms will FORCE/MANDATE that this be included in all MB's so who's MB will you purchase that doesn't have this feature? And if its not an option to disable via jumper or option in the BIOS? ? ? Which you can bet that it won't be! [snip] Windows 8 would effectively be phasing out BIOS completely on "Certified" computers and replacing it with UEFI, a different kind of firmware that includes the "Secure Boot" feature, so there wouldn't be a jumper available considering EFI is software-based. This is largely a move to make computers more of a consumable rather than a system as it will force people who do not like Windows 8 to replace their computers or at least the mainboard to be able to get away from Windows 8 and likely will drive up the cost of non-Windows hardware. -- --Kradorex Xeron [an error occurred while processing this signature]
	to forum · permalink · 2011-09-21 12:53:10 ·
Archivis Your Daddy Premium join:2001-11-26 Earth kudos:17	reply to FF4me I don't have much faith in this being "uncrackable". Apply third-party update, install Linux, receive cookie. -- A government big enough to give you everything you want, is strong enough to take everything you have.
	to forum · permalink · 2011-09-21 12:58:37 ·
Snakeoil Ignore Button. The coward's feature. Premium join:2000-08-05 Mentor, OH kudos:1 Reviews: ·RoadRunner Cable ·magicjack.com	reply to FF4me So is this an attempt by MS to force a standard across that board? That the user experience with win 8 will be a happy one, VS the varied experiences that users had when they installed the older Win OSes on mixed hardware? If so, then good for MS, for trying to improve user experience. At the same time, I would hope that MOBO makers would still build parts for linux boxes. -- This space for rent.
	to forum · permalink · 2011-09-21 14:07:06 ·
Derspankster Premium join:2003-02-12 Marion, OH	reply to FF4me Lawsuit City, Part 37?
	to forum · permalink · 2011-09-21 14:45:40 ·
markofmayhem I can haz competition? Premium join:2004-04-08 Pittsburgh, PA kudos:4	Too much FUD and speculation to cause panic for a user. However, a call to action for development should be realized. A signed PK for Linux with user configured kernel KEK input and bootloaders are a good thing in the future. Microsoft had it's "BUILD" conference and a keynote speech (video linked to above) was a marketing tool trumpeting higher security. The video is inline with the "fast enterprise adoption" push that Microsoft has placed on Windows 8. "Context" is missing in many articles. - Windows 8 has an upgrade version. How does one upgrade if the "secure boot" is required for Windows 8 and NO HARDWARE exists today for it? It doesn't... so we know of versions that boot without "Secure Boot". - The word "required" is used LOOSELY across the sites... "SUPPORTS" is the official term used by Microsoft outside of marketing blitzes. Windows 8 logo certification was the very specific topic of "Secure Boot" when combined with "required", not "will only boot on". - Only AMI has a prototype working UEFI implementing Secure Boot in Aptio's developer release. Time to market is against Microsoft, not for. The "Secure Boot" version of UEFI, 2.3.1, has NOT been adopted yet and is "optional" in the specifications. - Mobo manufacturers will sell consumer-retail pieces in "Setup" mode or they won't be able to sell their goods to the public at all: Add your own PK keys! Mobo manufacturers will not abandon their most profitable groups whom use "not Windows 8" OS's: hardware jumper, UEFI user setting, and/or "I'm secure I swear" spoofing in the name of "hybrid" will certainly be commonplace. You don't wake up one day and say "Microsoft is correct, we should stop selling products usable to the 2-3 billion PC users in India, Pakistan, Asia, and Western Europe not to count government, large corporations, and other high-profit consumers (like gamers and hobbyists)". Anti-trust, anti-competition, and general market pressure will be on the side of "options WILL exist". - This is 100% technically feasible with Linux. Logistics of keys and possible "jail breaks" needed to force the UEFI into setup mode to add the PK will materialize when the need to do so arises. Is it possible that one day an OEM PC could be purchased that is locked to one version (and COPY) of an OS? YES! Is it probable? Sorta.... the details lean to no, but this is certainly not something to sit back and "hope". Getting a Linux kernel and bootloader up to speed to support "Secure Boot" should be happening. -- Show off that hardware: join Team Discovery and Team Helix
	to forum · permalink · 2011-09-21 15:38:19 ·
EUS Kill cancer Premium join:2002-09-10 canada	reply to FF4me Disguised anti-competitive tactics extolled as security features. But I'm no lawyer. -- ~ Project Hope ~
	to forum · permalink · 2011-09-21 15:45:21 ·
JohnInSJ Premium join:2003-09-22 San Jose, CA Reviews: ·PHONE POWER ·Comcast	reply to Maxo said by Maxo: said by JohnInSJ: Seems simple enough - don't buy hardware that includes a win8 license you'll never use anyway, if you don't intend to use it. If a Windows user is curious about Linux, They can run it in a vm. If they're using a corporate crippled firmware machine, then they were stuck running windows already. -- My place : »www.schettino.us
	to forum · permalink · 2011-09-21 15:50:13 ·
Maxo Your tax dollars at work. Premium,VIP join:2002-11-04 Tallahassee, FL	Running an OS in a VM is not a good way to actually experience the OS. The experience is crippled, and does nothing to test hardware compatibility.
	to forum · permalink · 2011-09-21 16:12:46 ·
FF4me @rr.com	reply to FF4me Will Windows 8 block users from dual-booting Linux? Microsoft won't say - by Mary Jo Foley: I can’t resist a rant here: The Windows team’s decision not to comment on this report is an example of the new communication strategy that Microsoft seems to be instituting with Windows 8: Clarification on any Windows 8 topic — not only features and policies that are still unannounced, but also those that already have been disclosed publicly — apparently will not be provided by anyone from Microsoft in an official capacity. The result: An increasing amount of misinformation about Windows 8 is circulating, and Microsoft is doing little or nothing to correct it. I understand Microsoft’s increased desire for secrecy around its Windows plans, something company officials began pushing post-Vista. (I haven’t always agreed with the goal, especially when it results in FUD for customers attempting to make rational buying decisions or OEM/ISV partners attempting to build products that work with Windows.) But allowing wrong information to go unchecked in the name of wanting to control the message and the way it is delivered seems like bad business to me…. Ars Technica’s take: "Ultimately, the Windows 8 changes aren’t likely to wipe out Linux dual-boot scenarios, but they could restrict the types of hardware that will allow them."
	to forum · permalink · 2011-09-21 16:38:13 ·
Ctrl Alt Del Premium join:2002-02-18	reply to FF4me said by FF4me : Here's a video which details Microsoft's plans. In this video a question was asked about dual booting. The Microsoft presenter mentioned that even Windows 7 will not boot with this secure boot functionality either. So you couldn't even dual boot older versions of Windows. He mentioned that secure boot would have to be disabled in the UEFI settings. But UEFI is still in development, so he couldn't fully explain how it will work. -- less talk, more music
	to forum · permalink · 2011-09-21 17:18:16 ·
FiReSTaRT Premium join:2010-02-26 Canada Reviews: ·Velcom ·TekSavvy Cable ·Rogers Hi-Speed ·Bell Sympatico ·voip.ms	What I'm worried about is m$ doing a bit of nudge-nude wink-wink with the OEM's so they don't include the option to turn off UEFI. That't should be stupid-easy in comparison with including the winblows tax. -- Never under estimate a Southern gentleman with a backhoe and a shotgun (credit: »blog.level3.com/2011/08/04/the-1···r-cuts//)
	to forum · permalink · 2011-09-21 20:25:46 ·
Liontaur Lets Get Boincing Already Premium,MVM,ExMod 2004-06 join:2001-11-03 Salmon Arm, BC	reply to Cabal said by Cabal: said by Liontaur: So don't buy a dell or hp or other OEM and you'll be ok. i'm thinking that most (not all by any means) people who are running non-MS OSs are the kind of people who build their own rig anyways. And if you never plan on using a laptop, that will work great. Very good point and not one that I had thought of. -- Are you ready to start BOINCing
	to forum · permalink · 2011-09-21 20:36:36 ·

OS and Software > All Things Unix > Windows 8 Secure Boot Would 'Exclude' Linux