dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10
share rss forum feed


firephoto
We the people
Premium
join:2003-03-18
Brewster, WA
reply to markofmayhem

Re: FSF Publishes Important Whitepaper on Secure Boot

said by markofmayhem:

I implore you to rise up and not be the harbinger of FUD.

"Microsoft's Secure Boot", no, it is UEFI's Secure Boot instituted, developed, patent-owned by Intel: a company that actively supports, develops, and further's the goals, success, and life of Linux. Intel also "honed" many of the Secure Boot features under "Trusted Boot", a module that server/enterprise LINUX has used for many years as well as Apple's EFI in Mac (and Macbooks). Microsoft won the lap... stop claiming defeat and win the race.

You are engaging in FUD yourself even if it's carefully worded bits of part of the whole picture.

First, Intel makes chips, sometimes that expands to a circuit board with their name on it, they create some software elements for some of their chips, it mostly ends there and their involvement in this process is their name on the bottom of the specs for UEFI. Like politics, just because you vote or sign your name on the law doesn't mean you wrote it.

Microsoft sells the product that individuals and businesses buy and use. Microsoft sets the rules in that sector of their products by imposing restrictions and requirements of the OEM suppliers that sell the hardware that uses their software. This includes restrictions put in place that specifically do not affect their products in any way. Since in computing most people don't build their own products from parts, people have historically relied on hardware designed around standards that ensure that the concept of a "PC compatible" computer is just that and not a "Microsoft compatible" computer. Now that they have a way years after EFI itself first appearing they modify the rules of the game by changing the very first bit that a computer processes when it powers on.

You go on sarcastically about Fedora and Microsoft colluding but I bet you would be hard pressed to find a Red Hat or Fedora person in the industry or even casually using them that is not skilled and even responsible for current Microsoft software in a commercial aspect. This whole thing is exactly what the big industry players in the US want and it satisfies their needs 100%, no drawbacks and they don't care how hard it makes things for anyone else. It's the typical result from every "Linux user" who goes on everyday talking about all the Microsoft things they deal with. This means the big player in Linux who most of the time gets to set the rules is never going to set the rules in a way that puts Linux out in front to dominate all markets.. This is Red Hat and this has always been Red Hat and people get upset when it's pointed out because Red Hat makes them lots of money.
--
Say no to astroturfing. actions > Ignore Author


markofmayhem
Why not now?
Premium
join:2004-04-08
Pittsburgh, PA
kudos:5

said by firephoto:

You are engaging in FUD yourself even if it's carefully worded bits of part of the whole picture.

Please help me find fear, uncertainty, and/or doubt in my posts. I attempted to do the opposite. I am concerned I failed and would be happy to see the examples to do better next time. The whole "cornerstone" of my argument is to pick-up the crying child shaking in the corner wrapped up in the fetal position screaming "Mommy, THE SHADOWS!!!" and instruct them to turn on the light...

said by firephoto:

First, Intel makes chips, sometimes that expands to a circuit board with their name on it, they create some software elements for some of their chips, it mostly ends there and their involvement in this process is their name on the bottom of the specs for UEFI. Like politics, just because you vote or sign your name on the law doesn't mean you wrote it.

For the most part, yes: the ventures here are part of the "Intel Network". As for UEFI, no.

Intel wrote EFI from the ground up and handed the licensing over to a public "board", UEFI. Secure Boot is from Intel's EFI. Insyde, AMI, and Phoenix collaborated with Intel, all four are the official author's of UEFI 2.x Secure Boot from development to implementation. It is actually chip agnostic.

Intel is involved in more software products than just "drivers" and tool suites for hardware.

said by firephoto:

You go on sarcastically about Fedora and Microsoft colluding

I have done no such thing. Secure Boot is a "PC Compatible" spec. Linux should be "compatible". Two methods are first out of the gate, one by Red Hat and another by Ubuntu. They are fragmented. Condemning both without any offered solution is not a "white paper".

said by TuxRaiderPen:

said by markofmayhem:

Microsoft was convinced, through market preasure, to join the OSS Virtual Machine eco system. Through the same preasure, they can be preasured to join a global OPEN PK/KeK system (lock them out of the server space and see them agree to a board hosted solution).

What is going to "pressure" OEM/ODM's to do such a lockout? Yeah Dell is going to not sell equipment that will not run "server 'OS'" from ms. Yeah right... The exact tactic will be you want to sell computers with this "OS" then you will sell hardware able to run "server 'OS'."

VM's. Microsoft is getting their ass kicked. It would not be a stretch to force the HyperVisor code given to the Linux kernel to be signed by Microsoft with a non-Microsoft key. Humble starts...

Also in server space, the hardware is not sold as "OS agnostic". Dell makes millions off of servers that don't run "server 'OS'" from Microsoft, as does HP and Lenovo. It is the further support of the server's state of functionality where profit lies, not the sale of the hardware assembled. Pressure from the server space has been successfully utilized numerous times already: repeat it. This would take a more unified effort, a common theme to solving this issue... fragmentation is not helping on this front. Linux is a platform, should it not be treated at-least-equally with Windows in this regard? Why does it not have a Platform Key?
--
Show off that hardware: join Team Discovery and Team Helix


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to firephoto

said by firephoto:

This whole thing is exactly what the big industry players in the US want and it satisfies their needs 100%, no drawbacks and they don't care how hard it makes things for anyone else. It's the typical result from every "Linux user" who goes on everyday talking about all the Microsoft things they deal with.

That pretty much sums it up, the more I read about this, I know it will be possible to get smaller *nixes working despite Secure Boot/UEFI, but it's going to be a much larger PITA than it is with a BIOS, and I don't think this will be good (at least initially) for the Linux ecosystem.
--
Everything in moderation... Including Moderation --Oscar Wilde

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

Let's not confuse UEFI in general (which as far as I'm aware, Linux supports just fine) with Secure Boot, even though some people seem to do that intentionally.

No need that I see to go back to firmware originally designed by one vendor for the needs of one operating system, since extended largely at the behest of Microsoft, and in the grip of large industry players. Even if TuxRaiderPen See Profile somehow thinks an ACPI BIOS is 'purer' than UEFI.

Sure, we could extend BIOS to add all the useful(*) UEFI features, but why? Then we'd have something that no-one supports yet, compared to UEFI which has been shipping for a few years.

(*)GUI not included in "useful" - that much I agree. My Intel firmware doesn't do GUI, and in fact it was a long time before I noticed it was not just a BIOS...



FF4m3

@bhn.net

said by dave:

Let's not confuse UEFI in general (which as far as I'm aware, Linux supports just fine) with Secure Boot

According to Unified Extensible Firmware Interface:

Linux has been able to use EFI at boot time since early 2000, using the elilo EFI boot loader or, more recently, EFI versions of GRUB. Grub+Linux also supports booting from a GUID partition table without UEFI.


TuxRaiderPen

join:2009-09-19
reply to dave

said by dave:
Let's not confuse UEFI in general (which as far as I'm aware, Linux supports just fine) with Secure Boot, even though some people seem to do that intentionally.
UEFI and Secure Boot (at least in its bastarized incarnation) are junk.

said by dave:
No need that I see to go back to firmware originally designed by one vendor for the needs of one operating system, since extended largely at the behest of Microsoft, and in the grip of large industry players. Even if TuxRaiderPen See Profile somehow thinks an ACPI BIOS is 'purer' than UEFI.

Sure, we could extend BIOS to add all the useful(*) UEFI features, but why? Then we'd have something that no-one supports yet, compared to UEFI which has been shipping for a few years.
Then convince me why ANY of the nonsense such as scrpiting, drivers, secure boot, and even GPT disks (really how many corporate or even average users use them? its a niche.... on average for Jane User the current partitioning limits are not really limits at all. GPT does nothing but complicate the matter, in way which does nothing for *average* Jane User.)

We need to extend the BIOS to add new CPU support, chipset support, larger hard drives, etc.. Fine. . . . the rest.. really of no use.

Hmmm...seems to AWARD/AMI/Phoneix etc. are improving their current BIOS offerings to handle newer CPU, chipsets, larger disks.

Otherwise we wouldn't be using most of the hardware we have now, the majority of systems are still "Legacy BIOS" systems v. UEFI.

Convince me!

Mouse - big whoop!

Drivers, scripting, a shell - FOR WHAT! Its a BIOS! Not an OS! Oh.. you can do updates with out booting an OS... So? Really thats your big gain? It can play DVD's or CD's with out booting... again yawn.

Starting to sound alot like an OS to me!

Oh but xyz OS takes to long to boot... OK.. compare a modern OS boot up to a PDP8e via bootstrap on toggle switches in otcal, which is faster? Good grief! Talk about needy.... geezz... NEXT!

So convince me!

Hint: You have little to no chance.. but you can try!
--
1311393600 - Back to Black.....Black....Black....


markofmayhem
Why not now?
Premium
join:2004-04-08
Pittsburgh, PA
kudos:5

Convince me you are not on a computer using U/EFI right now...



El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to dave

said by dave:

Let's not confuse UEFI in general (which as far as I'm aware, Linux supports just fine) with Secure Boot, even though some people seem to do that intentionally.

Fair enough.

said by dave:

(*)GUI not included in "useful" - that much I agree. My Intel firmware doesn't do GUI, and in fact it was a long time before I noticed it was not just a BIOS...

Why does everybody always hate on the GUI? That's a mostly rhetorical question, but realistically I'm more concerned about good computer habits, whether these are happening on the GUI or the command line.
--
Everything in moderation... Including Moderation --Oscar Wilde

TuxRaiderPen

join:2009-09-19

said by El Quintron:
Why does everybody always hate on the GUI? That's a mostly rhetorical question, but realistically I'm more concerned about good computer habits, whether these are happening on the GUI or the command line.
Why do you need a GUI in a BIOS, again BIOS

99% of the users have NO BUSINESS being in the BIOS, period. so making it easier to use is really not on the table.
--
1311393600 - Back to Black.....Black....Black....


rexbinary
Mod King
Premium
join:2005-01-26
Plano, TX
Reviews:
·Verizon FiOS

Click for full size
Click for full size
said by TuxRaiderPen:

said by El Quintron:
Why does everybody always hate on the GUI? That's a mostly rhetorical question, but realistically I'm more concerned about good computer habits, whether these are happening on the GUI or the command line.
Why do you need a GUI in a BIOS, again BIOS

99% of the users have NO BUSINESS being in the BIOS, period. so making it easier to use is really not on the table.

I really like the GUI in the BIOS on my new ASUS motherboard.
--
Verizon FiOS subscriber since 2005 | Mac owner since 1990 | Fedora user since 2006 | CentOS user since 2007 | "Anyone who is unwilling to learn is entitled to absolutely nothing." - graysonf | EDIT: I seldom post without an edit.


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL

said by rexbinary:

I really like the GUI in the BIOS on my new ASUS motherboard.

Same here... I have the P8VZ77 and although it's cloudy grey instead of red it's pretty cool looking.
--
Everything in moderation... Including Moderation --Oscar Wilde

TuxRaiderPen

join:2009-09-19
reply to rexbinary


A nice BASIC BIOS screen
said by rexbinary:
I really like the GUI in the BIOS on my new ASUS motherboard.
:o :o :o :o :o :o :o

My eyes! My EYES! ! ! ! :o :o :o

:p :p :p

really is any of that needed v. the current simple BASIC screens? ? ? ? REALLY?

No.

said by markofmayhem:
Convince me you are not on a computer using U/EFI right now...
Simply to amuse myself....I am not rebooting to take photos of the BIOS for you.

»www.asrock.com/mb/NVIDIA/K10N780SLIX3-WiFi/

 
cleo-tuxraider-desktop # dmidecode --type 0
# dmidecode 2.9
SMBIOS 2.5 present.
 
Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
        Vendor: American Megatrends Inc.
        Version: P1.60
        Release Date: 03/23/2009
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 1024 kB
        Characteristics:
                PCI is supported
                BIOS is upgradeable
                BIOS shadowing is allowed
                Boot from CD is supported
                Selectable boot is supported
                BIOS ROM is socketed
                EDD is supported
                5.25"/1.2 MB floppy services are supported (int 13h)
                3.5"/720 KB floppy services are supported (int 13h)
                3.5"/2.88 MB floppy services are supported (int 13h)
                Print screen service is supported (int 5h)
                8042 keyboard services are supported (int 9h)
                Serial services are supported (int 14h)
                Printer services are supported (int 17h)
                CGA/mono video services are supported (int 10h)
                ACPI is supported
                USB legacy is supported
                LS-120 boot is supported
                ATAPI Zip drive boot is supported
                BIOS boot specification is supported
                Function key-initiated network boot is supported
                Targeted content distribution is supported
        BIOS Revision: 8.15
 
cleo-tuxraider-desktop # 
 
cleo-tuxraider-desktop # dmidecode --type 2
# dmidecode 2.9
SMBIOS 2.5 present.
 
Handle 0x0002, DMI type 2, 15 bytes
Base Board Information
        Manufacturer: ASRock
        Product Name: K10N780SLIX3-WiFi
        Version:                       
        Serial Number:                       
        Asset Tag:                       
        Features:
                Board is a hosting board
                Board is replaceable
        Location In Chassis:                       
        Chassis Handle: 0x0003
        Type: Motherboard
        Contained Object Handles: 0
 
cleo-tuxraider-desktop  # 
 
 

--
1311393600 - Back to Black.....Black....Black....


markofmayhem
Why not now?
Premium
join:2004-04-08
Pittsburgh, PA
kudos:5

Nice... but the only output that shows non-EFI is the "NFORCE 780a" part. SMBIOS is on UEFI boards as well, interfaced through UEFI's "PI". Interstingly enough, the NFORCE 780i was EFI, hardcoded in a CMS chip to provide "Legacy BIOS".

I have a treat for all of you, I'm not sure why this hasn't been posted elsewhere.... maybe I should buy some stock in pharmaceutical companies before sharing:

President of UEFI is Tony Pierce. He is a Microsoft employee with the title "Technical Evangelist" in the "Windows Hardware Group". Enjoy!
--
Show off that hardware: join Team Discovery and Team Helix


TuxRaiderPen

join:2009-09-19

said by markofmayhem:
Nice... but the only output that shows non-EFI is the "NFORCE 780a" part. SMBIOS is on UEFI boards as well, interfaced through UEFI's "PI". Interstingly enough, the NFORCE 780i was EFI, hardcoded in a CMS chip to provide "Legacy BIOS".

I didn't state anything about SMBIOS being or not being on one BIOS or another...again... reading past whats on the page.

Well, as I stated, I am not rebooting for you. And I forget the ADD bunch don't read, and has to have everything put on their plate:

" 8Mb AMI BIOS
- AMI Legal BIOS
- Supports "Plug and Play"
- ACPI 1.1 Compliance Wake Up Events
- Supports Jumperfree
- SMBIOS 2.3.1 Support
- CPU, DRAM, Chipset Core, PCIE Bridge Multi-adjustment"

»www.asrock.com/mb/NVIDIA/K10N780SLIX3-WiFi/

It most assuredly is NOT UEFI. I don't have any thing but those nice BASIC screens for a BIOS.

Versus a board I will never touch:
"
- 32Mb AMI UEFI Legal BIOS with GUI support
- Supports "Plug and Play"
- ACPI 1.1 Compliance Wake Up Events
- Supports jumperfree
- SMBIOS 2.3.1 Support
- CPU, VCCM, NB, SB Voltage Multi-adjustment
"

»www.asrock.com/mb/AMD/Fatal1ty 990FX Professional/?cat=Specifications

I sourced that board specifically to ensure that it was no polluted then.

said by markofmayhem:
I have a treat for all of you, I'm not sure why this hasn't been posted elsewhere....
President of UEFI is Tony Pierce. He is a Microsoft employee with the title "Technical Evangelist" in the "Windows Hardware Group". Enjoy!

And there you have it!

And you peolpe wonder why I told you "intel" is just the front shill for this!

Proof enough of what this really is and WHO REALLY is in the drivers seat.
--
1311393600 - Back to Black.....Black....Black....


markofmayhem
Why not now?
Premium
join:2004-04-08
Pittsburgh, PA
kudos:5

"AMI BIOS" means nothing... oh man, why do I bother. UEFI is underneath the "GUI" as well, has been for nearly 20 years.

UEFI screenshot:

--
Show off that hardware: join Team Discovery and Team Helix


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to TuxRaiderPen

said by TuxRaiderPen:

It most assuredly is NOT UEFI. I don't have any thing but those nice BASIC screens for a BIOS.

My Intel board assuredly has UEFI, and yet for weeks I thought it was Ye Olde Biosse, because it looked exactly like it: traditional blue on grey characters, keyboard-driven menus, etc.

There's one little line in the setup screens which determines whether it acts like UEFI or like BIOS when it boots a disk.


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to markofmayhem

said by markofmayhem:

oh man, why do I bother.

Because you care, and that's why your contributions are valuable to this forum.

Disagree or not, I'd rather you kept on posting.

Cheers,
EQ
--
Everything in moderation... Including Moderation --Oscar Wilde