dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1994
share rss forum feed


FF4m3

@bhn.net

Linux Foundation UEFI Secure Boot Key Delays Explained

Linux Foundation UEFI Secure Boot key for Windows 8 PCs delays explained - By Steven J. Vaughan-Nichols:

Despite the best efforts of Fedora, openSUSE, Ubuntu, and the Linux Foundation, booting Linux on UEFI Secure Boot Windows 8 PCs continues to be a problem . The easiest way to avoid Windows 8 lock-in is to disable UEFI Secure Boot from your system before it starts to boot. However, this option may not be available on all motherboard; isn't available at all on Windows RT devices, such as the Surface; and is still troublesome even with Secure Boot disabled. So, it is that the struggle—and struggle it is—to create an easy to use, universal install and boot Secure Boot Linux installer continues on.

...the Linux Foundation is still waiting "for Microsoft to give the Linux Foundation a validly signed pre-bootloader." Until that happens, booting and installing Linux on Windows 8 PCs will remain an order of magnitude harder than it is on earlier model PCs.

Details at site.


rexbinary
Mod King
Premium
join:2005-01-26
Plano, TX
Reviews:
·Verizon FiOS

1 recommendation



howardfine

join:2002-08-09
Saint Louis, MO
reply to FF4m3
Again, for US citizens, file an anti-trust complaint: »www.justice.gov/atr/contact/newcase.html
Expand your moderator at work

OZO
Premium
join:2003-01-17
kudos:2
reply to FF4m3

Re: Linux Foundation UEFI Secure Boot Key Delays Explained

UEFI boot is new DRM protection for the proprietary OS, foisted into PC world by Microsoft Co. It's a new "Genuine Advantage Verification Plus" tool if you will, now running on boot level. Of course, they market it as it's for your protection (do you expect anything less then that?), while in reality, it's for the OS protection from any user modifications. No more and no less. Do you really need that protection from you and give the keys from your computer to that company? You have to decide...
--
Keep it simple, it'll become complex by itself...

TuxRaiderPen

join:2009-09-19
reply to FF4m3
said by FF4m3 :
So, it is that the struggle—and struggle it is—to create an easy to use, universal install and boot Secure Boot Linux installer continues on.

...the Linux Foundation is still waiting "for Microsoft to give the Linux Foundation a validly signed pre-bootloader." Until that happens, booting and installing Linux on Windows 8 PCs will remain an order of magnitude harder than it is on earlier model PCs.
Details at site.

[Gomer Pyle voice] Surprise surprise surprise... [/Gomer Pyle voice]

Really don't know what its going to take for most here to get it that ms is the ENEMY and UEFI is crap, as is secure boot, restricted boot... solutions looking for problems....

Proof provided, thanks ms, not that I didn't expec it.... Done.
--
1311393600 - Back to Black.....Black....Black....


rolfp

join:2011-03-27
Oakland, CA
kudos:1
Reviews:
·Comcast

1 edit
Microsoft won't change its spots and is a formidable enemy of FOSS, there I concur.

My brief encounter with the uefi bios on an Asus P8Z68 DELUXE/GEN3 doesn't give me such concerns. There is mouse support, nice but about a wash, screenie capability, which is valuable for online troubleshooting, helped me convince ASUS RMA that they'd sent me the wrong BIOS chip installed, e.g. Maybe I have missed the downside wrt to FOSS. Always a possibility.















TuxRaiderPen

join:2009-09-19
said by rolfp:
Microsoft won't change its spots and is a formidable enemy of FOSS, there I concur.
Yet some here refuse to accept that, your one of the few outside myself.

I trust ms no further than my cats can vomit on them.

And ms came through with flying colors!

said by rolfp:
My brief encounter with the uefi bios on an Asus P8Z68 DELUXE/GEN3 doesn't give me such concerns.
All that GUI is just over kill, its practically an OS and not a BIOS any longer... I don't have much use for all that cute GUI stuff... I rarely change settings in the BIOS other to set NUM Lock OFF.. maybe if your a keypuncher that number pad is useful, for me its nothing but a glorified additional cursor pad, thus num lock should be off. Maybe a few times I disable onboard items, name video or sound.... maybe if your part of a group I don't have much respect for, all that GUI stuff give you thirlls... I just don't have much use for it...need to take a screen shot, whip out my Droid device ...SNAP!... send... done....Or my Nikon CoolPix or a web cam on another machine with cheese and SNAP... plenty of ways to skin that cat...

Maybe I have to change the order of booting so it goes DVD/CD, USB, drive, but most thats the default...

Way too many settings in there that users need not bother to mess with and more than likely they will screw up. Plenty of software to read all the various sensors and display via conky etc....

The tweakers can still do all their tweaking to melt their motherboards with the standard BIOS, maybe its not as "cute" but it can still be done... there is the rub I just don't see wasting ROM space for all this... does the BIOS need to handle newer HD tech, and other devices, sure does. Improve that, but the "cute" GUI, embedded media player etc... meh... snnnnnnnnnnnnnnzzzzzzzzzzzzzzzzzzzzz... leave it out...

UEFI has nothing to do with OSS or Linux, other than being a hinderance to booting, BY DESIGN.
--
1311393600 - Back to Black.....Black....Black....


rexbinary
Mod King
Premium
join:2005-01-26
Plano, TX
Reviews:
·Verizon FiOS

2 edits
Click for full size
Click for full size
Click for full size
Click for full size
said by TuxRaiderPen:

UEFI has nothing to do with OSS or Linux, other than being a hinderance to booting, BY DESIGN.

UEFI does not equal secure boot, and you are referring to an interface, not secure boot. Regardless if it's graphics or text, secure boot is a shackle as long as Microsoft holds the keys.

I don't have to turn it on since I built my own, but people that don't or can't build there own will have it on by default. That's the issue.

--
Verizon FiOS subscriber since 2005 | Mac owner since 1990 | Fedora user since 2006 | CentOS user since 2007 | "Anyone who is unwilling to learn is entitled to absolutely nothing." - graysonf | EDIT: I seldom post without an edit.

grunze510

join:2009-02-14
Cote Saint-Luc, QC
kudos:1

1 edit
said by rexbinary:

said by TuxRaiderPen:

UEFI has nothing to do with OSS or Linux, other than being a hinderance to booting, BY DESIGN.

UEFI does not equal secure boot, and you are referring to an interface, not secure boot. Regardless if it's graphics or text, secure boot is a shackle as long as Microsoft holds the keys.

I don't have to turn it on since I built my own, but people that don't or can't build there own will have it on by default. That's the issue.

I think you're the only one in the whole thread that understands the difference between UEFI and Secure Boot, being that Secure Boot is an optional feature of UEFI. For example, the 5-year-old iMac that I'm using has a BIOS compatibility mode and can run Windows XP, Vista, 7 (haven't tested), and 8 (release preview) just fine.

Also, now that new laptops with Windows 8 are available, does anyone know if using Windows 8 without Secure Boot is as simple as disabling Secure Boot from the UEFI options, or is it more involved? Unless they changed something recently, I'm pretty sure the Windows 8 Genuine badge requires that Secure Boot can be turned off (but not the Windows RT badge).

EDIT: Forgot the Windows RT bit.

TuxRaiderPen

join:2009-09-19
reply to rexbinary
said by rexbinary:
UEFI does not equal secure boot, and you are referring to an interface, not secure boot. Regardless if it's graphics or text, secure boot is a shackle as long as Microsoft holds the keys.


I did not state that UEFI = secure|restricted boot, please quit infering that in my posts. I am fully aware of what UEFI is, and that secure|restricted boot are features of UEFI.

I am really getting tired of readers not reading posts and infering what I didn't post.

If you didn't read it in my posts its not there, I don't infer, I post blunty and what I mean.

As I posted UEFI is nothing but a hinderance to boot Linux, look at several posts about booting on UEFI systems PRIOR to this and the issues that they had. Add in secure|restricted boot and the headaches just keep coming...

You and others can post all the "cute" photos of your BIOS. To quote Shania... "That doesn't impress me!"

said by rexbinary:
I don't have to turn it on since I built my own, but people that don't or can't build there own will have it on by default. That's the issue.
I am aware of that, but yet some here refuse to accept that its an issue... oh you can disable it... for now... but you can't on ARM based units that come with winslobber ate.....

I build all my desktops and servers my self... but laptops... this is going to be an issue going forward....And that brings up all those BF laptop deals, probably a good thing I avoided them... as many had winslobber ate on them and probably would have been nothing but headaches to erradicate the infestation on them... I am not looking forward to getting a new laptop next year. Not in the least and some of the Linux specific laptop vendors don't use approved hardware ie: AMD processors and nVidia video. And I am not paying a premium just for Linux nor any other OS or lack of OS.
--
1311393600 - Back to Black.....Black....Black....


rexbinary
Mod King
Premium
join:2005-01-26
Plano, TX
Reviews:
·Verizon FiOS
said by TuxRaiderPen:


As I posted UEFI is nothing but a hinderance to boot Linux, look at several posts about booting on UEFI systems PRIOR to this and the issues that they had. Add in secure|restricted boot and the headaches just keep coming...

UEFI is simply progress. Secure Boot is as well with the keys in the hands of the owner of the hardware. When the hardware progresses, the software progresses. This generates issues that are overcome.

Since the major distros have decided to use Microsoft's keys, they now must bow to Microsoft.

As educated users, we don't have to bow....maybe. Provided hardware vendors continue to offer an off switch on Secure Boot we won't have to bow, but again that's up to Microsoft. Sadly, the hardware vendors do what Microsoft says, but so far Microsoft has said they can enable the ability to disable secure boot. (On x86, ARM is a different story.)

The Linux Foundation made a mistake in my opinion by not becoming a key signing authority of their own saying the could not cover the cost. That or suing Microsoft.

So Tux, what are you going to do when you build your next rig with a 'cute' UFEI? Stick with the defaults?
--
Verizon FiOS subscriber since 2005 | Mac owner since 1990 | Fedora user since 2006 | CentOS user since 2007 | "Anyone who is unwilling to learn is entitled to absolutely nothing." - graysonf | EDIT: I seldom post without an edit.


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to rexbinary
said by rexbinary:

UEFI does not equal secure boot, and you are referring to an interface, not secure boot. Regardless if it's graphics or text, secure boot is a shackle as long as Microsoft holds the keys.

I don't have to turn it on since I built my own, but people that don't or can't build there own will have it on by default. That's the issue.

That's the crux of the issue... there are valid reasons to suspicious of secure boot, but we should be afraid of the real reasons not a lot of the FUD surrounding it.
--
Support Bacteria -- It's the Only Culture Some People Have


Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
reply to OZO
said by OZO:

UEFI boot is new DRM protection for the proprietary OS, foisted into PC world by Microsoft Co.

Not quite. Secure boot is a security tool.
Microsoft has simply hoisted it through their certification program as a way for getting PC manufacturers to lock out competitors on the machines they sell.
A knife isn't a weapon until someone stabs someone with it.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to TuxRaiderPen
said by TuxRaiderPen:

As I posted UEFI is nothing but a hinderance to boot Linux, look at several posts about booting on UEFI systems PRIOR to this and the issues that they had.

And yet other operating systems manage to support this rather old technology.

Methinks you rant too much.

By continuing to spew your FUD about UEFI on topics that are about Secure Boot, you contribute to the general confusion about the two, even if you yourself claim to be unconfused.

Also, check for the difference between "imply" and "infer".

OZO
Premium
join:2003-01-17
kudos:2
reply to Maxo
I agree with you. Secure Boot is the main problem, that I see here, not the UEFI itself.
--
Keep it simple, it'll become complex by itself...

TuxRaiderPen

join:2009-09-19
reply to rexbinary
said by rexbinary:
So Tux, what are you going to do when you build your next rig with a 'cute' UFEI? Stick with the defaults?
Like many things being foisted on users like me who are not interested....

Short term: I am hoarding non UEFI boards for just that purpose to avoid it for as long as possible. Which can take CPU upgrades and hold 16-32GB RAM.

And will look for non GUI based boards till they no longer exist. Then do what I need once.

Disable secure/restricted boot
Turn off num lock
change boot order

This is basically a UEFI tax now, similar to another tax... I really see no point in all this looks cuite. Mostly aimed at the ADD crowd of today who need glitz ... doesn't make understanding what CAS is and that changing that setting may not be a good idea unless you have a clue... but the cute GUI and even the current basic BIOS allows you to change it.. but the cute GUI just entices them to change things they probably don't need to mess with. And as I stated melt their motherboards.. which I hope they do.

Long term:

Thats why I am not looking forward to purchasing laptops

Tolerate a bunch GUI crap thats not needed to change a few settings once and get out it forever.
--
1311393600 - Back to Black.....Black....Black....

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
And yet my UEFI systems have a user interface that is indistinguisable from the "character mode menu" of my older BIOS machines.

What I take from this is that, as usual, your target is badly chosen. The problem is not that UEFI permits vendors to come up with worthless glitz; it is that some vendors come up with worthless glitz.


Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
said by dave:

And yet my UEFI systems have a user interface that is indistinguisable from the "character mode menu" of my older BIOS machines.

Same here. My work laptop is UEFI, but it you wouldn't immediately know by looking at it. I don't really see what the big deal is. I've used the MOBO configuration screens only two or three times. How often does one reconfigure their MOBO?


rolfp

join:2011-03-27
Oakland, CA
kudos:1
Reviews:
·Comcast

1 recommendation

said by Maxo:

said by dave:

And yet my UEFI systems have a user interface that is indistinguisable from the "character mode menu" of my older BIOS machines.

Same here. My work laptop is UEFI, but it you wouldn't immediately know by looking at it. I don't really see what the big deal is. I've used the MOBO configuration screens only two or three times. How often does one reconfigure their MOBO?

I don't see why anyone should be defensive about using the new interface. If I want to spend all day in it, taking screenshots or troubleshooting a broken motherboard, which is mostly what I've been doing with it since I got it, new BIOS chip seems to have fixed it, tyvm, What's it to ya?

If any boorish, insulting, ranting curmudgeon, posting in emacs or lynx or some such, can show me how EUFI is a hindrance to FOSS or its users or how his Etch-A-Sketch is a superior screenie tool, I'm all ears. As yet, I don't see a problem.

TuxRaiderPen

join:2009-09-19
said by rolfp:
motherboard, which is mostly what I've been doing with it since I got it, new BIOS chip seems to have fixed it, tyvm, What's it to ya?
Can I DISABLE all those cute annoying wasteful ADD graphics? ? ?

1) Its wasted ROM space

2) Its wasted development time that could be used to address real issue in the BIOS itself not some useless GUI for the BIOS for "tweaker/melters."

You can have all that so long as I can disable ALL of it and get my bog standard character based screens. Can I do that? ? ?

Didn't think so...

Not on any I've seen and all the MB OEM's tout this as some fantastic thing... BIG WHOOOP!

Thats what its to me!

said by rolfp:
If any boorish, insulting, ranting curmudgeon, posting in

I proudly am, THANK YOU!

said by rolfp:
emacs or lynx or some such,
Don't use emacs, its interface is even more stupid than vi (flame away!), vi or nano only as its quick and easy on ssh sessions.

said by rolfp:
can show me how EUFI is a hindrance to FOSS or its users ....As yet, I don't see a problem.
Ok....heres one.....

[mythbusters voice] Theres your problem! [/mythbuster voice]

»www.kubuntuforums.net/showthread···-hurdles

Heres a whole forum for problems...
»www.kubuntuforums.net/forumdispl···sistance

There was a thread there that started that was probably 10 pages deep about UEFI and its wonderfulness... all to get cute ooogey GUI and a taking screen shots that a simple digital camera or Droid can do.

Again, allow me to turn it all off to simple basic character interface AND NOT HAVE ISSUES BOOTING.

said by rolfp:
or how his Etch-A-Sketch is a superior screenie tool, I'm all ears.
They make a serial connected Etch a Sketch!

Cool! ! Have to get one of those...

Not all change is good oogley googely graphics on everything is not a good thing...
--
1311393600 - Back to Black.....Black....Black....

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
said by TuxRaiderPen:

Its wasted ROM space

What is this, some save-a-transistor appeal?

What else would you have those transistors do? That would not be "bloat" according to someone?

We've moved beyond the M792-YB.


rolfp

join:2011-03-27
Oakland, CA
kudos:1
Reviews:
·Comcast

1 recommendation

The links you apparently pulled out of your hat are not obvious evidence of some intrinsic problem with uefi. In general, it's evidence of new technology taking time to understand and those who misidentify uefi as their problem; it's evidence of superficiality and empty rhetoric. I hear the various new editions of Windows all have many complainers and decriers of what they don't understand, have not yet learned, many complaints of those who are incapable of listening and/or are too lazy to try.

Man, your serial smoke and mirror poseur tirades have long ago grown quite old. FOSS doesn't need that kind of shit. Nobody does.

TuxRaiderPen

join:2009-09-19
said by rolfp:
The links you apparently pulled out of your hat are not obvious evidence of some intrinsic problem with

No they were not pulled out of my hat... Till recently that forum didn't even exist...

There was a very extensive thread on a UEFI install of 12.04 which had all kinds of issues... there now is that subforum.

said by rolfp:
Man, your serial smoke and mirror poseur tirades have long ago grown quite old. FOSS doesn't need that kind of shit. Nobody does.


Your entitled to your opinion. I vehemently feel you and others are seriously ignoring the issues that RESTRCITED BOOT and/or SECURE boot poses (CLEAR ENOUGH FOR YOU INFERERS!???!) to Linux over all.

UEFI is a solution ala waycrap ... Need to improve on the BIOS to work with new hardware, chipsets, etc. great, but UEFI is above and beyond that.. 90% of the crap in UEFI is that crap, oooey gui interfaces, snapshots of screens, embedded players, embedded software??? REALLY!???!

Plain and simple RESTRICTED BOOT and/or SECURE BOOT are meant for one thing as implemented and released. Linux lockout.

If you don't want to to agree with that and bury your head in the sand as ms shovels in the sand and water, go right ahead. I am not! ms is evil, period. This is an anti competivie move, pure and simple, and the hugh and cry needs to be raised.. You don't care for my methods and I don't care for the solutions of most distros or most of the laisez faire attitude over it here. Maybe when this was some dream of an idea it was a good idea.. as IMPLEMENTED AND RELEASED it has ONE AND ONLY ONE GOAL.

Linux LOCKOUT ! ! Period.

MS has shown it already... most here just continue to blow it off.. YOUR LOSS.

--
1311393600 - Back to Black.....Black....Black....


FF4m3

@rr.com
reply to FF4m3
The ARM Windows 8 Lockdown by James Bottomley:

A lot of people have been asking why the Linux Foundation is concentrating on making sure there’s a Linux Boot solution for Windows 8 PCs that’s compatible with the GPLv3 requirements and not really doing anything about ARM (for which the current Windows 8 hardware requirements mandate no ability either to turn off secure boot or to replace the keys).

The answer to this comes in several parts...

Details at site, an interesting & quick read.


rolfp

join:2011-03-27
Oakland, CA
kudos:1
Reviews:
·Comcast
reply to TuxRaiderPen
You've got no idea what uefi is.

»en.wikipedia.org/wiki/Unified_Ex···nterface

The interface defined by the EFI specification includes data tables that contain platform information, and boot and runtime services that are available to the OS loader and OS. UEFI firmware provides several technical advantages over a traditional BIOS system:[11]

Ability to boot from large disks (over 2 TiB) with a GUID Partition Table, GPT.[12][13]
CPU-independent architecture[12]
CPU-independent drivers[12]
Flexible pre-OS environment, including network capability
Modular design
[..]
GNU/Linux supports GPT. Linux should be built with option "CONFIG_EFI_PARTITION" enabled.[20] GNU Parted is required to manage disks and partitions, as fdisk does not support GPT.


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

1 edit

1 recommendation

reply to TuxRaiderPen
said by TuxRaiderPen:

90% of the crap in UEFI is that crap, oooey gui interfaces, snapshots of screens, embedded players, embedded software??? REALLY!???!

It is not mandatory for any firmware author to include such features.

And contrariwise, the old BIOS doesn't stop the likes of Dell from supplying their laptops with stupid embedded players (it's actually a reserved partition on the disk, with a dedicated button to boot from it) -- the point is that people that want to ship crap will find a way to ship crap; we might as well have standard crap.

Plain and simple RESTRICTED BOOT and/or SECURE BOOT are meant for one thing as implemented and released. Linux lockout.

Still can't get your head round the difference between UEFI and Secure Boot, I see. Or at least, still can't focus your ranting.

The presence or absence of GUI capability in firmware is independent of the presence or absence of Secure Boot support. So, while you continue to drift from one to another, we'll continue to not take you seriously.


EUS
Kill cancer
Premium
join:2002-09-10
canada
reply to TuxRaiderPen
I don't get your rant about UEFI GUI, BIOS is already GUI.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5
said by EUS:

I don't get your rant about UEFI GUI, BIOS is already GUI.

It's a plot from Microsoft!