dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
20165
share rss forum feed


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

1 edit

Windows 8 Secure Boot proves problems for Acronis True Image

PcPro | 15 Jan 2013

»www.pcpro.co.uk/news/379315/wind···ue-image

quote:
Customers attempting to restore PCs using Acronis True Image 2013 are being blocked by Windows 8's Secure Boot facility - even though the software is sold as fully Windows 8 compatible.

Secure Boot is a new anti-rootkit feature introduced with Windows 8, which is designed to prevent the PC from booting an unrecognised operating system. However, it has the unfortunate side effect of also blocking Linux-based recovery environments, such as Acronis' Start Up manager.

Attempts to boot from a recovery image are met with the warning message: "Selected boot image did not authenticate. Press 'Enter' to continue."

Customers attempting to restore PCs using Acronis True Image 2013 are being blocked by Windows 8's Secure Boot facility - even though the software is sold as fully Windows 8 compatible.

Nevertheless, the company sells compatibility with Windows 8 as one of the core new features of Acronis True Image 2013 on its website. It makes no mention of having to disable a core security feature in the UEFI BIOS to perform a system recovery.
IMO no good at all, shame on Acronis.

Edited post title: changed for reason of better thread description
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

Re: Windows 8 is blocking Linux-based recovery environments

said by Smokey Bear:

shame on Acronis.

Huh? What would you propose they do? Please show your work.


DigitalXeron
There is a lack of sanity

join:2003-12-17
Hamilton, ON

1 recommendation

reply to Smokey Bear

The problem is beyond Acronis' control. They can only write code, they can't force a motherboard to do something the motherboard doesn't want to do. Windows 8 compatibility and UEFI default-setup compatibility are two different elements.

The real issue is UEFI SecureBoot and how it is implemented. It is implemented based on a whitelist mechanism, it is impossible for every recovery software package to have their keys/signature installed on every single UEFI firmware installation. OEMs and mainboard manufacturers will not take that time or effort.

The problem is Microsoft told OEMs to deploy SecureBoot on mainboards for Windows 8 certification, some OEMs took this as "Enforce SecureBoot no matter what" and ran with it, leading to situations where users do not know that there's an option to disable SecureBoot (if that option is provided by the OEM) as many OEMs nowadays do the bare minimum possible.
--
--Kradorex Xeron
[an error occurred while processing this signature]



Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

Windows 8 certification requires the ability to disable Secure Boot (for x86 at least), and anybody who's game enough to do image backup and restore will probably not have any trouble finding how to do this in the BIOS.
--
Stephen J. Friedl | Unix Wizard | Security Consultant | Orange County, California USA | my web site



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

1 recommendation

said by Steve:
Windows 8 certification requires the ability to disable Secure Boot (for x86 at least), and anybody who's game enough to do image backup and restore will probably not have any trouble finding how to do this in the BIOS.

Sorry Steve you are talking BS, I'll bet with you that most Acronis customers have no experience with secure boot. Besides, BIOS is to many people an unknown word, and in case they know what BIOS is they don't know anything about required settings. You know about such issues, I know, a few others know, and that's it.
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4
reply to Steve

said by Steve:
said by Smokey Bear:
shame on Acronis.
Huh? What would you propose they do? Please show your work.

I'm not the vendor, I don't advertise with "compatible with Windows 8", it's all up to Acronis. However you are a full-skilled consultant so can advise them in a professional way, I'm just a nobody.
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4
reply to DigitalXeron

said by DigitalXeron:
The problem is Microsoft told OEMs to deploy SecureBoot on mainboards for Windows 8 certification, some OEMs took this as "Enforce SecureBoot no matter what" and ran with it, leading to situations where users do not know that there's an option to disable SecureBoot (if that option is provided by the OEM) as many OEMs nowadays do the bare minimum possible.

I fully agree.
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.

BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3

It's really easy to disable, and even Microsoft has recommended times you have to disable it beyond the more logical reasons to disable it.

»[WIN8] Windows 8 with Secure Boot enabled may no longer boot aft

If you have to boot from outside media it's not unexpected to turn off secure boot.

I see overreaction in the article unless the motherboard in question didn't allow them to disable it. I can only guess that the next step would be to have to go as far as making a new partition, and making an entry in the bcd loader, however I don't want recovery software needing to make a recovery partition on my hdd, I would still rather boot from it externally.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent our necks before emperors. But today we kneel only to the truth- Kahlil G.



Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5
reply to Smokey Bear

said by Smokey Bear:

I'm not the vendor, I don't advertise with "compatible with Windows 8", it's all up to Acronis.

If you believe that "Windows 8" means "must have secure boot", you're confused.


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

said by Steve:
said by Smokey Bear:
I'm not the vendor, I don't advertise with "compatible with Windows 8", it's all up to Acronis.
If you believe that "Windows 8" means "must have secure boot", you're confused.

What I mean is that vendor 'forgot' mentioning the secure boot issue, I can't imagine vendor believes that solely 'knowledgable' people will buy the product.
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

said by Smokey Bear:

What I mean is that vendor 'forgot' mentioning the secure boot issue, I can't imagine vendor believes that solely 'knowledgable' people will buy the product.

I'm sorry, you are completely misreading this whole situation, blaming Acronis for behavior that's not even remotely bad or misleading.

One can be fully compatible with Windows 8 while still being at the mercy of hardware that won't boot a non-Microsoft OS, and it's just how it goes - this is a hardware issue and it's not the job of Acronis to provide an AOL-esque wizard that does what cannot be done.


Lagz
Premium
join:2000-09-03
The Rock

said by Steve:

said by Smokey Bear:

What I mean is that vendor 'forgot' mentioning the secure boot issue, I can't imagine vendor believes that solely 'knowledgable' people will buy the product.

I'm sorry, you are completely misreading this whole situation, blaming Acronis for behavior that's not even remotely bad or misleading.

One can be fully compatible with Windows 8 while still being at the mercy of hardware that won't boot a non-Microsoft OS, and it's just how it goes - this is a hardware issue and it's not the job of Acronis to provide an AOL-esque wizard that does what cannot be done.

Windows 8 DRM working as intended!
--
When somebody tells you nothing is impossible, ask him to dribble a football.

OZO
Premium
join:2003-01-17
kudos:2

1 recommendation

said by Lagz:

Windows 8 DRM working as intended!

Yes, indeed: As it was cited:
Secure Boot is a new anti-rootkit feature introduced with Windows 8, which is designed to prevent the PC from booting an unrecognised operating system.

Everything that's not Windows 8 is an "unrecognized" (or "unauthorized", if you want it this way) OS and, by design, should not be allowed to boot on that PC... Perhaps a good way to re-gain PC market from the perspective of the company that pushed that design on users...
--
Keep it simple, it'll become complex by itself...


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4
reply to Steve

said by Steve:
said by Smokey Bear:
What I mean is that vendor 'forgot' mentioning the secure boot issue, I can't imagine vendor believes that solely 'knowledgable' people will buy the product.

I'm sorry, you are completely misreading this whole situation, blaming Acronis for behavior that's not even remotely bad or misleading.

One can be fully compatible with Windows 8 while still being at the mercy of hardware that won't boot a non-Microsoft OS, and it's just how it goes - this is a hardware issue and it's not the job of Acronis to provide an AOL-esque wizard that does what cannot be done.

The software is not fully functional, some of the features don't work 'out-of-the-box'. Again we see here lack of vendor information wich almost always (can) lead to misinterpretation and serious problems. True Image is not just 'standard' software, it is intended to get all data back with a complete PC-backup solution in case of disaster. FWIW this is also one of Acronis' sale argument, they are also talking about "an easy-to-use data backup and hard drive recovery software." Again, a knowledgable customer will know what to do in case of disaster on a Windows 8 PC (anyways let's hope he will know), how about a noob buying in confidence the software will not strike in case of emergency? He isn't interested in hardware issues as mentioned by you nor have the knowledge about hardware, all he need is a working PC, that's the sole reason he bought the software after reading: "New! This software is Windows 8 compatible".
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


Jan Janowski
Premium
join:2000-06-18
Skokie, IL

1 recommendation

reply to Smokey Bear

Now I have Another reason why I have no interest in Windows 8
--
Looking for 1939 Indian Motocycle



vaxvms
ferroequine fan
Premium
join:2005-03-01
Wormtown
kudos:3
Reviews:
·Charter
reply to Steve

said by Steve:

I'm sorry, you are completely misreading this whole situation, blaming Acronis for behavior that's not even remotely bad or misleading.

You can't blame Acronis for what's happening but you can fault them for not stating their product won't do some of the things it claims.
It doesn't do shazbot with Win 8. The product spec needs to say it doesn't do shazbot with Win 8 and shouldn't be touted as being "fully" compatible.
--
CMKRNL


Drunkula
Premium
join:2000-06-12
Denton, TX
Reviews:
·Verizon FiOS
reply to Smokey Bear

I installed Win8 to my laptop and I really don't like it. I have my C: and D: drives (Win7) saved to an external USB drive using Acronis. However, I don't believe it will affect my as my laptop is not using SecureBoot. We'll see, though.
--
There are 10 types of people that understand binary numbers. Those that do - and those that do not...


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to vaxvms

How is it not compatible with Win 8? It is as long as you enter bios and temporarily disable Secure Boot. SUPPOSEDLY, you can disable secure boot permanently if you wish (at least Intel says you can) but although Dell told Ed Bott in 2011 that this would be possible on all Dell Win 8 computers that has turned out to be NOT true, but you can disable temporarily and then Acronis will work. (Of course, if it is a Dell you are required to call Dell to get permission to enter Bios...Dell is having so many problems with new BIOS that they actually are telling users that entering Bios and changing anything will void the warranty unless done so under Dell tech supervision) but I don't know if other OEMs are doing this or having the severe problems Dell is having with its implementation of UEFI and fast boot. So, Acronis TI is compatible in THIS REGARD. Entering bios on a Win 8 computer is not easy though as boot is screaming fast so you have to know exactly what to do (hit the computer start button with one hand and with the other, AT THE SAME TIME, begin tapping F2 if you wish to enter bios. Acronis should have those instructions on their site as it is different from earlier OSes where boot was much slower.

A perhaps more important consideration is that Acronis 2011 did not support EFI GPT drives - does 2013? I see nothing about it at Acronis site. What I see there would make me run as fast as possible in the opposite direction and not because of whether not it fully supports Win 8 and restoration of EFI GPT drives but because of all the garbage that is now included in what should be an imaging program only.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5
reply to Smokey Bear

said by Smokey Bear:

The software is not fully functional, some of the features don't work 'out-of-the-box'. Again we see here lack of vendor information which almost always (can) lead to misinterpretation and serious problems. True Image is not just 'standard' software, it is intended to get all data back with a complete PC-backup solution in case of disaster. FWIW this is also one of Acronis' sale argument, they are also talking about "an easy-to-use data backup and hard drive recovery software." Again, a knowledgable customer will know what to do in case of disaster on a Windows 8 PC (anyways let's hope he will know), how about a noob buying in confidence the software will not strike in case of emergency? He isn't interested in hardware issues as mentioned by you nor have the knowledge about hardware, all he need is a working PC, that's the sole reason he bought the software after reading: "New! This software is Windows 8 compatible".

You seriously don't understand this issue and are latching onto an emotional and foolish argument.

The fact that somebody has to go into the BIOS in order to turn off Secure Boot is not some kind of rocket science requirement, especially since on many systems they'll have to go into the BIOS anyway to set the boot order for the CD, and it's the kind of thing you take care of with a knowledge base article.


Lagz
Premium
join:2000-09-03
The Rock

1 recommendation

reply to Smokey Bear

The problem here is that most people don't and won't enter the bios for fear of messing something up. I know people that are pretty computer savvy that refuse to mess with the bios after I had mentioning that they needed to change a setting in it.
--
When somebody tells you nothing is impossible, ask him to dribble a football.



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

2 recommendations

reply to Steve

said by Steve:
You seriously don't understand this issue and are latching onto an emotional and foolish argument.

The fact that somebody has to go into the BIOS in order to turn off Secure Boot is not some kind of rocket science requirement, especially since on many systems they'll have to go into the BIOS anyway to set the boot order for the CD, and it's the kind of thing you take care of with a knowledge base article.

Again: you are talking BS, please don't try to characterize me as being emotional and foolish. You are invited to read e.g. the Official Acronis Support Forums and see the light. Please notice that even Acronis haven't an satisfying answer/solution on EUFI-related problems. Finally, don't forget to read posts regarding specific PC-manufacturers, BIOS and EUFI and there's no solution, especially not in the way you are suggesting. You are presenting the EUFI-issue as being solvable, however there are many cases that going into BIOS and making appropriate settings just don't work.

It's obvious you are supporting the vendor no matter they are right or wrong, I prefer to support the consumer, even more in cases where the vendor don't know how to provide support in a reliable, adequate and knowledgeable way.
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

said by Smokey Bear:

You are presenting the EUFI-issue as being solvable, however there are many cases that going into BIOS and making appropriate settings just don't work.

So you're blaming Acronis for not being "Windows 8 compatible" when the underlying hardware isn't either?

Really?

OZO
Premium
join:2003-01-17
kudos:2

1 recommendation

reply to Smokey Bear

Again, "Secure Boot" is a DRM. And, as it always happens with DRM, customer suffers. Why? Because DRM is essentially a vendor's protection from unwanted customer's actions. Nothing less and nothing more. The rest is just a marketing BS around it.

In this case the vendor is m$. Unwanted customer's action is booting any other OS, except Windows OS.

Today (and so far) they can't take complete control over user's PC and prohibit to use other OS's or they'd face many sue cases. But they want to create additional difficulties for user to do so. That's why they specify that "Secure Boot" should be optional (again, at this time so far). But, at the same time, they require the option to be set "on" by default... My guess is, if it's become a new normal, the next step would be - they require to remove the option from the BIOS and allow to boot Windows OS without any exceptions. But that will only work in their wild dreams, I hope...

Returning back to Acronis:
1. By "Secure Boot" design - there is no way to boot any other OS except Windows 8. And Acronis True Image is that "unauthorized" OS. You have to turn off that feature (if you can) in order to use it.
2. The only thing, that I can blame Acronis for, is - they did not warn every their customer to turn off "Secure Boot" as a first necessary step of using True Image.
3. If users discover that they can't turn "Secure Boot" in their PC, they should return that PC back to manufacturers as a "lemon" (you can't restore your data in case of any hardware failure).
--
Keep it simple, it'll become complex by itself...


salahx

join:2001-12-03
Saint Louis, MO
reply to Smokey Bear

This shouldn't even really be an issue though, Linux distributions already have a solution for this.



ashrc4
Premium
join:2009-02-06
australia
reply to Smokey Bear

said by Smokey Bear:

Windows 8 is blocking Linux-based recovery environments

Can you work on the title please .... Seems misleading.
Like "Windows 8 Secure Boot proving problems for Acronis"
--
Paradigm Shift beta test pilot. "Dying to defend one's small piece of suburb...Give me something global...STAT!


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

said by ashrc4:
said by Smokey Bear:
Windows 8 is blocking Linux-based recovery environments

Can you work on the title please .... Seems misleading.
Like "Windows 8 Secure Boot proving problems for Acronis"

Done, topic is focusing on Acronis True Image in particular, therefore title changed as requested.
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


Lagz
Premium
join:2000-09-03
The Rock
reply to salahx

said by salahx:

This shouldn't even really be an issue though, Linux distributions already have a solution for this.

Apparently not.
--
When somebody tells you nothing is impossible, ask him to dribble a football.


Woody79_00
I run Linux am I still a PC?
Premium
join:2004-07-08
united state
reply to Steve

I agree with Steve, this isn't Acronis fault. Acronis has "zero control" over functions added to motherboards by OEM or other motherboard manufacturers. SecureBoot being one of those features.

The software itself works just fine, if the OEM or motherboard vendor ships the board with SecureBoot on, then it is up to the user to disable it.

I know i speak for many here when I say: "I sure don't want any software messing around with any of my BIOS settings"....that would just be a recipe for not only a firestorm, but a technical support nightmare Acronis....



Lagz
Premium
join:2000-09-03
The Rock

This might be a gold mine for PC repair. Average Joe jumps into the BIOS and screws up something, then heads to the repair shop or tosses it as trash. This might become a nightmare for manufacturers as well, as average Joe now has to get inside his BIOS and tinker.
--
When somebody tells you nothing is impossible, ask him to dribble a football.



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

reply to Smokey Bear

Re: Windows 8 Secure Boot proves problems for Acronis True Image

Is there any imaging software product that doesn't currently face this Win8/SecureBoot barrier that requires BIOS intervention to resolve... especially in case of a drive/hardware failure?
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville