Slashdot Mirror
How Microsoft Can Lock Linux Off Windows 8 PCs
Julie188 writes "Windows 8 PCs will use the next-generation booting specification known as Unified Extensible Firmware Interface (UEFI). In fact, Windows 8 logo devices will be required to use the secure boot portion of the new spec. Secure UEFI is intended to thwart rootkit infections by using PKI authentication before allowing executables or drivers to be loaded onto the device. Problem is, unless the device manufacturer gives a key to the device owner, it can also be used to keep the PC's owner from wiping out the current OS and installing another option, such as Linux."
And why would a device manufacturer lock the device to a particular OS? Maybe for the same reason they could be coaxed to only sell the device with a particular OS?
You're absolutely right, if you completely ignore history.
"When information is power, privacy is freedom" - Jah-Wren Ryel
In my opinion neither the title nor the article are overly sensational as claimed by you. While it is technically true that the device vendor does the lock out, this is nothing more than a smoke grenade tampering with the truth.
The fact is that Microsoft will require the manufacturers to support this technology if they want to sell devices on which windows will run. Even more the fact is, that this means that they will have to include keys by Microsoft which will prevent the device from running unsigned code like Linux.
And while it is still a rumor it can probably be taken as a fact that disabling this feature (if made possible by the manufacturers) will likely cause Windows to not start because this is what malicious software would do as well and allowing this would circumvent the security improvement.
So cut the crap. Yes, it will be the device manufacturers who will effectively bring this restriction into life. But it will be Microsoft who forces them to do so.
Trusted Boot prevents the use of alternative boot disks. It is controlled from chips soldered onto the motherboard and PKI keys.
No key, no boot. Replacing drives or using external drives does not help. There is no "BIOS Reset" option and you can't short jumpers to clear it.
Google uses it on the CR-48 Chromebooks, but also includes a little switch under the battery to turn it off. With it turned on, the system boots only Google-signed images and nothing else. Period.
Learning HOW to think is more important than learning WHAT to think.
If you don't get the key when buying your computer, complain to your manufacturer. It's their fault. I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway, you're just throwing away money.
What about those people who buy Windows now, because they don't know any better, but then learn about Linux, and want to install it on their then old computer several years from now? This is not only a plausible scenario for installing Linux on a computer which had Windows initially, but it is also a scenario where complaining to the manufacturer won't help: he may no longer be in business by them, or not longer have the keys for obsolete machines.
O, and another reason to buy a computer with Windows if you're going to install Linux anyways: maybe Microsoft is still so good at bribing most manufacturers that it is difficult to find computers of the desired spec without Windows.
"Try it again?" They haven't stopped.
"When information is power, privacy is freedom" - Jah-Wren Ryel
I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway,
Even if we ignore the new Linux installs, how about re-purposing an old PC, second hand PCs, corporate computers that are sold off for cheap, huge blocker for people wanting to migrate/test Linux and so on. Laptops pretty much all come with the OS preinstalled and the desktop market is dominated by OEMs. The volume of "virgin" hardware that's never been touched by Windows is just a few percent of the market (excluding Macs, but Apple might decide to do the same).
Live today, because you never know what tomorrow brings
They don't have to be coaxed, it's in their best interests to lock it out from the purchaser. It's the same reason they lock you out of android phones. Installing your own OS is something they don't want you to do because they think it drives up support costs and makes their built in advertisements go away.
Microsoft said they're trying to figure out how to allow users to dual-boot. In the //build/ video discussing the new Windows 8 boot process, the presenter said they were trying to figure out how to keep boot secure but still allow users to boot into Windows 7, since Windows 7 doesn't support this.
And if it works for Windows 7, it'll probably work for Linux.
I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway, you're just throwing away money.
Maybe because many manufacturers actually sell PCs with Windows installed for less than they sell PCs with Linux (or no OS).
The truth is that all men having power ought to be mistrusted. James Madison
MS wants to take advantage of UEFI, which has obvious benefits. Chromebooks work the same way, but we don't read any heated /. articles about it because Google is charmed and MS is "evil".
It is up to the device manufacturers to figure out a way to let the end-user ultimately take control of their own PCs. They could do that Chromebooks style -- a hardware switch -- or by distributing the key in a secure manner, such as mailing it to the owner's registered home address. Consumers who care about this issue should look for this feature in whatever device they purchase. What's all the fuss?
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
Maybe you're just ignorant. I've asked three computer stores in my area, and they all say that they are contractually obligated to install Windows on every PC they sell. I asked if I could buy one with no OS, or with another OS installed, and they said their Microsoft contract forbids it. That was this year, not 15 years ago.
I'm aware. Does that mean I will have a choice then?
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
If trusted boot is used to deny people's right to hardware they lawfully purchased I expect to see attacks of both technical and legal natures succeeding against trusted boot.
it's not a bad idea in general as long as the owner of the device holds the key.
Snowden and Manning are heroes.
"Vote with your feet", "vote with your wallet"...
I'm sick of hearing that crap. How do you vote with your feet if there is barely any choice in the so-called "marketplace"? And if you vote with your wallet, will that count against the votes of others whose wallets are rather thicker than yours?
All these "vote with" phrases make a mockery of democracy. Here is my suggestion: vote with your vote. I know, it's pretty damn bold.
Gravitation is a theory, not a fact.
Pardon me as I ramble.
As a guy in the phone support trenches for a certain OEM, I just have trouble seeing this work well for everyone.
I see often enough that businesses will buy a brand new machine with Windows 7 pre-installed, then blow away the OS load to immediately try to install Windows XP.
I have a hard enough time trying to teach these people that they NEED to include the Intel RST driver bundle in their image so that they stop getting STOP: 0x7B on their attempt to install or boot.
I have a hard enough time trying to teach these people that they need to make sure their image is aligned on the new Advanced Format hard drives that are going in some of the smaller form factor machines (usually it's a 2.5" drive), since they want to install XP on the damn thing, then complain a week later that the machine is very slow and almost unusable.
I don't speak to customers too often that aren't running some flavor of Windows, but the few I do run into seem happy when they get someone who understands the issue they've got, and will help them despite this OEM's general policy of not assisting with an OS that the OEM did not ship. These calls are usually large corporations that run Red Hat or SUSE or something else in their corporate environment, and prefer to pay for hardware support from the OEM I work for, just so they can have coverage for all of their users in nearly any country they visit.
Keeping that last bit in mind: An OEM that implements a lockout 'feature' that prevents an operating system other than Windows 8 from being installed had better have a backup plan that keeps businesses happy, or else they've just committed suicide. It's business sales, more so than consumer sales that keep OEMs going, because businesses buy big damn contracts. Piss off the big damn contracts, and you piss off your paycheck.
One of these days, I am going to flip out. When I flip out, I'll be back in five minutes.
Are iPads legal in the EU?
If you think they should be, make your case to the EU. You never know. The existing rulings against Microsoft were made because companies complained. The way Apple is going, with a chance of achieving a monopoly in the tablet market, I suspect they'll cross swords with the EU at some point.
However, the issue here is not whether Microsoft should be able to market their own-brand locked down tablet - its the hypothetical idea that MS could use its leverage with OEMs (i.e. the cost of MS software licenses, and other incentive schemes) to encourage them all to lock out non-MS operating systems. Hypothetical, but a plausible extrapolation from their past practices...
But do not fret, you can still install whatever OS you like on an Apple Mac.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Disclaimer: I'm in the PC retail business.
There are no "Microsoft contracts" up here in Canada, certainly not with the individual shops as that would be a logistical nightmare to administer, even for MS. What does happen is skeevy shop owners like to sell an overpriced OS with every PC, because it's often the only profitable part of the deal on low-end machines. They make up these ominous sounding "contractual obligations", to which the alternative is to buy the PC unassembled with only a 30-day (in-store) warranty rather than the usual 1-to-3 year deal. A lot of customers don't know any better, so they fork over an extra $150-200 for an OEM license of W7HP.
With the big-box brands it's a bit different, because they love the preloading business. They still get paid to put bloatware on your machine - McAfee and MS Office trials - and of course they get a deep "volume" discount on the OS itself. There's still nothing that can legally force them to shove an OS down your throat, but since they don't list a price for an OEM license of the OS, nor many of the core components in the machine, they can argue that it's included in the base price, so there is no point in asking them to remove it since it's "free". They really could sell you a machine without Windows if they so wanted, and for larger corporate purchases you can specify that (or provide your own ghost image), but for the consumer stuff they would much rather sell you a preloaded PC that's ready for the average casual user. Just the support calls alone, from clueless users who bought a naked machine and don't know what to do with it, would be a PR nightmare and a huge cost sink. I've lost count of the times people bought naked machines from me, claiming they didn't need an OS, then returned a day later to buy the damn disc.
Think back a few years, when Dell briefly offered Linux-ready PCs. They cost more than the Windows-loaded versions of the same machines. Now you can run up and down with your conspiracy theories about MS bribes and whatnot, but the reality is that charging a little bit more for the Linux-ready variant ensured that the average Joe Random would buy the cheaper Windows one, even if the difference was only $30 or so, it's sufficient. This, in turn, probably saved them countless frustrating support calls from irate morons. Then a bit later they started preloading Ubuntu on there, to at least have the machine boot to an internet-ready OS.
-Billco, Fnarg.com
Because if you RTFA you see that Microsoft is mandating that all manufacturers do this. They mandated this. They know exactly what they are doing
The sad fact is, that microsoft was the great innovator in this space. IBM, who came before them, didn't allow any os but their own to use any hardware they produced, nor did they allow any competition on the hardware side of things. They were like apple's iphone business.
Microsoft is the reason that you can install alternative operating systems in the first place. Everyone else managed to blow themselves up, despite having a really strong opportunity. DR-DOS, Concurrent PC-DOS, CP/M, FreeDOS, PTS-DOS, ROM-DOS, Novell DOS, OpenDOS and I'm not even providing a full list here. Geos, PC/Geos, GeoWorks, MAC/OS, OS/2, Amiga/OS, BeOS, Iris, NextStep, RISC OS, Visi On... Microsoft openly competed with all of them and won, mostly on technical merit. Apple was one of the companies that used the courts to prevent alternative operating systems from becoming possible, and has always been openly hostile to competition. Along with that, Microsoft created the market for hardware innovations (my apologies to any lisp/c64/... machine addicts, but ... even you know what I man). You should give them credit for that, even if that credit mostly belongs to Bill Gates, and little claim can be laid to it by the current microsoft crew.
Microsoft is the canonical example of a company that faced lots and lots of competition and won mostly on technical merits.
Besides, I'm kinda starting to hate this anti-microsoft bashing. It's been years since I've used any form of windows on my own machines, or at work. There is no anti-competition behavior microsoft might be doing of that apple isn't doing 10x worse. Compatibility with iWork ? Just try it. Yet apple is not just forgiven for being anti-freedom, but actually revered for it. "A curated experience is better" and so on. And on apple machines, you really can't install the software you want, because there are actual, technical control measures in place that actually try to prevent it.
In this case, people are afraid of what microsoft *might* at some point, try to do. Great. Microsoft, today, isn't the problem. Apple is the big enemy of software freedom today. Microsoft is mostly becoming less free by imitating apple.
So please, let's shelve this discussion until apple has been broken up into a hardware business entirely separate from the software business. Including on the iPhone front.
Stopping dual boot or changing the OS by users would stop the market penetration by Linux. Maybe the knowledgeable Linux crowd might build their own computers but this is beyond the capacity of probably 99% of computer users. Market penetration by a competing OS would be stopped cold which is what MS wants. They want to stop the downward slide of Windows. Yes, Linux has a very small share of the OS market, but what about some new and different OS that is developed in the future. This would stop them from even starting. It's not just about Linux.
I must say you are not getting the way of the future here. There won't be any machines you can build yourself. The best and newest mobos will not support anything but Windows. You've been outmaneuvered - they've been working on this for over ten years.
Just as you can't shut off GPS tracking on your phone, or the mic for that matter, you will not be able to bypass the switch on the mobo. Try to deactivate it, and the encrypted embedded software will prevent the board from booting, period.
And remember this: any encryption on that subsystem will enable Microsoft to invoke the Digital Millenium Copyright Act against anyone who "breaks" the encryption. You might have rights to mod the hardware, but you have *no* right to break the DMCA and decrypt the bootup blocking software. This is a trap sixteen years in the making. Welcome to the future we warned you about.
Because if you RTFA
RTFA, indeed:
there's nothing in there about "all manufacturers". it's a logo requirement, nothing more. windows 8 will run fine on my homebrew PC and i'll still be able to dual-boot debian.