Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Responds To Linux Concerns Over Windows 8 and UEFI Secure Boot

Posted by Soulskill on from the putting-out-fires dept.

CSHARP123 writes "A few days ago, Red Hat employee Matthew Garrett speculated that OEM machines shipping with copies of Windows 8 may lock out support for Linux installations. Garrett highlighted Microsoft's new Secure Build OEM requirements for Windows 8 systems. Microsoft chose to directly respond to confusion surrounding Windows 8's use of the UEFI Secure Boot feature on Thursday. Tony Mangefeste of Microsoft's Ecosystem team said, 'Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secured boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.'"

8 of 389 comments (clear)

  1. translation by drinkypoo · · Score: 5, Insightful

    "Microsoft will attempt to use our gorilla status to force OEMs to lock out non-Windows operating systems, but ultimately, it's their decision as to whether they want to make it possible for you to run what you want on their computer, or whether they want us to not bomb them into the stone age and build a parking lot on the smoking ruins of their company."

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. I see what you did there... by DontBlameCanada · · Score: 5, Insightful

    Nutshell summary after actually reading the TFA:
            "You can launch any operating system you like, but if you want to benefit from UEFI secure boot protection, you can only launch Windows 8."

    From their screenshots and commentary, there doesn't appear to be any opportunity to add a new "trusted" O/S images to their database. So even signing your secure Red Hat Enterprise Linux won't help you. If you want to use it, you need to turn the bootloader security checks off. The obvious implication, if you want MBR protection you must run Windows 8. Anything else opens the door.

    Yup, Red Hat's take on the situation seems the most accurate.

  3. Re:Translation by GordonBX · · Score: 5, Insightful

    Considering the reaction here; the OEMs that would do this would get so much bad PR, that a significant number of customers would flee to some other manufacturer.

    Of course you're right.

    That's exactly what has happened with mobile phones. (cough).

  4. Re:Translation by JamesP · · Score: 5, Insightful

    No, the problem is:

    BIOS vendors are complete idiots

    "EFI" vendors are the same guys

    It's a crapfest of proprietary extensions, NIH syndrome and a million ways to change monitor brightness. And of course it's only tested on the latest Windows version, well, because...

    Of course, Intel is to blame with the whole ACPI mess and looseness. Typical engineer mentality a standard that standardizes nothing.

    Really, Intel and AMD should join forces in this: Make 'to change monitor brightness write a value from 0 (darker) to 0xff (brighter) to register 0xABC PERIOD'. "but but but", "I SAID PERIOD".

    --
    how long until /. fixes commenting on Chrome?
  5. If you can't be bothered to RTF... by neokushan · · Score: 5, Informative

    Just take a look at this image.

    That's all you need to know.

    In Summation: There is a genuinely good reason for enabling secure boot (malware prevention - genuine malware prevention, not just some underhand tactic that's masquerading as malware protection) and as long as your OEM isn't a dick, you should be able to disable it much like how you can disable features in your BIOS today. The decision to remove that ability is down to the OEM, not Microsoft.

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
  6. Re:Translation by TheRaven64 · · Score: 5, Interesting

    NIH syndrome

    NIH is the reason why UEFI exists at all. OpenFirmware already existed, had several independent implementation (including some open source ones), and was a free standard that anyone could implement. So Intel made a new 'standard' that is a crappy copy of OpenFirmware.

    --
    I am TheRaven on Soylent News
  7. Re:Translation by diegocg · · Score: 5, Informative

    ACPI was not designed by Intel alone, Microsoft was also there. And let's remember what Microsoft tried to do:

    From: Bill Gates
    Sent: Sunday, January 24, 1999 8:41 AM
    To: Jeff Westorinon; Ben Fathi
    Cc: Carl Stork; Nathan Myhrvold; Eric Rudder
    Subject: ACPI extensions

    One thing I find myself wondering about is whether we shouldn't try and make the "ACPI" extensions somehow Windows specific.

    It seems unfortunate if we do this work and get our partners to do the work and the result is that Linux works great without having to do the work.

    Maybe there is no way to avoid this problem but it does bother me.

    Maybe we could define the APIs so that they work well with NT and not the others even if they are open.

    Or maybe we could patent something related to this.

  8. Re:Translation by Anthony+Mouse · · Score: 5, Insightful

    Maybe one day you will realize that every field protects itself. Doctors and lawyers restrict their trade. Regulators and government employees have direct access to government cash.

    Economists call this behavior "rent seeking" and it is considered inefficient and undesirable. The idea that Microsoft should not be criticized for engaging in it is highly misguided.