Slashdot Mirror
Australian Users Petitioning Against Windows 8 Secure Boot
In his first accepted submission, lukemartinez sends in an excerpt from a ZDNet article on continuing developments about Microsoft's UEFI secure boot requirements: "The Linux Australia community began petitioning the ACCC this week after Microsoft aired plans to mandate the enabling of Unified Extensible Firmware Interface's secure boot feature for devices bearing the 'Designed for Windows 8' logo. This means that any software or hardware that is to run on the firmware will need to be signed by Microsoft or the original equipment manufacturer (OEM) to be able to execute. This would make it impossible to install alternative operating systems like Linux..."
Delimeter has further information on the petititions, and Matthew Garret recently posted a follow-up to Microsoft's response to the concerns about secure boot, calling them out on their misinformation.
I'm hunting, but I can't seem to find exactly where to sign the petition in any of these links...
I write professional videogame reviews! http://www.digitallydownloaded.net/
Doesn't this only affect OEM stuff, in which case, who cares.
WTF are you talking about? It will affect any PC that you want to load another OS on.
This petition and the signers of it just show that they're ignorant of the technology and the implementation of it. Unfortunately you might have government bodies thinking there is no smoke without fire, and making threats about this or that. But truth is this is a manufactured story that really has yet to cause anyone any problems.
Let me ask you this: Who has built a system with a UEFI subsystem which doesn't allow Secure Boot to be disabled by the user? Answer: Nobody.
I'd strongly implore europeans to look at similar moves. The EU courts have proven time again to have backbone when it comes to anti-competitive behaviour in the IT industry, and right now this is Microsoft playing the checkmate card its been threatening for a long long time.
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
Anyone who wants to repurpose an OEM computer. Anyone who doesn't want to pay extra for jailbroken motherboards. Anyone who thinks people should own their property, instead of being beholden to the manufacturer.
That's who.
Give me Classic Slashdot or give me death!
It seems the main complaint actually is that Microsoft does not require hardware manufacturers to allow users to disable secure boot, but that this is entirely up to the hardware manufacturers. I am not even sure Microsoft would be legally allowed to try to control what manufactureres do outside what is directly related to Windows (they can say that to use Windows logo you must boot this way, they can't tell the manufacturers what to do for other booting scenarios).
Vote with wallet and buy PCs that have the option to disable secure boot.
What's with all this secure boot crap anyway? When did anyone last get a virus, trojan or worm through the boot process and not through say the browser or a rogue piece of software?
Has Symantec or McAfee infiltrated into Microsoft or something?
Why OpalCalc is the best Windows calc
Really though...who buys a vendor PC then slaps Linux on it? We build our PC's..
I did just that with my laptop
I have with all my Dell work laptops and desktops that I run. Linux hosts, XP/7 virtual guests.
Dear Microsoft,
Please include the requirement for secure boot. I know how to download vmware player to run the things I want to run in a virtual machine and I greatly desire to have a secure underpinning to my OS. Thanks.
Gabe
I do security
And the mother board you buy will be similarly locked
People who build their own desktops shouldn't be affected, however laptops and pre-built desktops usually come with a very pared down BIOS. Assuming this trend continues onto UEFI systems then it is possible that you won't have the option to disable secure boot and won't be able to run Linux on some laptops or store bought PCs.
To be honest I think secure boot is a good feature and should be included, just so long as Microsoft agreed to also require the ability to disable it before certifying. And even better if they also required the ability to install your own keys.
Uh... "OEM" is pretty much every PC maker. And that's thing isn't it? In the case of Dell, you can be sure that consumer models will have their UEFI locked to Windows and the business models will still be allowed to run Windows XP - Windows 7 by disabling this feature. But as for being able to install new keys for other OSes? I'm going to simply doubt it because once that code is made available, you can expect malware to make use of it as well.
And here's the thing. In order to get better security, you pretty much HAVE to stop people from being able to do stupid things. It is precisely the user doing stupid things which is the most significant source and cause of security problems on PCs today. You can disable and limit things all day long, but in order for users/consumers to be able to make use of their stuff, they frequently need to disable security features as applications publishers and others are not always on board with security strategies. And let's be frank -- Microsoft hasn't been strongly security focused in the past. And the result of this past means a lot of old applications expect to live in a less secure environment. (And it's not like we haven't seen this in countless other ways such as a persisting need for MSIE6 because their browser was broken by design and applications written for it will not work with other browsers... lock-in worked for a while but was not considerate of the future.)
Is there an alternative approach? Can you allow users to do stupid things and maintain security? If there is a way, it has escaped my imagination.
Are the motherboards upon which all of today's "DIY" just-plug-it-where-it-fits "custom built" computers depend not OEM now?
Yes, it definitely will affect OEM products(such as, oh, every laptop you might want to use); but team "Just Build Your Own!" isn't in a substantially better position unless the OEMs that make motherboards are substantially more helpful than the OEMs that make whiteboxes(and paying $50 extra for the "enthusiast edition" that lets you do your own keyfill isn't going to cut it)...
Only if there is no way to disable secure boot.
The problem here is that a majority of users are Windows users that will actually benefit from running a computer with a secure boot loader. So Microsoft is serving the interests of their users by pushing for secure boot.
The good reason to oppose secure boot is the fear that computers will ship locked to Microsoft's keys. Before petitioning the government to specify the terms under which Microsoft can offer a logo program, people should be encouraging Microsoft to add a requirement for a method of disabling secure boot to the logo program (this may well be futile...).
The reason for Microsoft to do this would be to put the whole damn issue behind them, and it only really matters for random consumer hardware that might end up with Linux on it, not a space they face much competition in.
(Server and business vendors will continue to sell their customers what they want, running arbitrary software on such systems will not be problematic)
Nerd rage is the funniest rage.
The article lists the hardware manufacturer -- the system builder -- as Microsoft's customer. This is not surprising, since they are the people giving money directly to microsoft.
So like with everything else in life, if you want to have control over something, all you need to do is to pay for it. You're welcomed to purchase your computer from Best Buy, and thus give Best Buy all of the control. Best Buy can choose what you'll get vis-a-vis the security of the OS. Or, you can do what many of us do.
You can purchase Windows 8 directly, and install it yourself. Then you'll be the "hardware manufacturer" (a term that's lost all meaning here), and you'll have complete control over it.
Welcome to the power of money.
I mean that sincerely but Microsoft has already implemented their legal stance, "It is not up to us. It is up to the vendor".
Having to work for a living is the root of all evil.
Are you planning to design and fab your own motherboard, as well? With the exception of hardcore; but largely irrelevant, hobbyists wire-wrapping their TTL micros, nobody "builds" computers. They buy a few high level chunks of a computer, with well defined physical and logical interfaces, and plug them in to one another. That doesn't make you an OEM, that makes your motherboard manufacturer the OEM and you the systems integrator. Unless you think that MSI will magically be more cooperative than Dell, that places you in exactly the same position...
and wants to load windows 7?
Some 3th party disk encryption system?
3th party imaging tools?
memtest?
windows xp? (for some old stuff that may only work with it?)
Linux (some business do run linux even if it's in a very limited way)
systems with deep freeze and other 3th party lock down apps.
Really though...who buys a vendor PC then slaps Linux on it? We build our PC's..
Right! I bought all pieces of my laptop and assembled it myself and installed Linux on it!
Oh wait ... I was dreaming again.
You won't be paying extra for jailbroken motherboards, you might be paying extra for motherboards with vendor supported methods for disabling secure boot or inserting user keys. Such boards will exist, corporate hardware buyers will demand them.
(A simple method is a switch or jumper, which should be quite safe from software tampering)
Nerd rage is the funniest rage.
Hmmm, let's look up the definition:
free mar-ket
noun
An economic system in which prices are determined by unrestricted competition between privately owned businesses
Please enlighten us about the competition part and explain how it works when one "privately owned business" owns 95% of it.
Your asking people to stop drinking the "sky is falling" cool-aid. Probably never will happen.
Regards,
MBC1977,
Allowing the user to intentionally add keys but preventing malware from doing so should not be too difficult for MB manufactures. Have a hardware jumper with 3 positions, 1) Do not enforce secure boot, 2) Enforce secure boot, 3) Only allow new keys to be added but do not allow the system to do anything else including booting.
Sheesh people, this is a free market. If you don't like it, don't buy it. It's not like these are mandatory government issued computers or something. On top of that, it is still cheaper to build your own machine and be your own Original Equipment Manufacturer.
This is a non-story.
Whoever modded the parent a troll, should not have been given moderator points because this is simply an observation that is not designed to inflame. It is a free market so vote with your wallet as it is far more powerful and easier than seeking assistance from the legal system. If everyone refused to purchase hardware that has Microsoft's Big Brother Bootloader than you'll see how quickly OEMs will be releasing firmware updates to remove this because, last time I checked, a company needs to be ultimately profitable in order to be viable. OEMs would be picketing at Microsoft's door.
You won't be paying extra for jailbroken motherboards
You might be paying a fine for jailbreaking your motherboard though...
If even. No OEM is going to want to deal with the legal shit storm that would ensue from not offering an off switch to secure boot. Even if Microsoft bribed them to do it, it wouldn't happen.
Furthermore, if Microsoft did go around bribing OEM's into removing the off switch, governments and other software companies alike would be filing anti-trust lawsuits left and right.
There's nothing to worry about.
..It's the OEM's. Nowhere does Microsoft mandate that OEMs must remove the option to disable UEFI secure boot, only that it's enabled by default.
For someone that's supposedly calling Microsoft out for misinformation, Matthew Garret does a great job of it himself. Here's a few points I noticed:
Which hardware vendors? Who? What hardware? Why? And what has that got to do with Microsoft?
And why shouldn't it? It also doesn't state that you can only ship Microsoft's keys. Why is it Microsoft's responsibility to get keys other than its own installed?
Exactly, however a system that ships with UEFI secure boot and only includes a linux distribution's signing keys will only securely boot that linux distribution. Why is the latter ok, but the former not? Oh wait, because Microsoft is the big, bad buy? Once again - Microsoft doesn't mandate that UEFI secure boot be forced, its the OEM's decision to remove the option to disable it.
Of course, this fails to mention (again) that OEMs are in no way forced to remove UEFI secure boot and by doing so, they'll be at a disadvantage in the marketplace and lose sales from people like this very writer....
In short: Because Nobody else can have secure boot, why should Microsoft get to have it? Apparently that's bad for even the likes of AMD and Intel.
Nevermind that 99.99% of malware targets windows, that most "zombies" on the internet are Windows machines, that most spam is sent from windows machines, which affects everyone. In that instance, giving Windows machines that extra blip of security by default hardly seems like a bad thing.
Woah woah woah! Didn't you just say that Microsoft were the only ones capable of forcing Manufacturers to include their signing keys? That the likes of AMD,
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
No, I won't. I'm aware enough that I will buy what I want and I am confident that there will be some lunatic hardware vendor choosing to market unlocked pc motherboards to paranoid nutbags like myself.
Nerd rage is the funniest rage.
The Right To Read from 1997:
Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers--you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that.
Not so sensationalist or paranoid now, is it?
-- Insert witty one-liner here. --
Of course motherboard vendors will be cooperative, they are going to have to do the work for server boards, they will happily translate that work over to the lunatic market (I would include myself in there).
Nerd rage is the funniest rage.
Circumventing a protection system? I'm glad nobody passed a law boneheaded enough to make that illegal even if you're not breaching any copyright .
http://news.slashdot.org/story/11/09/27/2130245/canadian-government-says-drm-circumvention-not-related-to-copyright
Slowly the pieces are coming together...
'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
I have NEVER seen a BIOS with minimal features.
(The original RedHat complaint was that "MadeForWin8" machines must support UEFI, and must include Microsoft's boot keys; RedHat were worried that BIOS makers would ship with this bare minimum of support, i.e. not allowing you to disable UEFI or to add your own keys.) Disclaimer: I work at MS as a language designer.
People who build their own desktops shouldn't be affected...
Wouldn't motherboard manufacturers roll over too? I can't see any of the major players volunteering to lock themselves out of the Windows 8 market. Fortunately I won't be in the market for a new mobo for some time, since I'm happy with the gear I have, but I can see this causing problems later on down the track. I really hope not, though.
So basically, the hardware manufacturers that go for locked secure boot will see drops in sales, I guess. I sure wont buy it if I can't use what I want on it. That's stupid.
If you buy from Best Buy, you bought from a system builder who bought from Microsoft nearly certainly. Ignoring the money they already gave to MS and enabled secure boot by default as well and giving MS *more* money to acquire the *same* software that will also be signed in a way to pass the same secure boot checking is only different in how convoluted the scenario is.
Protesting having this enabled by default is a tad asinine for most desktop users. Demanding that Firmware be mandated to have a configuration setting allowing it to be disabled is reasonable.
There is a crowd of people with a legitimate issue. If you have an unattended mass deployment of non-signed software (e.g. you don't want a 'tech' babysitting any particular system), there is a significant problem. In enterprise system deployment, this could be construed as anti-competitive as MS is the only vendor with the leverage to get their signing keys everywhere.
Overall, however, I think Trusted Boot is a losing game in preventing malware. It means your rootkits have to get bigger and you probably have to build it out of a chain of signed software until you find a weakness, but unless you make the PC fundamentally less usable than it is today, there is going to be a weakness somewhere. For example, if you allow RH signing key and RH just signed grub and then was done with it, suddenly you have a Windows rootkit using grub chainloading malware then Windows.
XML is like violence. If it doesn't solve the problem, use more.
I really doubt your claim of a 10 fold improvement in security. How many MBR rootkits have you cleaned up in the wild? How many lame malware infections have you seen/cleaned up in the wild (which secure boot won't help 1 iota)? For me those numbers are 0 to about 50,000 in the last 5 years.
Phishing and hacked websites that dump malware via browser bugs are the 2 biggest security threats I've seen in the last 5 years, and neither of these is even remotely addressed by secure boot, when someone comes up with a key signing scheme to stop phishing I'll listen to a "10 fold improvement" claim, not before.
And the mother board you buy will be similarly locked
no they are NOT AC scaremonger... i have /uefi and guess what???? you can disable secure boot!
http://www.ebuyer.com/267772-asus-p8z68-v-pro-z68-socket-1155-8-channel-hd-audio-atx-motherboard-p8z68-v-pro
ad it boasts a funky range of features including
so basically you talk crapioca or just make assumptions without any actual knowledge and spout....... crapioca
That's the side advantage to this security feature. It's a win-win for Microsoft. The cell phone industry has already set a precedent that this is an acceptable practice.
It's not a requirement for Windows 8. It is a requirement for 'Designed for Windows 8' OEM systems.
If vendor A builds a board with, say, no support for uefi at all, what the hell are your conspirators going to argue that they are circumventing?
To be clear, this board would be like most of the hardware in existence right now.
Nerd rage is the funniest rage.
So even if I can disable Secure Boot, does this mean I have to go into the UEFI and re-enable it each time I boot back to Windows 8?
At best, this is going to be a pain in the ass for people who dual boot.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
You won't be paying extra for jailbroken motherboards, you might be paying extra for motherboards with vendor supported methods for disabling secure boot or inserting user keys.
What exactly is the difference from the owner's standpoint?You're still paying extra for something you've always expected to be able to do.
Give me Classic Slashdot or give me death!
To be fair this would be two jumpers, since you don't seem to understand how jumpers work.
Thats like.... DOUBLE the work load. The motherboard would cost an extra $200 for that feature instead of $100.
As I understand it, a manufacturer could choose to include certificates for Windows Vista and Windows 7 and to write off the 0.5% edge case as an acceptable loss of market share. People who need Windows XP can still run it in Windows 7 Pro's XP mode.
Steve? Is that you?
You know we've told you being careful before.
yours sincerely
Microsoft Legal Department
PS : thanks for the fruit basket. The Mangos really cheered up my wife.
While this may have little impact on the (large) US market, Australians might be in for a major jump in their (smaller) PC business. If they mandate an end user accessible UEFI 'switch', they'll grab a large part of the mail order PC business supporting alternate operating systems.
If they can differentiate themselves from the rest of the world markets (OK, they probably won't be the only country passing such a law), they could potentially turn themselves into a key player in s/w development for advanced systems, servers, etc. Combine that with their proximity to the world's primary h/w producers (China, Taiwan, Singapore) and their English language and they have the opportunity to take a big step ahead of everyone else.
If the Aussie Linux users are smart, this is the way they'll pitch this to their legislature.
Have gnu, will travel.
Well, uh, the big ones are that it might not cost extra and the vendor will provide support (plus, the vendor supported stuff shouldn't have any thorny legal grey areas).
It isn't at all obvious to me that it will become difficult or expensive to get motherboards that will boot arbitrary code. So the focus really needs to be on complaining about consumer hardware and laptops, not motherboards and such.
And it still isn't clear to me why laptop vendors would universally decide to piss off some segment of their customers, so it goes even further to arguing that Joe Consumer needs to be protected from what vendors might do, for some unclear reason.
Nerd rage is the funniest rage.
No, you build it yourself
That works if you want a desktop PC, but how many end users actually build their own laptops?
I don't think that is the situation which causes concern. People will probably be able to still buy from the like of Asus, MSI, etc when building their PCs. The concern is the OEMs like Dell, HP, etc. With this new measure in place, consumers will not be able to repurpose those machines. If a fee is required, it hampers the used market. If no alternate keys are available, it kills the used market.
One thing not addressed is how MS intends to deal with enterprises some of whom will want to run an OS other than Win 8 (like Win 7). Or is this proposal only for consumer PCs.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Here's what I don't like about "secure boot" (from this article): "...The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor ..."
So, given that major OEM's tend to ship as minimal as possible BIOS/UEFI options: If you buy a Dell computer and cannot turn off secure boot, are you limited by hardware signing to Dell branded (and priced) graphics cards and etc?
Shh.
And what if the binaries are not signed in the correct manner for UEFI? Its not just a case of there needing to be keys, but the signing mechanism also needs to be supported - and I'm doubtful as to whether or not XPs entire boot chain is even signed.
And by saying that Windows XP users can run it in Windows 7s XP mode, you just forced another purchase on them...
No, OEMs are going to accommodate these users - thats pretty much guaranteed.
Yeah, the big thing to look at is re-purposing consumer hardware.
The proposal is only for PCs that want to ship with a Microsoft Windows 8 logo sticker, and nothing in it requires the vendor to lock the hardware to Windows, the logo program only requires that the vendor support Microsoft's secure boot stuff. So it basically doesn't have any bearing on any hardware that isn't trying to get the sticker, and people selling to enterprises will be happy to sell them computers without the sticker.
My comment is phrased the way it is because the poster I replied to is implying that the only way to get arbitrary code running will be to circumvent a protection system, which is woo-woo paranoid, at least until the government is proposing legislation mandating use of their secure computing platform.
Nerd rage is the funniest rage.
As for point 1: The incoming George W. Bush administration pretty much dropped the charges. I imagine that the incoming Romney or Perry administration will likely do the same.
Because, as everyone knows, change is bad. Slashdot has a long, long history of going into over-the-top hysterics over inconsequential things. Remember all those stories about RFID? Same thing. Paranoid ranting by the alarmist wing of Slashdot. In defense of their ranting, however, I would point out that sometimes even a crazy person is right. Also, it's hard to say whether the paranoids were in a tizzy over nothing or, through protesting, they managed to mitigate something that could have been very bad.
All in all, I'd suggest ignoring the prophecies of doom that crop up on Slashdot, but -- just to be on the safe side -- I don't discourage the paranoids from protesting against every little thing that sets them off. It makes for amusing reading, and, if they're ever right some day about the government using RFID to control our brain waves and violate our privacy, they might accomplish some good.
"Most of the hardware in existence right now" will stop being manufactured if Microsoft has its way. PC makers won't find it profitable to keep separate SKUs for the fewer than 1 percent of users who run desktop Linux. Used hardware will eventually break without an easy way of finding working replacement parts.
Before 8-bit micros were replaced with the Nintendo Entertainment System, people had "always expected to be able to" write their own programs for a home gaming computer in BASIC.
To be fair [a 3-position hardware jumper setting] would be two jumpers, since you don't seem to understand how jumpers work.
How would that be? One jumper with three pairs of pins has three settings. Look at any old parallel ATA drive and see the jumper for main drive, second drive, or cable select. Likewise, a motherboard would have three pairs of pins, one each for boot insecurely, boot securely, and manage keys.
I dont think people understand the motherboard market at all.
The motherboard manufacturer doesn't do any more or any less work soldering on the BIOS they purchased from a BIOS maker. To be quite clear, the motherboard manufacturers dont write the BIOS. They buy the BIOS.
This idea that the motherboard manufacturers will suddenly be writing UEFI ("doing work for server boards") instead of purchasing it is wrong, silly, and indicates a level of ignorance that suggests that you shouldn't be forming an opinion on the subject.
"His name was James Damore."
Why is Microsoft's legal department giving advice to Steve Jobs?
Nerd rage is the funniest rage.
Wedges have a thin end. How long does it take something to make the transition from Optional, through Reccommended to Mandatory?
Maybe I am being paranoid, but history has shown that M$ has a great love of doing exactly this kind of thing. so we should be vigilant for the first signs of this.
'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
If you think that the Linux server market is not big enough to get vendor support, I don't know what to tell you.
Servers will. Laptops won't.
Sorry. Do they do integration work with the bios that they purchase? I mean, now that I have the ear of an expert.
Do you expect that the combinations of the various vendors involved will universally avoid marketing consumer hardware with a secure boot configuration option? (that's not a great outcome, but it is 'just' more expensive, rather than unavailable)
Nerd rage is the funniest rage.
Go after the manufacturers. Just make it so that if someone sells someone else a computer without the new owner getting all the keys, let that be prosecutable as fraud or some variant of all the crazy anti-hacking laws.
If I had to guess, I'd say it's such a shocking and overtly demonstration of dealing in bad faith, that it's probably already illegal in most countries if we look at the books hard enough. For that reason alone, I think we almost ought to thanking Microsoft for finally pressing the issue hard enough that we finally really have to deal with this festering cancer that the industry has been dripping onto everyone.
If Dell sells you an x86 box (or Apple sells you a tiny ARM box, or Sony sells you a Cell box) and doesn't include the master keys or doesn't let you manage what signed code is authorized and what isn't, that's
This has nothing to do with Microsoft specifically, except as an expansion of the whole XBox bullshit. (And by all means, burn Microsoft to an unrecognizable cinder for that.) Code-signing isn't evil; code-signing in defiance of the owner for purposes of limiting what a computer's owner is allowed to make a computer do, is what's evil. Go after the inexcusably deliberately crippled firmware (i.e. malware) which doesn't put the right party in charge of key management, not Windows. (There are so many reasons to hate Windows, but this is not one of them.)
As for the problems/inconveniences grub2 has with distributing and installing signed binaries, even when the user (the party GPL3 tries to protect) has ultimate authority, I'm sorry but that's a GPL3 problem. It can be handled, so don't panic over that. At worst we all go back to GPL2ed grub1, boo hoo. That one thing is no reason to kill the idea of code-signing.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Ballmer, not Jobs.
applications publishers and others are not always on board with security strategies
That's because for a lot of students and hobbyists, "security strategies" that require three figures USD a year to keep a certificate current are cost prohibitive. A lot of Authenticode CAs don't even sell certificates to individuals.
Oh, I thought is must have been Jobs, seeing as he is the one that destroyed Linux on the desktop/laptop.
Nerd rage is the funniest rage.
In my opinion W would be a discussion for somewhere like The Daily Show, or Colbert Report, and not /.
Uh, Linux geek since 1999.
"Doesnt Apple allready practice this? Where was the uproar and outrage then?"
Safely contained by the RDF.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Can you allow users to do stupid things and maintain security?
Just throw away their computers entirely. That way there's no way that their stupidity will ruin anything!
Filthy, filthy copyrapists!
I though for a moment that you beat me to my own post! Whew! Here's mine:
http://yro.slashdot.org/story/11/09/28/0145245/ACTA-To-Be-Signed-This-Weekend?utm_source=slashdot&utm_medium=facebook
With that story in mind, it would probably be pretty easy to classify a "jailbroken" mainboard as a "counterfeit". Yes, the pieces are indeed coming together, and I definitely do NOT like the picture that is taking shape!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
"Windows 8 competes with Windows 7 and they have to allow users to upgrade with an old PC. It would be stupid to implement an OS that requires a Secure Boot mode, because it would mean that mean that users would have to buy new hardware."
First off, you forget that secure boot requires the hardware and the OS to work together. You have to have the secure boot feature as an integral part of your motherboard. At the moment, I think there is not any such hardware. So here is the question... How do you get Win 8 secure boot to work on older (present) computers? Answer, you don't! The upgrade version of Win 8 will not have secure boot working. It's only future computers that would have a version of Win 8 with a working secure boot.
And so good news. More will start to assemble their own laptops. What's wrong with that?
The fact that I haven't been made aware of any sort of standardized design for laptop cases to accept interchangeable motherboards, unlike ATX on desktops.
Have you ever researched where Linux boxes come from? Where, and how did they originate? MOST that I've ever seen, were converted OEM machines. People switched, for one reason or another. I'm the only person I know in real life, who has actually shopped for, and purchased Linux compatible hardware. Aside from business machines, I just don't see Linux boxes that were purpose built. Dell, Compaq, and Gateway lead the list, if I recall correctly.
So, uefi would mean that Joe Sixpack, who wants to dabble with and learn about Linux can't do it without a signed kernel.
That is just so frigging lame. But, it's part of that hidden Microsoft tax that everyone denies the existence of!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Microsoft have a dominant position in the desktop operating system market.
Why is it Microsoft's responsibility to get keys other than its own installed?
It is, for the same reason MS was forced to offer some choice for the Internet browser in Europe, remember ?
Oh wait, because Microsoft is the big, bad guy?
Big guy: yes, again we are talking about dominant position and its consequences, which lead to more power and possible abuses, thus the bad guy. Don't you remember some MS abuses?
Here's a few points I noticed: [...]
Add to those points: the dominant position of Microsoft. It should help a lot to understand Garrett's answer
I'm sure the signed Windows 8 boot loader will be happy to load older, unsigned Microsoft OSes.
Who actually cares about those logos anyway?
http://slashdot.org/comments.pl?sid=2450388&cid=37539990
(mostly the first line there)
Honestly, I don't really expect the majority of hardware vendors to lock the end user out of the firmware, but consumer stuff is certainly the biggest thing to worry about here.
Nerd rage is the funniest rage.
To be fair this would be two jumpers, since you don't seem to understand how jumpers work.
A 3-pin jumper can be either placed on pins 1-2, placed on pins 2-3 or placed so it does not connect any pins at all. That gives 3 possible options.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
MicroSoft: Sure Mr. motherboard manufacturer, you can include our keys in your bios for $10. Charge the user $20. We make an extra ten; you make an extra ten; wink, wink.
The BIOS makers will be making "secureboot-ready" chips before Win8 is even released, because OEM's want to sell "Win8-ready" computers before Win8 is even released.
In addition, I am unaware of any current x86-based UEFI implementations that does not include a legacy BIOS module. There is absolutely no reason to believe that this wont continue to be the case except for the rambling of people that are worried about 'what ifs' that are motivated by nothing more than anti-microsoft-paranoia.
"His name was James Damore."
I tried Google build your own laptop, but I didn't find the "three instructions" you mentioned. The closest I found to "six appropriate components" was this tutorial mentioning a "barebook", a bundle of a motherboard, case, screen, keyboard, and trackpad. One problem with buying a barebook and matching parts, or with mail ordering any laptop for that matter, is that you don't get to try the screen, keyboard, and trackpad before you commit to buying it. But it's worse with barebooks because most brick-and-mortar stores that I've been in don't appear to sell barebooks and thus don't have any completed floor models on display.
Hell, it took literally years and a bunch of lawsuits to buy a whitebox PC without Microsoft getting paid for the OS even if you didn't want it and weren't going to use it
That is not true. As far back as 16-bit 286 systems run DOS I recall being able to go to the local clone shop and buy a system without Windows or a "Microsoft tax". And later when Windows came out I was able to buy a system with WIndows or Office. The situation you describe was only true if you were buying a Dell, HP, IBM, or some other major vendor. Alternative independent vendors existed.
In what alternate universe did the NES replace 8-bit micros?
Those who want to dual boot and want to pay as little for windows as possible without resorting to outright piracy (the big vendors get it cheaper than anyone else)?
Those who want a decent laptop (there are a few barebones laptops out there)?
Also don't just think of the immediate impact. Think of the impact a few years down the line. Afaict many people get their initial linux experiance with a box that started life as a windows desktop and is being repurposed.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Are you sure? I think people can boot non-Apple OSes on Macs. It's the converse that is not true.
If Microsoft had mandated that the manufacturers also provide a means for other operating systems to be bootable, even those without keys, when done under user control (UEFI option menus to import new keys, disable/delete keys, and even turn off key checking for specific devices and/or specific time frames), then perhaps we'd all be happy and even praising Microsoft. Instead, certain hackers will be motivated to figure out how to rootkit the UEFI code. Although they will enjoy wide community support to do that, once it is done, it creates a whole new danger. The risk of malware controlling the boot process will return. But this will happen under the guise of a false belief that Microsoft took steps to make computers running Windows be more secure. So basically, in the end, security will be no better, and technically worse because it is faux security, and all because of a decision by MIcrosoft to push their product under the guise of pushing security.
now we need to go OSS in diesel cars
Citation required. The razor-thin margin OEMs rely on their suppliers to be even more razor-thin, meaning: do just enough to sell that which only runs the 800-pound gorilla in the OS room, and nothing more, as they 1) can't really afford it and 2) can't afford to piss off Ballmer.
We are talking ever changing, low-level, damn near no-name component makers that do ten sketchy things every morning before the first coffee break.
No, what the previous poster is stating is that it only impacts manufacturers that do not offer an option to disable the setting. I do not see how this is a MS issue. Microsoft is trying to make the boot process more secure. The only way to do that is to have something like Secure UEFI validate that malware isn't hijacking the system before the OS loads. If your hardware manufacturer isn't giving you the option to disable the feature if you want, then you should take that up with them, not MS. There is absolutely nothing wrong with requiring that OEMs provide the hardware necessary to provide a secure system to end users, because honestly, the largest portion of users have no idea what a root kit is or why they need to be protected from it.
It isn't like you must have secure boot enabled to use Windows 8 and it isn't like they are requiring that manufacturers don't allow it to be turned off. MS isn't doing anything wrong. If a hardware vendor is too cheap to include a switch in the system configuration to turn off Secure UEFI, then don't use that manufacturer. It's that simple. We will never get to the point where we can't do what we want with our hardware because some manufacturer will always realize there is a killing to be made supporting those who want hardware they control. The only risk would be if it was to become a legal requirement, but I don't see that happening any time soon and certainly this has nothing to do with trying to make that happen.
AJ Henderson
What history? Apple has history of loving this kind of thing. MS has always been a major proponent of letting you do what you want with your hardware. (360 being a notable exception, but that is the game console market where that has always been the case on all manufacturers.) If MS really wanted to be as nefarious as you suggest, then why are they not requiring that manufacturers limit to only their key and not allow it to be turned off? They could have put whatever requirements they want for their logo program and arguably, preventing disabling it would give a very small increase in security. They didn't feel it was worth limiting choice to specify that though and it really isn't their place to require that the manufacturer make it so it can be disabled as that doesn't impact how their product supports the end user.
Microsoft simply wants to be able to protect the average Joe Schmo user from malware and root kits that really make a secure boot process a necessity to ensure security on unadministered desktops. They want OEMs to offer the highest level of security available to protect end users and require that the features be available in order to be able to say they fully support Windows 8. I fail to see anything nefarious in MS's actions as they stand, but feel free to point me to anything that you think doesn't work to protect end users in what they are actually requiring, not what they aren't requiring.
AJ Henderson
Your strident words earned you mods, but anyone sane reading this sees them for what they are - FUD. You would have to massively go out of your way to find an OEM that locks down their UEFI to a degree such that you couldn't install another OS.
I need a way to subvert this whole scheme so new machines I purchase would only have keys for OSS software, preventing Windows malware from booting. Now that would be worth pushing the H/W vendors for!
Why should I have to pay extra to be able to do what I want with the stuff I purchase?
Secure boot can use a hardware module, but can also do things using the network stack built into UEFI to fetch and verify keys pre-boot. A UEFI implementation on top of coreboot could implement a secureboot mode.
Seems every time a new Windows starts kicking around, Slashdot has to start seeking out FUD articles to post to try and stir people up. The one I remember the best was Gutmann's article on how Vista wouldn't let users record or play their own audio content in HD because of DRM. I read this particular peice not long after fiddling around with Cakewalk Sonar in Vista, and using it to mess with 24-bit, 192kHz audio. It was an article riddled with speculation and misinformation, yet it got posted here and quoted as truth many times.
Same shit here. People are digging for anything to make Windows 8 look bad, without regard to how truthful it is. They aren't trying to find legitimate criticisms, they are just spreading FUD.
I don't know. Did I sound like I was trying to justify anything?
Nerd rage is the funniest rage.
It's not only about MBR rootkits. It's about a chain of trust. If you trust your MBR, you can trust your kernel. It all goes from there to enhance security of the overall system, including any compromise created by Windows malware.
And people will be able to boot non-MS OS's on this new hardware. Article is FUD.
People adopted NES because of technical limitations of the old tape- and floppy-based home gaming computers. For example, loading on these platforms tended to be dog slow, especially prior to fast loaders for C64 and DiversiDOS for Apple II. And they adopted NES despite its inability to run homemade programs. Things like Family BASIC and Dezaemon (vertical shooter construction kit) were released only for Famicom in Japan, not for NES in other markets.
Yet...
Really? Because right now Microsoft is trying VERY hard to get people OFF Windows XP.
Which is practically equal. Ever been to Microsoft's site and seen the marketing phrase, "Look for Designed for Windows logo"? There isn't an OEM on the planet that would cut off their logo link given the monopoly MS has on the OS market.
And how do you know it isn't a requirement for Windows 8? Microsoft hasn't released it yet. We have no idea what will and won't be required until it is. We also have no idea it won't become a requirement in the future at the first big malware infestation that comes along.
Actually, I see this as an extension of WGA. Imagine if MS can revoke your key upon detection of any activity they deem "illegal". One flip of the switch and you don't have a brick, you have a cinder block. I am not in favor of any company having that power.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
On iOS devices, yes but Apple has used UEFI on Macs since 2006 but hasn't locked users out of installing another OS. The difference is that Apple makes money on the hardware and has no strong interest in keeping users tied to OS X to make money. The business model of MS has always been about keeping their customers from using other software.
Well, there's spam egg sausage and spam, that's not got much spam in it.
This is from the article itself:
"Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option."
From which they conclude:
"The end user is no longer in control of their PC."
So they admit that some hardware vendors are considering not offering the user the option to turn this off, then overextend that to conclude all users have lost control of their PC if they buy one with Windows 8 on it, which Microsoft is "misusing to gain tighter control over the market."
To be clear: Microsoft does not require that the user not be given the option to disable Secure Boot. The decision is up to the hardware vendor. These hardware vendors sell the same motherboards to a lot of places, some running Windows some running Linux. They have little incentive to remove a Secure Boot option.
Talk about making a big issue out of nothing. Find something else to get angry about people, like US law viewing corporations as people.
But MS isn't locking anyone out of installing other OS's that's just my point. They are only requiring that the feature be supported. They make no requirement of it not being able to be turned off and it wouldn't be their place to require that hardware be able to turn it off as that has no impact on the hardware's ability to run all the features of MS's product. And yes, I realize that Macs have had UEFI and not locked users out of installing other OS's but that was before they realized that there was money to be made in controlling how people consume media. In general, Apple is far less pro-consumer choice than MS is. Apple wants you to do things the Apple way or the highway. MS tries to meet consumers where ever and how ever they want and they either take flak for being unstable and insecure (because of supporting a wide range of hardware and trying to preserve compatibility.) or they get attacked for things like this (trying to fix the problems of insecurity that they get blasted for by the same people that are blasting them now.
AJ Henderson
First - Microsoft says "The OEMs have to ship with secure boot enabled, but we don't tell them they have to let the user disable secure boot - that is up to them". But think what would it mean if the user could not disable secure boot or add new keys for the OS of their choice? Who would benefit? Seems to me Microsoft would benefit greatly if the user were locked in to a Microsoft OS. They would benefit because their rival, Linux, would no longer be installable on a great many machines.
If the OEM allow the disabling of secure boot, Microsoft wins over Linux again -- " Why would you want to run that OS - It is not secure. We are. " To those who run Linux at home it might not be a big deal, but I would hate to be the guy explaining to his boss why they are using a less secure system when they had been attacked.
Will OEMs care about all our (Linux users) bluster - sure we can boycott any machine that locks secure boot, and has no provision for adding keys but how big is the Linux installed base compared to the Windows installed base. Why would an OEM add a few extra cents worth of parts to be able to cater to a small market segment? A few cents adds up over hundreds of thousands of motherboards built over the life of a design.
It's also to prevent pirated copies of Windows and the cracks that essentially do hijack the boot process to make that copy of Windows appear valid.
signature is pants
This has nothing to do with that at all. Windows 8 does not require secure UEFI. Hardware manufacturer permitting, someone could simply disable UEFI and Windows would not complain about it. MS' policy here has absolutely zero impact on pirated copies of windows.
Also, why would a pirated copy of Windows need to hijack the boot process to appear valid? Having a signed executable might cause issues for pirates because they couldn't simply alter executable without losing the signing, but that could be verified by other parts of Windows as well and as previously mentioned, the UEFI is not required to remain on by MS, but simply to be available as an option (and on by default since 99% of users will have no idea what it does and don't change defaults.)
AJ Henderson
In a limited way?
Most big businesses (including federal, dod, va, etc) have MANY Linux servers running everything in the server rooms. Maybe not as many on the desktops, but certainly Linux has a huge presence in the server room. Most places I work with and have worked with in the past, since Sun's demise...all have mostly Linux running....with some other *nixes...like HPUX, AIX...etc.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
What about Google/Amazon/cloud providers? I seem to remember that they buy quite a lot of computers. How are they going to cope with inability to boot non-Windows OS?
The concern is the OEMs like Dell, HP, etc
Don't you mean "OEMs like Dell. ..." *grin*
Are you planning to design and fab your own motherboard, as well?
I think you've failed to understand the issue here, it is that if OEMs want to have the 'designed for Windows 8' logo on their system - which if you are building your own system you won't be getting anyway - they have to enable secure boot by default. There is nothing to stop you from turning it off except the OEM, which if you built it yourself would be you.
Wait, you don't think it's fair that a person -- not unlike yourself -- who owns an assembly business, should be able to attempt to sell whatever they choose? You think someone else's private business should be forced to sell what you want to buy?
The problem is that it's not the manufacturers that *want* to do this. If so, they could have done more by now. They've done the bare minimum that MS demands. It is not in their interest to potentially restrict OS choice, and the anti-rootkit benefits are dubious (unless *maybe* if you lock down only to MS). The problem is measures like this have a large potential to be very anti-competitive, which may be a lost cause since being a convicted monopolist hasn't really slowed them down in the least.
Used to be, you could purchase a computer with no OS at all. Now, the law says that it's illegal to do so.
Show me this alleged law. I can tell you already that you cannot, because you can buy tower systems all day long without an OS from IBM, Dell, and HP. Generally complete Desktop and laptop vendors don't dare to sell bare-bones systems because of market forces and logistics.
Otherwise, Best Buy would be selling computers without OS's,
WTF are you smoking there? Best Buy won't touch *anything* that could possibly 'confuse' or 'intimidate' a random person off the street.
But you (the greater you) yelled and screamed about a decade ago, forcing Best Buy to only sell computers with an OS.
I do not recall *anyone* (apart from Microsoft themselves) begging any government to forbid bare bones systems...
XML is like violence. If it doesn't solve the problem, use more.
turn Secure Boot off?
Yeah you have that now... What will you have in a couple of years time?
The same thing, there was nothing to stop OEMs locking bootloaders before so why do it now?
Add a better bios. UEFI secure boot requirement can be one of two bios installed. The other default will be another bios for other than Microsoft future stuff.
The UEFI can checksum the alternate bios and if there is a trojan in the latter, could be arranged to provide a warning, or take other action.
Leslie Satenstein Montreal Quebec Canada
Apple is far less pro-consumer choice than MS is. Apple wants you to do things the Apple way or the highway.
Please explain how Apple has down so with Macs. They have restricted access for iOS devices.
MS tries to meet consumers where ever and how ever they want and they either take flak for being unstable and insecure (because of supporting a wide range of hardware and trying to preserve compatibility.) or they get attacked for things like this (trying to fix the problems of insecurity that they get blasted for by the same people that are blasting them now.
Do you have a short memory of the 90s? Their anti-trust actions are well documented and few of them were for the benefit of consumers. MS is not in it for consumers; like all corporations (including Apple), they are in it to make money off consumers. The modus operandi of MS has been vendor lock-in for many years. The difference has been that in the 00s, MS has sucked at selling to consumers compared to Apple.
MS has to take security more seriously because they have been horrible at it. I don't mind MS pushing for secure boot to be available on new machines; I take issue with them requiring to be turned on by default and the implications that OEM machines will not be able to install another OS.
Well, there's spam egg sausage and spam, that's not got much spam in it.
I sure it doesn't matter anyway, because the age of the PC is over, and we're all going to be using tablets, right? Right??
Karma: Poor (Mostly affected by lame karma-joke sigs)
In general, Apple's design philosophy is that there is one way to do many things. OSX was actually a pretty large improvement from the past, but still starts to fall apart very rapidly when you give the consumer choice in hardware for example. Most of their advantages over the years were specifically due to how much control they exercised over the entire way their systems were built and used.
I didn't forget the 90s and MS's efforts to give manufacturers incentives to only sell Windows machines, but that isn't anti-consumer choice, it is anti-competitive by trying to block competition from OEMs. If you wanted to install something after getting your Windows machine, they never tried to stop you and their design philosophy has always been to try to give as much flexibility as possible in how their products are used. Yes, what they did in the 90s was monopolistic and wrong, but it wasn't anti-consumer in the same was or even a related way to what trying to prevent people from installing another OS would be.
"I don't mind MS pushing for secure boot to be available on new machines; I take issue with them requiring to be turned on by default and the implications that OEM machines will not be able to install another OS."
This is the core statement I take the most issue with in your response. You fail to estimate the power of the default. It is a hard lesson MS learned with Clippy. Something like 95 to 99% of users never change settings from the default. Is your grandmother going to understand how/why she should turn on secure boot? Is she even going to have a clue what it is? Is she going to understand what a root kit is or how it could compromise her privacy and lead to identity theft? The answer to all of these question is almost certainly no and is very much a resounding no in the vast majority of the population.
I've run Windows on my computers for over 20 years. In that time, I have had a grand total of 1 virus ever and that was on my system for a grand total of about 3 minutes. (They got me when the very first wave of popups that looked like dialogs came about and as soon as I saw the hotzone lines when I clicked, I pulled my network cable and removed the malware.) Windows isn't insecure because of being particularly better or worse than other OSes (at least not since the days of Win2K), Windows has been insecure because of the people using it. MS has an impossible job of trying to be the great IT admin in the sky for hundreds of millions of clueless computer users.
The option many manufacturers would take is to simply lock down a device and throw away the key, thus preventing a user from hurting themselves. Some, like Android, leave fairly easy to break back doors that knowledgeable users can find and exploit to get access, but it still is not in the interest of user freedom, but user security. MS thankfully continues to take the stand that users should own their hardware and be able to use it their way, but they can't ignore their responsibility to the more clueless of their customers. It really is their responsibility to ensure that OEMs turn the feature on by default and assume that those who want access to their system will either self-build or be sure to use an OEM that provides access to control what can securely boot. We shouldn't be condemning MS for it but thanking them for working to make a more secure computing industry while leaving things open for those of us who do know how to handle our own security.
As for the "implication" that OEM machines will not be able to install another OS. I think that is bullshit. Yes, some OEMs might not bother to implement the feature in their pre-boot environment if they are too cheap to bother, but there is no real reason for them not to and I don't seriously believe that the majority would not put the option in the pre-boot environment. And once again, even if some do not, that has nothing to do with MS and everything to do with the OEM unless you can show me some evidence that MS is asking the OEM to lock it down. If you can show me evidence of that, then yes, I would be 100% in agreement with you, but I see nothing to indicate that is the case here.
AJ Henderson
"Default" unfortunately is how MS attempted many of the vendor lock-in tactics they have used. At this point I believe we all should be concerned about this but not neccesarily panicked over it. And this should apply to everyone. If Apple tried this with OS X 8, we should fight it as well.
Well, there's spam egg sausage and spam, that's not got much spam in it.
I would agree it is something to be watched and if OEMs start to universally stop giving the option the change, I will be with you that the trend needs to change. It really is a damned if you do, damned if you don't situation. The only reason I don't see it as an issue is I can not believe that OEMs would universally decide not to give the option of changing the setting. Supposedly some have announced that they do plan to allow it to be turned off, but I have not seen anything firm on which ones those were. If it is a minority of OEMs or select systems, I still wouldn't be worried as long as it is clearly marked and doesn't trend towards complete or even majority lockout. I guess the best way to put it is I will watch with great interest, but feel that it is too early to be concerned or to view it as something that needs to be protested. If intentions are true, this will be arguably the greatest step forward in security in the technology sector in the history of the industry. If intentions are not true, it could be the most destructive. Only time will tell.
AJ Henderson
A total lack of standards on the laptop building topic aside, this would make all computers bundled with Windows totally useless. Fine! That will push even MORE users over to building their own computers, something which will always be cheaper anyway.
Promote true freedom - support standards and interoperability.
When making your complaint, rather than sounding like a moron ("I hate M$ cos they suck balls"), try referring to possible non-compliance with the instrument that is within the ACCC's mandate to enforce. Here are some notes from my 15 minute foray into the Act.
Competition and Consumer Act 2010
Unconscionable conduct (general protections, volume 3, chapeter 2, part 2-2, section 21)
Microsoft's past anticompetitive practices serve as a valid evidence for the requirement of subsection 4(a).
Mirosoft is indirectly coercing the purchase of Windows 8 computers due to the possibility of lack of availability of an alternative by pressuring the OEM and hardware vendors (specific protections, chapter 3, part 3-1, division 5, section 50, subsection 1(a))
Threat of tampering as a result of accusations by Microsoft of conduct untoward them (remote activation of a disabling mechanism) in violation of specific protections under volume 3, chapter 3, part 3-2, division 1, subdivision A, section 52.
I have news for you, but the NES wasn't the first gaming machine that used cartridges. It never replaced the 8-bit micros. The cartridge based gaming systems (Atari 2600, collecovision, etc) were actually around before the 8-bit micros, and long before the NES.
Then why did the 16-bit and 32-bit personal computers that became popular starting in the mid-1980s tend to be completely incompatible with consumer-priced large screen monitors, which at the time meant SDTVs?
What does monitor compatibility have to do with our discussion?
But to answer your question, even the higher end 8-bit micros weren't compatible with the TVs, but that is because TVs (SDTVs that is) had terrible resolution, giving at best 40x25 (320x200) with very low color depths. Only the low end of the computing market at the time used TVs as their monitors, and that was done as a cost saving measure, not a technical prowess feature. Even Apple didn't use TVs as their monitors, nor did the IBM PC. Only the Atari 400/800, and the C64 did.
TVs (SDTVs that is) had terrible resolution, giving at best 40x25 (320x200)
When displaying lots of text. I guess one problem is that people thought displaying lots of text was the only thing a computer could do.
Only the low end of the computing market at the time used TVs as their monitors, and that was done as a cost saving measure, not a technical prowess feature.
Then I guess making presentations on a monitor large enough for everyone in the room to see wasn't considered a valid use back then. How exactly did tools such as PowerPoint take off?
Even Apple didn't use TVs as their monitors
The Macintosh didn't have TV output, but the Apple IIGS had both 240p-class RGB output (for its dedicated monitor) and SDTV output (for TVs and Apple IIe composite monitors).
Take for example the Atari ST which could do 640x480 resolution with 64k colors, which simply wasn't possible on a TV.
I'll grant you the "640 wide" part isn't possible in a composite signal; luma in NTSC is filtered down to about 320 pixels' worth of bandwidth. But if the "480 tall" part isn't possible, then why do they call SDTV "480i"?