Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Windows 8 Plot To Lock Out Linux

Posted by samzenpus on from the playing-nice dept.

First time accepted submitter Bucky24 writes "ZDNet's Ed Bott decided to contact major PC makers to find out the truth about Windows 8 SecureBoot. The responses are encouraging for those of us who run third party operating systems. Dell plans to have a BIOS switch to allow SecureBoot to be disabled, and HP assures us that they will allow consumers to make their own choice as to what operating system to run, though they have not given details as to how."

21 of 548 comments (clear)

  1. At first at least. by Anonymous Coward · · Score: 2, Insightful

    1. Embrace.

    1. Re:At first at least. by dingfelder · · Score: 3, Insightful

      until they patch it

  2. Wow, quite the article... by fuzzyfuzzyfungus · · Score: 4, Insightful

    While nice, if true, to hear that OEMs will be doing (part of) what people would like to see(specifically, having an option to disable 'secure boot' is better than nothing; but what you really want is the option to do a keyfill with trusted keys of your choice: signed boot components make good sense, it's just not being able to choose who is trusted to sign them that is an issue); this article could hardly be any smarmier or less informative.

    "In response to the FUD campaign of the freetards, I asked some PR people. Dell said 'yes', HP emitted word salad, AMI said that they would do whatever their customers felt like. Case Solved!" If it weren't for the smirking invective, the whole thing could have been boiled down to a single paragraph(or, heaven forfend, bulked out with technical information...)

    1. Re:Wow, quite the article... by hedwards · · Score: 4, Insightful

      At that point, you might as well ditch it completely and just have a special boot chip that can be made writable via jumper and most of the time set to read only.
      It would solve the problem without the need for such a scary possibility as the vendor being able to lock you out of your OS of choice.

    2. Re:Wow, quite the article... by fuzzyfuzzyfungus · · Score: 5, Insightful

      As best I can tell, EFI was what happened when somebody looked upon the BIOS, saw that it sucked compared to the OS, and decided that(rather than building a new firmware aimed at getting into the OS as simply and quickly as possible) they would build a BIOS large enough to possess every vice of an operating system and leave implementation to the capable hands of the PC OEMs, whose dedication to software quality is legendar...

    3. Re:Wow, quite the article... by Microlith · · Score: 2, Insightful

      The primary benefits come in when you're a major system buyer needing to administer many machines, possibly before the OS comes up. But it's better than the BIOS as a whole due to not being limited to the 16-bit modes of the CPU, instead switching rapidly into the 64-bit environment immediately, far easier to develop option ROMs for, and if set up properly, and with properly written option roms (a.k.a. drivers) can boot much faster.

      Of course, all of this could have been had with OpenFirmware but Intel decided they were too good for that.

  3. Load your own keys? by tchuladdiass · · Score: 4, Insightful

    I want to leave secure boot enabled, but put me in charge of the keys. That is, I want to load my own public keys into the system (through a secure channel, such as a bios screen or flipping a physical switch, for example).

  4. No *Plot* to Lock Out Linux by Anonymous Coward · · Score: 0, Insightful

    ... but if it turns out that way, oops, our bad. (Not really) Sorry about that.

    Just the new modern version of the old mafia line...

    "That's a really nice libre operating system you've got there. Be a shame if you couldn't install it on any new PCs you buy. A real shame."

  5. I doubt that Microsoft would try this by MrKevvy · · Score: 4, Insightful

    They were successfully sued (albeit more of a slap on the wrist) for antitrust violations simply for bundling a browser with an operating system.

    Colluding with hardware manufacturers to actually lock out rival operating systems making them an enforced monopoly is several orders of magnitude more severe. Why would they risk that when other operating systems have such a tiny market share anyways? The possible penalties are not worth it for a small increase.

    --
    -- Insert witty one-liner here. --
    1. Re:I doubt that Microsoft would try this by walterbyrd · · Score: 4, Insightful

      MS would just say that the hw makers decided to do it. Besides, MS never gets more than a slap on the wrist.

      Why would MS do this? The same reasons that MS funded the scox-scam, and bribed officials in the OOXML scam.

  6. No, that's not a solution by liquidweaver · · Score: 3, Insightful

    Disabling secure boot is not a solution - it's crippling the security, needlessly. I'd love to hear my Dell rep explain to me on my next round of server purchases that I cannot use a fantastic feature to protect the security of my linux servers because they were too lazy/corrupt to enable me to use my own platform key. I will buy from the vendor who allows my to set the PK, and will not from those who refuse. Period.

    --
    mov ah, 4ch
    int 21h
  7. Re:Ed Bott by hedwards · · Score: 4, Insightful

    He's probably technically correct that it isn't a plot to lock out Linux. In practice though, I'd be surprised if it didn't end up like ACPI early on, where MS' implementation was the only one that many vendors bothered with, opting not to fix bugs that MS had a workaround for.

  8. Duh by bigstrat2003 · · Score: 2, Insightful

    There's never been any real reason to believe that locking down of this feature would happen, apart from FUD. This whole thing is a tempest in a teapot, and it's frankly sad to see how many members of the community are willing to believe that "on by default" necessarily means "unable to turn off".

    --
    "16MB (fuck off, MiB fascists)" - The Mighty Buzzard
    1. Re:Duh by Sasayaki · · Score: 5, Insightful

      For now.

      Features like this tend to creep their way in slowly.

      - It's something you can turn on.
      - It's on by default, but you can turn it off easily.
      - It's on by default and you need a CS degree to turn it off.
      - It can only be turned off by hacking your system.
      - It can only be turned off by hacking your system, and this is illegal to do.

      --
      Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
    2. Re:Duh by betterunixthanunix · · Score: 2, Insightful

      There's never been any real reason to believe that locking down of this feature would happen, apart from FUD

      Yeah, because we never saw a company try to pull something like that...

      http://en.wikipedia.org/wiki/Xbox
      http://en.wikipedia.org/wiki/Playstation_3
      http://en.wikipedia.org/wiki/Nintendo_wii

      Let us not forget that media consumption is widely considered to be a strategic area for personal computer vendors to move into. We are going to be seeing more and more entertainment moving to PCs, and hardware and software makers can make their systems more competitive in the entertainment marketplace by locking down their products. Remember how the CSS keys were obtained? That is the sort of thing that movie studios want to prevent people from doing in the future, and that means that they are going to fight to ensure that people do not control their own computers.

      Just you wait. It won't be the first generation of UEFI systems, it will be a subsequent generation; the feature will be quietly slipped into consumer systems. Companies will advertise to consumers how their systems support some new video distribution system or format, and most people will never even question the loss of control (or notice it). The free software community will be forced to buy high-end workstations or systems from lesser known PC makers, and will be left out of the loop on new media formats as we already are with mainstream gaming.

      --
      Palm trees and 8
  9. Re:Ed Bott by syousef · · Score: 1, Insightful

    His hobbies are trolling and shilling for Microsoft.

    It's not a hobby if you make your living that way.

    --
    These posts express my own personal views, not those of my employer
  10. No. Its worse than it looks. by unity100 · · Score: 2, Insightful

    If it was something that was really locking linux out in an apparent fashion, matter could be taken into courts.

    But now customer is not prevented from doing it - but, this time will need to be able to get into bios, turn it off, and only after that install linux.

    as you can readily agree, vast majority of computer users would not even know what 'bios' was. so, if a non-tech person from idaho was recommended linux, and got ahold of a cd and attempted to install it ............ go figure.

    This situation will make it slower for linux proliferation in mainstream, due to the tech aptitude threshold. And conveniently too - you cant argue against it because if someone knows what a bios is and what is the setting for allowing other oses, s/he can do it. if not, s/he can not. so convenient.

    --
    Read radical news here
  11. Re:Not really that surprising by betterunixthanunix · · Score: 5, Insightful

    even normal people will look for "just in case" they want to try out this Linux thing or whatever

    The last time I dealt with a "normal person" buying a computer, the conversation went like this:

    Me: "...this has 2 gigabytes of ram, which should last you a few years."
    Her: "It's so ugly! What about that one, that one looks prettier!"
    Me: "That one has a lower end processor and less memory. Are you sure you want something that is less capable?"
    Her: "Look they are letting me pick the color!"

    Non-technical people are just that: non-technical. Computer makers and especially Apple know exactly how to take advantage of such people, which is what "secure boot" is all about. This is about ensuring that customers can be locked into DRM-laden platforms, plain and simple. Dell will probably have the option described in TFA...in their high end workstations, that are prohibitively priced, with the option disabled for "consumer" systems. My guess is that this will not happen in the first generation of systems with "secure boot," but more likely in the second or third generation, when more "strategic" platforms are deployed out of the box for which DRM is a key part of the control.

    --
    Palm trees and 8
  12. Unacceptably thin concession by mysidia · · Score: 1, Insightful

    Dell plans to have a BIOS switch to allow SecureBoot to be disabled,

    Can you please remind me again... what percentage of the average user population knows how to change a BIOS switch?

    Currently they can just pop in their knoppix CD or try Ubuntu with a Live CD; No expertise regarding BIOS settings required (normally).

    What we have here is an anti-competitive practice being endorsed by Microsoft in the form of a logo validating "Secure" boot.

    This is a low blow, and a shoddy attempt to ward away other OSes, and prevent you from booting your computer to whatever application or OS you want to boot it into.

  13. self-described by PopeRatzo · · Score: 3, Insightful

    From the comments at the ZD story:

    Protecting 99% of users is more important than catering to the whims of a whiny 1%.

    Where have we heard that before?

    Can you believe Microsoft is using the language of Occupy Wall Street to try to position itself as the "masses" fighting the "whiny 1%" of people who prefer OSS?

    ZDNet, Ed Bott, and some Microsoft executives all need to burn in hell.

    --
    You are welcome on my lawn.
  14. Re:Careful there... by Rogerborg · · Score: 4, Insightful

    Uh... it's not ad hominem to point out that the listed "experts" have a track record of being wrong, wrong and wrong again, and have been repeatedly caught with their hands in Microsoft's pockets.

    Groklaw (under Pamela Jones) has called things correctly far more often than not.

    Full Disclosure: On a personal note, I detest that whiny martyr PJ and her horde of White Knight sycophants, but I do have admit that it's hard to find examples of her getting things wrong.

    --
    If you were blocking sigs, you wouldn't have to read this.