Slashdot Mirror
Will Secure Boot Cripple Linux Compatibility?
MojoMax writes "The advent of Windows 8 is drawing ever nearer and recently we have learned that ARM devices installed with Windows 8 will not be able to disable the UEFI secure boot feature that many of us are deeply concerned about. However, UEFI is still a very real danger to Linux and the freedom to use whichever OS you chose. Regardless of information for OEMs to enable customers to install their own keys, such as that published by the Linux Foundation, there are still very serious and as yet unresolved issues with using secure boot and Linux. These issues are best summarized quoting Matthew Garrett: 'Signing the kernel isn't enough. Signed Linux kernels must refuse to load any unsigned kernel modules. Virtualbox on Linux? Dead. Nvidia binary driver on Linux? Dead. All out of tree kernel modules? Utterly, utterly dead. Building an updated driver locally? Not going to happen. That's going to make some people fairly unhappy.'"
Would someone interested in Linux on these particular tablets be able to order one from a vendor with Linux (or no operating system) pre-installed? I couldn't find information on whether or not OEMs are restricted from selling pre-installed Linux versions of the tablet. The SoftwareFreedom website says "any ARM device that ships with Windows 8 will never run another operating system, unless it is signed with a preloaded key or a security exploit is found that enables users to circumvent secure boot." The phrase there is "ships with Windows 8," which suggests to me that Custom Boot-enabled versions could ship without Windows. Admittedly, I have a hard time seeing it as a freedom issue, as these are just tech gadgets at the end of the day. I'd rather it was framed as an inconvenience argument, not a freedom one.
Don't purchase any of these ARM powered devices which run Windows 8.
When Wikipedia's blackout is over, look up timezones.
Ummm. It was posted at 6:14 PM EST.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
It Will.
When the incompatible hardware doesn't sell, the OEMs will hear you loud and clear.
Up, Up, Down, Down, Left, Right, Left, Right, B, A, START
It seems to me this only affects a subset of devices that don't even yet exist. If what you want to do is run linux with virtual box and other assorted unsigned kernel modules then why would you be buying a 'Designed for Windows 8' ARM device? You wouldn't, just like you wouldn't buy an iPad to do those things. You would buy an x86 device, or an Android device, or an ARM device that is not 'Designed for Windows 8'.
Just an uniformed question, but wouldn’t the OS varies allow unsigned loading of binaries but prompt the user or inform them in some way? This is how it is handled for most systems in which you are developing new drivers. By default only trusted sources are loaded but if you want to enable other signed binaries the user has to specifically allow it, what is wrong with this approach?
Yep... for slashdot to choose 6 PM EST shows their true colors. They really don't give a damn about SOPA/PIPA. The west coast hasn't even come home from work yet.... Weak.
Simple as that !! I don't want to see any "ooooh, but windows comes on everything good" crap !! Don't buy those !!
The solution (yeah, as if that will ever happen) is to boycott any and all devices that come with Windows 8 pre-installed, including x86 systems. Microsoft has to be made to understand that they are NOT the only shark in the water.
Sometimes, real fast is almost as good as real-time.
There's a chance, however slight, that this will lead a bigger push for keeping modules in the kernel tree.
Everything that reduces the necessity to dumb down Linux (see Unity) for end users (who do not care if they use Linux or Windows) is applauded by me.
I don't care what runs the ssh client to connect to my Linux servers.
Consider this, demand for second-hand devices of this sort is going to be VERY weak. I'd not buy one myself.
Or look at google's cached page now:
http://webcache.googleusercontent.com/search?q=cache:D9ELHvdpvqcJ:en.wikipedia.org/wiki/Time_zone
Oh fuck off.
...supplying open source hardware.
Just wait until Windows 8 and Apple IOS suffer their first major hack. The resulting panic will be unbelievable.
How's it going, GreatBunzinni!
Right now, the ARM architecture equates to tablets and phones for many, maybe most people.
However, a number of companies (Qualcomm, NVIDIA, and others) have announced that they are developing ARM processors to challenge Intel in laptops and desktop systems. Probably they are going with ARM because Intel is being somewhat uncooperative (and maybe anticompetitive) by not letting them have licenses that would allow them to produce x86 compatible systems.
For these companies, having Windows on their ARM systems is vital. However, we shouldn't be short-sighted - restricting the ability for ARM systems to boot anything but Windows will (in the long run) benefit Intel, AMD, Via, etc. as much as it will benefit Microsoft by restricting which operating systems the upcoming ARM based systems can boot. They will either run Windows or they will run everything else, depending on the boot ROM in the system. Guess which most will chose.
Nice non sequitur.
Check your premises.
Unfortunately, most complete hardware systems tend to come paired with software (i.e. the OS). The only people who get to choose their OS are people who build their own PCs. If this becomes too common, the only way will be if it's possible to build your own (much as people do with x86 PCs today). Of course, that still sucks for anyone who wants a mobile device, or who has old (eventually) equipment, doesn't want to build them selves, etc.
Excuse for why is your room always messy?
I see you remembered to check the "post anonymously" option this time GreatBunzinni!
How's that going?
Don't buy a product that won't do what you want it to and call it a boycott. And it can all be accomplished without leaving the couch.
Nobody cares about the west coast.
So we are now seeing top-down control of executable computer code.
The last remnants of user-programmable computing have been swept away forever. Fear will keep the local systems in line... Fear of key revokation!
:(
Isn't Microsoft treading on thin waters with a monopoly?
Or just turn off/Noscript javascript.
The sad thing is, as a US citizen, I'd like to see Microsoft succeed. The US has so few industries left that bring money into the country that we can ill afford to lose many more.
But they just keep insisting on doing stupid shit like this that absolutely needs to be slapped down (though, given the relative amount of money the MS lobby and the Linux lobby [1] contribute to congress, and the lessons MS learned the last time around, I have doubts that it will happen...)
[1] I know. It made the point, though, didn't it.
Check your premises.
You are comparing Apples(tm) and Windows(tm). What OS does Apple sell? What computer models does Microsoft sell? See the difference?
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
knoppix and other testing / recovery tools also need secure boot.
Does networking booting work with secure boot?
Ghost?
Hard Drive Diagnostics tools (self booting ones)
Dell Diagnostics tools (self booting ones)?
Acronis True Image
clonezilla?
Memtest86+ (better and more to the hardware then the windows memory test tool)
There is alot of stuff some still dos based that is need out side of windows.
Why can't you? You have the source code, and there are 8 bit versions of it for microcontrollers already, that don't have or need a VMM. Yes, it is requires a Herculian effort to do so, but you can, which is the whole point here.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
You buy a screwdriver and use the handle to pound in nails when they stop making hammers because Microsoft uses their monopoly to drive hammer makers out of the market.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Besides, bonch friend. Bonch special friend. Bonch writes about Hollywood Paymasters not willing to pay Obama and the Democrats anymore. This is good.
Don't feel bad bonch, I got accused of shilling for saying IE is shit. I still haven't figured out how saying something is shit is a positive endorsement for it, maybe its rapper lingo or something, hell if I know.
As for TFA watch how quickly i get modded down by FOSS zealots and their giant perceptual bubble, ready? Hey FOSSies, its just MSFT copying Apple again, so quit getting your panties in a wad, okay? you can't put anything on an iPad but iOS and this is THE EXACT SAME DEAL. There will be NO CHANGE when it comes to X86, in fact part of the "designed for Windows 8" specs state that they MUST allow the secure boot to be disabled, the only place its different is the ARM chips which as many have pointed out will probably be heavily subsidized by MSFT who don't want "Hey turn that $299 Windows 8 tablet into a $500 Android tablet!" posts all over the net 3 weeks after it comes out.
And I know this will piss you off, get ready for it....DON'T BUY IT...is that REALLY so hard? why the hell is it any business of yours what MSFT does with chips they contracted out for, or with OEMs they are paying to build their designs? it isn't like you don't have more choices than EVER before, you've got Apple, Google, RIM,, there is X86/64, ARM,MIPS, hell you got choices coming out your asses, so WTF are you bitching for? Vote with your wallet okay? But just because YOU don't like doesn't mean you get to tell ME or anyone else what device we should buy or what features it should have. If I was gonna buy one of these things, which I'm not BTW, I wanna try one of those $70 Android Indian pads the net has been buzzing about, but if I did and was actually gonna use this for real work I'd WANT it locked down, because if its one thing we've seen its that these things are giant targets for the malware guys! look at Android it seems like every other day we are reading of some exploit.
But in the end you have not a damned thing to bitch about in mobile. Android is switching between first and second place constantly, there are a bazillion different hacked droid ROMs out there you can play with, life is good man so why get your panties in a wad for a device you would NEVER buy in a million years anyway? And if you are buying Windows devices to get the trialware price breaks and then loading Linux YOU are a damned hypocrite and part of the problem, as there are many guys like System76 busting their asses trying to support you and if you don't buy from them and support Linux then you're just being assholes and have NO right to complain about the numbers showing Windows share being so high because you are part of those numbers!
But now you have no excuses, you can buy damned near any device you want running Linux, so vote with your wallet and let everyone else vote with theirs, okay? if the world likes what you have it'll win, if not then that simply means you aren't listening to the people and giving them what they want, simple as that. But bitching about Win 8 ARM not letting you boot Linux when most of you wouldn't piss on a Win 8 anything is just bitching for the sake of being a bitch and more than a little pointless, okay? Nobody is taking anything "away" from you if you would have never bought it in the first place, and ARM chips are about as different from x86 as night is to day, with ARM everything is custom chips whereas x86 will run any old thing. If you want freedom? you've got the droid, have fun, I'll be joining you when those $70 Droid tablets hit just for shits and giggles. But when MSFT is paying for a device let them design it however they wish.
ACs don't waste your time replying, your posts are never seen by me.
There will be a "jailbreak" or somesuch available for these within a matter of hours from when they hit the street.
is why isn't anyone up in arms that Microsoft is going to heavily subsidize Windows 8 Tablet & phone sales. Isn't that an Anti-Trust violation? I'm pretty sure Walmart did the same thing with cosmetics and got in all sorts of trouble...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I was all set to build my next gaming rig around Nvidia's rumored ARM chips - after being locked out from making Intel compatible chipsets, rumor had it they first considered building an x86 processor in house, then decided to build an ARM chip because they could be more awesome.
Well, shit, what now?
Buy an AMD/ATI box? maybe, but Bulldozer kinda sucks.
Hope Intel can pull their head out of their ass regarding graphics? Not holding my breath.
Nvidia's ARM on Nvidia chipset? Actually, that sounds kinda exciting.
but hey, GUESS WHAT?!
Thanks, Micro$oft.
Of course Microsoft didn't want linux on the Xbox or Xbox360 but that hasn't stopped it from happening. History teaches us that if linux hackers want linux on something and it's possible then it will eventually be done.
As I understand it this is about what the firmware loads having to be signed. It then trusts that program to do the right thing and apply tests to ensure that other operating systems or modues are correctly signed before loading them. Ie a chain of trust.
How long do you think it will be before a signed version of GRUB (that will happily load anything) appears on an FTP site somewhere ? Either by someone cracking the signing key, or someone working late at night at an office somewhere where they have the ability to generate signed binaries and doing a bit of unrecorded extra work. There is a good chance that whoever does it will not be caught ... just pass the binary down a chain of contacts the last of which puts it up somewhere.
Revoking a key will take a lot of work, it might not be possible to do on kit that is already out in the field. They might make using this signed GRUB illegal, but on what gounds ? They would need new laws.
What man can do - man can break.
I got accused of shilling
So did bonch.
Organized Trolling Campaign crap flood: This "shill" crap that has been flying around lately has to stop.
bonch: The "shill" accusations flying around on Slashdot lately are getting out of control.
Overly Critical Guy: This isn't bonch
Overly Critical Guy: This is not bonch.... Signed, NOT bonch
"NOT bonch"? Ha ha. BUSTED!
bonch: Seamless experiences win out in the long term. We saw this when gaming moved from PCs to consoles in the 2000s, and it's happening now in the transition to the post-PC era.
Overly Critical Guy: Seamless experiences always win out over time. We saw it when gaming shifted from PCs to consoles, and now the industry is shifting from desktops to mobile devices.
Overly Critical Guy: Android phones used to look like this [imgur.com]
bonch: Android used to look like this [imgur.com]
Overly Critical Guy: The keyboard looks exactly like Apple's flat keyboard, and the trackpad is the Magic Trackpad that Apple started offering a year or so ago
bonch: The keyboard looks just like Apple's flat keyboard introduced a few years ago, the trackpad is a clone of the Apple Trackpad.
bonch: A Slashdot employee recently told me that my comments generate more moderations than any he's ever seen.
(yes, that is what happens when you mod your own posts up from multiple accounts then everyone else mods them down)
Give the guy a break.
He already sold his soul, that silver is all he has left to live on.
I've been known to piss on requirements in specifications from time to time because they subvert my interests or they have effects I believe to be more harmful than helpful.
All secure boot does is give the computer some assurance whatever it is handing off control to can be trusted.
There is no technical way for UEFI or anything else to enforce signed drivers in the form of modules loaded dynamically at runtime. If the kernel is blessed by the computer these "requirements" are simply empty words on a page that can and will be ignored with impunity.
Yup, we should just STFU and let the two biggest companies in consumer computing shut down all but each other as options in the market.
But none of how that works is defined, so chances are each vendor will have a different way of doing it and when that happens, the likelihood of automating the process goes way down (if it was ever possible) and the barriers to entry go way, way up.
Of course not. They want to undercut Android and drive it out of the market. Prices will probably jump back up (but the security won't be relaxed) if they succeed.
If Microsoft succeeds in their obvious goal of eliminating all other choices aside from Apple, nope, it won't be. Because there will be no choice.
Because a company with a powerful monopoly known for acting in anti-competitive manners is establishing requirements that make it extremely difficult, and in some cases impossible, for alternative software platforms to be used on these devices.
Sure, sure. I would too. But that's not what this hardware is being set up for. It's designed to keep a lid on you just as much as anything else.
Well I won't knowing that it's been deliberately crippled. I do buy "designed for windows N" hardware now because until this point it didn't guarantee that I would be locked out or forced to perform contortions to put whatever OS I wanted on it.
They make nice large laptops, no tablets or cellphones. But yeah, I can't wait until my choice in hardware is reduced to a tiny handful of companies because Microsoft has manipulated the rest of it into being exclusive to them. That's fucked up and BROKEN.
Gimme a fucking break. I'd buy a Windows 8 device... if it would let me do as I wished up to and including replacing Windows 8. But now I know that since I can't, no I won't. And I'll bitch that choices are being deliberately limited by an anti-competitive monopolist. To ignore the moves being made here is foolish in the extreme.
FIGHT HARD, O WHITE KNIGHT! MICROSOFT SHALL SURELY REWARD YE IN THE END!
I'm really confused by Matthew Garrett's assertion that secure boot creates problems for virtualbox, OS device drivers, and other kernel modules. UEFI secure boot only applies to UEFI executables (basically UEFI device drivers and bootloaders). Only the bootloader hands off control to the OS, UEFI secure boot's job is done. It's up to the OS bootloader to decide if it wants to check a signature on the OS. And from there, its up to the OS to decide if it wants to verify signature on other kernel modules, including drivers. If the Linux folks aren't worried about malicious device drivers acting as rootkits, they don't need to verify device drivers. It's just that simple.
And maybe if Matthew and the FOSS community are that concerned about standardized key formats for UEFI they should actually join the UEFI Forum. Red Hat and Canonical have certainly been invited to the table, but they instead choose to criticize from the outside rather than be part of the solution. Microsoft has gone out of their way to try to placate the FOSS folks here, at least on x86 (I agree that the situation on ARM is a bit different). MS will sign other bootloaders, if someone will submit one, allowing Linux folks to take partial advantage of UEFI secure boot. MS is requiring user-configurable trust anchors on x86, which is exactly what Red Hat and Canonical asked for.
I really don't understand Matthew here. He got what he wanted on x86. I can understand him not being happy with the requirements for ARM systems, but he should be ecstatic with Microsoft's new draft requirements for x86 systems.
That's the begining of the implementation of that "Right to Read" stuff. We tought it was averted at the 90's, but it was just delayed.
One thing is certain, if this thing goes forward (what is not granted yet) the organization (company, country, whatever) that somehow avoids Microsoft will have a huge competitive edge.
Rethinking email
Yep, that's true. Any bootloader, including bootloaders on boot CD/DVDs, will need to be signed when UEFI secure boot is enabled. You'll probably need to disable UEFI secure boot when using old add-in cards, like discrete video cards, too. At least, I think you''ll have to if you want to be able to be able to use your monitor in the preboot environment.
That actually raises an interesting question though... If you have a motherboard with UEFI secure boot enabled by default, and you try to use an old video card that doesn't have a signed UEFI device driver, how would you even go into the BIOS settings to turn off secure boot?
SOPA PIPA, the "return" of public-domain artefacts to the status of "intellectual property", "secure" boot.
My .sig is no joke. If the elite in the US and Europe were told "make the choice between keeping Corporate Capitalism or Republican Government?
I think you know that the last vestiges of the old republic would be swept away... in a twinkling.
GET THIS STRAIGHT! Democracy is MORE IMPORTANT than mere COMMERCE!
But it's too late, isn't it? Now, it's all over - except the shouting.
"Flyin' in just a sweet place,
Never been known to fail..."
OH, HORROR, MICROSOFT IS TRYING TO DESTROY ITS COMPETITORS LIKE EVERY SINGLE OTHER COMPANY IN EXISTENCE, INCLUDING GOOGLE!
Jesus Christ. You literally quoted that post sentence by sentence, making it one of the most obnoxious replies to parse ever. Just because you're still nerd raging over "Micro$oft" because they bundled IE twenty years ago doesn't mean your FREEEEEDOMM is going to get taken away just because some tablets will ship with Windows 8.
I find it absolutely hilarious how people are all about choice and competition when it comes to Android devices but are suddenly in opposition to other companies competing with Android with their own devices. You're just a neckbearded fanboy. You have sided with Android, and you don't like anything that competes with it.
I would think there will be some kind of vga / vesa fall back or some kind of basic UEFI video driver. Any ways it's not like BIOS needs a 3d driver and no video till os boot makes it seem like the video card is bad.
ATI and NVIDIA are too big to be locked out.
also how many raid cards have UEFI?
Microsoft is threatened by Linux being able to boot other OSs means that folks could boot Linux, and when running in Linux they could run WINE and then access x86 applications that Windows 8 ARM cannot. Besides the potential compatibility I am sure MS is going to face tough competition on a slim hardware platform where Linux/Android and other open OSs can out-innovate on it as a community better then MS can (think kinect there).
MS knows the Win8 ARM is going to be a tough sell and they don't want their low-end hardware ARM (converted to Linux, operating as a more robust OS) devices to compete with the more lucrative win8 x86/64 devices because even if it is not well received consumers (lets not use the term customers, locking the device to a single OS makes the devices throw-away) will have no choice to buy a better unit, and hopefully it will be a full power Win8 tablet, notebook or desktop.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
Competes != makes it impossible to exist.
As does putting draconian demands on the OEM's.
Competes means you ship a better product that wins on its own merits.
What we're seeing here is abuse of monopolistic powers.
It may have started with IE, but it's happened again and again since.
PS: Android may be a platform, but it is hardly monolithic like Microsoft is. Lots of independent OEMs, and more importantly, lots of competing vendor/providers. Very different model than MS.
Check your premises.
"We" already have a way around this....not to worry...it's no big friggin' deal.......WTF
hell you got choices coming out your asses, so WTF are you bitching for? Vote with your wallet okay? But just because YOU don't like doesn't mean you get to tell ME or anyone else what device we should buy or what features it should have. If I was gonna buy one of these things, which I'm not BTW, I wanna try one of those $70 Android Indian pads the net has been buzzing about, but if I did and was actually gonna use this for real work I'd WANT it locked down, because if its one thing we've seen its that these things are giant targets for the malware guys!
First it's a matter of culture, which does and can effect every one of us. A culture where corporation control what you can or can't do with a computer is a culture detrimental to everyone. Second who has the keys? Locking your stuff up as long as you have a key is not problematic at all. What is is when the key is controlled solely by someone who is willing to sacrifice your interests and goals for the sake of their own.
RAID cards were usually the thing I pointed to when people were worried you weren't going to be able to turn off UEFI secure boot. I fully expect you'll need a signed UEFI device driver for your RAID card if you want to boot off of it.
Hopefully you're right about a basic UEFI device driver, otherwise I think people will have problems before UEFI-compatible add-in cards become pervasive. But, in a UEFI world I don't think you have the same concerns about no video until OS boot. UEFI systems running Windows 8 will boot much faster than today's systems, making the time before the OS device driver kicks in much less.
I'm sure they don't realize what they are doing... but they will in time. They (unlike apple) don't sell the hardware their software runs on. Therefore.. it's not under their control how many devices are in the market that can run an OS that is so locked down. At first there may be many... but those choices will taper off as sales of linux based devices will always be less expensive. That and people don't like windows on non desktop platforms and I seriously doubt they have done enough right with the next iteration of Windows to change that perception. So in the end.. this will resemble yet another failed Microsoft mobile platform and less like the next desktop OS for the future. In the mean time.. they will continue to shed 3rd party developers as this slow motion train wreck unfolds.
Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats. -HLM
You still need video for that and you don't want that to be OS tied or to be on the HDD. Also I think OS install / windows recovery stuff on the install disk may need some kind of basic video driver. You can't count on intel GMA 2013-2014 or ATI 8XXX drivers to be on the install disk. You can load raid drivers in install but not video.
What about dos / bios flashing as well? What if you need to pre boot to flash the raid card to UEFI?
mouse and keyboard / speaker sound / USB drives have basic divers / cd dvd boot (part of ide / sata drivers) as well. And most keyboard and mouses are to dumb to have any kind of secure chip.
uh, yeah it does. that's the free market. you try to crush the other guy. survival of the fittest
google is the one using monopoly revenues to pump a new market with a free product, just like microsoft did with IE. if this is an abuse of monopolistic powers, than so is Android
Ha. Nobody thinks you're a shill APK, you're just a pathetic unabashed fanbot drone.
Do not buy these pieces of sh*t... Who wants something as buggy as Windows on any device you depend on... The Navy tried Windows on one of it's Destroyers and it died in the middle of combat when it exceeded 1024 items it needed to track. So it was a sitting duck... Follow the Navy and don't touch this POS with a ten-foot pole...
Sigh, it sounds like it's time to prosecute Microsoft for being a monopoly AGAIN. How come those fucks aren't in JAIL already anyway, huh???
All the supporters of the truly free operating systems and distributions of them are saying now "we told you blobmatists so".
It's interesting that Microsoft has long been strong-arming hardware vendors into REQUIRING that they sell their machines with an OS(oh, any OS is fine *wink* *wink*). Now apparently they want to make sure you can't take Windows off of the device. This isn't so different from encrypted bootloaders on android devices.
Now that these mobile devices have advanced to being full blown computers in every sense of the word, they are still not referred to as such. They are not even referred to and single-purpose/special-purpose computers. They are referred to as consumer electronic devices or mobile phones. People are used to consumer electronics and mobile phones being proprietary devices, this is normal and accepted. There is still the pervasive idea that with desktop computer or a notebook computer that the machine is the PROPERTY of the OWNER of the machine. "This is my machine and you can't tell me what I can or can't put on it."
They idea of buying a laptop computer that you cannot, WILL NOT, run anything but the operating system shipped with it is just weird. If people aren't thinking of the device as a computer, but merely a telephone or a gadget, this idea doesn't seem weird at all.
Couldn't loading Linux (or other systems) be worked around by writing a "Linux loader devide driver" or such for windows 8, and getting it properly signed to work on Windows 8, etc.?
"Video bona proboque; deteriora sequor." -- Ovid
There is a market for linux-boxes. Therefore someone will produce them. And they will be incompatible with windwows and will come with no windows pre-installed. About time, I really don't understand why i have to sponsor microsoft every time i buy a new pc.
Does nobody see the irony of the people blasting Microsoft in preference for Android, which is (ultimately) a closed system, mostly installed on locked-down hardware and unrootable installs?
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
I feel like you are missing the point. I believe the critical point about what is going on right now is not about tablets but rather ARM based desktop machines. I am ready to accept that tablets are turnkey devices, appliances, that are pretty much what they are. I know some people want to hack them and I think they should be able to, but I want to get back to the desktop for a moment. So far we haven't seen any major activity with ARM on the desktop, but the ARM cores have come a long way, and some day soon we may see a massive core desktop machines that is ARM, and then we will very much want the freedom to run Linux on it because it will be a powerful little HPC. A very serious desktop. Whether you want it for gaming, or you just want a runs like lightening machine to program on... When that day comes, I really don't want to hear that I can only use it with Windows. Because if we have learned anything about Microsoft over the years, it is that they can write terribly sluggish operating systems that ALWAYS use up most of the computing power before the user gets to run anything. I have said it before and I will say it again now. Computers are a thousand times faster than they were when Windows first came out. They also have a thousand times more memory, and a thousand times more hard disk. But they don't run all that much faster than Windows 3.1 did, and I think we are owed an explanation. But getting back to the ARM on the desktop. The Microsoft certification guidelines for ARM based equipment specified that the SECURE BOOTING will run in STANDARD MODE ONLY and not CUSTOM MODE. EVER. Unless Microsoft wants to pay for all the development going into these platforms, who are they to mandate that only their software can run on them? The other point I want to make, is that their excuse for all this is keeping the systems secure, but it is their system (Windows) that has all the terrible problems with viruses. I am not saying Windows is the only platform that can be pwned, but it is easily a million times worse off than the OS's that they are trying to suppress. As far as national productivity is concerned, if the US wants to get it's competitive edge back, a ten year plan, not for alternative energy, but rather a ten year plan to get us off Windows and onto ANYTHING ELSE, hopefully *nix based, would be a great start. IMHO
Well you sir are coming off as a bit of a loonie and more than a little stalkerish, is that REALLY how you wish to be seen? its not like we aren't grown ups here and can judge for ourselves what is bullshit and what's not, marketing bullshit is pretty easy to spot BTW as they always fall for "buzzword bingo" like synergy or in the example you keep posting "seamless experience' which if that doesn't just scream marketing bullshit i don't know what does.
But you see the problem with guys like you is you encourage the REALLY batshit to take up you claims, such as my own personal stalker whose been following me a couple of months now. he posted in this thread BTW, not once but twice counting AC posting, see if you can spot him. he is convinced that I'm actually a "M$ Ninja" secretly hidden in a "warroom" in Redmond, which is extra funny since i've never been west of OKC, and that I "have a file on him" and an "Agenda to destroy FOSS and freedom' along with kill kittens or something, who can understand the truly batshit. Now he has it in my head I'm old Pete, aka APK, even though old Pete and i had a pretty nasty row last year until we finally agreed to disagree and we still frankly can't agree on shit, but old APK pointed out one of his "Linux magically protects you from viruses' posts was bullshit so now he MUST be me.
So you see friend, pointing out bullshit once is fine, following them around? make YOU look like the douchebag. Don't worry friend with phrases like seamless experience it isn't like he isn't as easy to spot as Bozo at an Amish wake, his own language trips him up. but when you stalk like that you embolden the REAL nutjobs that are frankly killing /. like a cancer, the ones that treat OSes like religions and anyone who doesn't parrot the party line as heretics. The shills? We can deal with them easy enough, like I said their own love of buzzword bingo gives them away, but its the crazies that are frankly ruining the site for everybody as nobody can have a simple discussion about any subject with militant fanbois and perception bubbles. BTW don't label me a shill for using perception bubble, I prefer to use blatant circlejerk but I was told perception bubble was nicer and i'm trying to be more sophisticated in my phrases and shit, kay? But do you REALLY want to see this site become another Kuroshin, where nothing but trolls and crazies hang anymore because the loonies ran everyone else off? Shilling by ANY group is easy enough to ignore, but the crazy flag waving and perception bubble simply ruins any chance at a dialog and makes it pointless to continue
. Its like the difference between someone handing you a flier for some company and someone jumping in your face and yelling '"fuck you muthafucker!", one is easy to simply ignore while the other one turns posts into endless dick waving. Hell look at the posts below you friend, how quickly they went from having constructive arguments to being the equivalent of Halo teabagging. all civility went right out the window, all the militant dick wavers saw you as a "fellow traveler' and joined in, nothing really more can be posted because the civility is gone and everyone moved on. IS that REALLY what you wanted to accomplish? i hope not, but that was the result.
ACs don't waste your time replying, your posts are never seen by me.
What is required from the OSS community is a counter-attack project..a "UEFI Killer" / "Secure-Boot Killer" like project which helps in disabling (i don't think so that only bypassing would be feasible and/or possible.. what would be required is actually separating that F**KN feature off the grid.. *snuff*) the feature :) :D
hmm..OMFG what did i just typed..
Peace off~
echo9
There are no drivers in a BIOS. A BIOS is an embedded program in a motherboard with basic functionality for system configuration. Anyways, UEFI is a replacement for BIOS, there will be no BIOS anymore. And for BIOS or UEFI, it doesn't matter what video card you use because they occur before Windows starts. The secure boot/signed code issue comes up when Windows starts booting.
Right now it would seem that you're dreaming - there's a very good chance that we'll never see anything comparable on ARM, simply because the devices will all be locked down.
Have you ever seen anything like this on a previous ARM tablet? What makes you think the Windows-based ones will be any different?
Stop whining about compatibility with windows and start putting your money where your mouth is, to economy of linux ...
Obvious shill is obvious
With the purchase of a new computer come windows pre-installed. $200 dollars wasted for window 7 ultimate to only be replaced by GNU/Linux {Red Hat}. Most people who dont want windows still have to pay the M$crosoft tax.
You forgot how it all started out: home computing at first was a DIY activity. It gradually but steadily gained popularity until businesses jumped in and until the Big Blue took note and created first "serious" PC as we know it. We can get back and reinvent it all. Unlike back then, today we have ready Linux. I predict that next big surprise (for those not already following the hacker/maker subculture) will be strong fervent community of competing open gadgets of different flavors, something like colorful mixture the 8bit microcomputing/home computing scene of the '80s was. Today, relatively powerful 32bit microcontrollers and high-resolution color LCD's are ubiquitous components and it is not impossible that soon we will be making, or buying kits, or even assembled open design Linux tablets from e-bay.
Really, it's getting really old, SecureBoot will not lock down Linux or any other of your favourites hippie operating systems, there has been tons of this shitty articles on /., just stop with this lie, good grief
You idiots don't know how to moderate and should turn in your geek cards immediately. I strongly believe everything I said below including the bits about fucking oneself. Don't tell me what to do, what I should believe, or to be happy with the fucking that electronics manufacturers try to give us. Isn't this supposed to be news for nerds? Nobody who would just give up and say "that's unauthorized" deserves to be permitted to read this site, let alone to moderate.
Guess the moderators work for Microsoft, though, convicted criminals.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
My post on this 2 days ago was deleted. As I am sure this one will be too. I am a MS engineer. I think the locking of their vendors like is not cool. Make me hate my job even more.
No, a hell if I know is the offspring of an elephant and a rhyno. only shills pretend to ignore this fact because it doesn't suit their shilling agenda
First, we just have a terminology difference. I use "BIOS" as a fairly generic term for the boot firmware on the motherboard that executes at power-on. UEFI isn't really the right term for that, because UEFI is just a standard set of interfaces that UEFI-compatible boot firmware can implement. If its important to distinguish between old and new, I'll usually write "legacy BIOS" or "UEFI BIOS".
Second, there definitely are drivers for BIOS. In the legacy BIOS world they're called Option ROMs. In the UEFI world, they're called device drivers. You need those if you want to use a device in the preboot environment. Not every device needs an option ROM. You're not going to need to use, say, a TV tuner in preboot. But, you do want to use SATA/IDE controllers do you can boot of a drive, or maybe you want to use a network card to boot off a network server using PXE. Video is certainly important in preboot too, since you might want to go into the configuration settings and change stuff around. The only question is if you can use some sort of generic UEFI device driver, or if you need a card-specific one.
Third, secure boot ENDS when Windows starts booting. Mainly, UEFI secure boot verifies signatures on UEFI device drivers and the bootloader. Once the bootloader runs, UEFI secure boot is essentially over. The UEFI BIOS is no longer in control of the system, and its up to the bootloader and the OS to check signatures at that point.
Why hasn't the FTC stopped this stupidity in its tracks? The skeptic in me thinks it may be that the regulatory agencies in the former USA are populated with people who formerly worked for the companies that they are now "regulating." Anyone at FDA want to comment on that?
That actually raises an interesting question though... If you have a motherboard with UEFI secure boot enabled by default, and you try to use an old video card that doesn't have a signed UEFI device driver, how would you even go into the BIOS settings to turn off secure boot?
Good point, a mobo jumper would be useful for this. I think those of us who aren't scared of technology will just have to do without the secure boot feature, turn it off and never turn it back on.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Easy. Re-flash the bios with a non protected one. This might involve physically replacing the bios chip, or perhaps using a jtag in some cases though.
Hopefully.... hopefully we can just avoid all of this UEFI bunk by purchasing open hardware. Unfortunately, Microsoft has a tight grip on the throats of many PC vendors. And it seems, once again Microsoft needs and wants to control how users actually use their hardware. Year after year, bandaids and patches are put on things to help to try and secure Windows, but it just makes Windows more bloated and now we have to deal with these silly hardware changes. I don't think this will have too much of an impact, Intel based hardware will still be fine which is where most of the user base is anyway.
UEFI is another killbit for Windows Vista Revisited.
Has secure anything ever stopped anyone from doing anything ever?
Even if the bios is from read-only memory, it has to execute some code to verify that the software to be next loaded is valid. That software, be it grub or the Windows loader, has a signature. All that is necessary is to have a software that provides the correct signature and the boot sequence will continue.l
Alternatively, you let Windows Boot, and use Windows software to reload the alternative,
There is always a way to use your own software. The best way is to just not purchase windows ARM based products.
Leslie Satenstein Montreal Quebec Canada
More question mark abuse, I see. Mod submitter overrated. Or maybe Garrett got confused about what he was talking about.
There are three(!) totally seperate issues here, all being conflated as though they were the same thing:
Many people are flaming Microsoft here. Fine. Fuck Microsoft. Now, that aside...
When Garrett starts saying things like "Signing the kernel isn't enough. Signed Linux kernels must refuse to load any unsigned kernel modules," he isn't talking about Microsoft or UEFI specs. He's talking about actual security -- how he thinks Linux ought to work, in order to protect users from running unknown kernel-mode code. He's not talking about Secure Boot (TM), he's talking about secure boot^H^H^H^H operation. Once your kernel has booted, UEFI specs are irrelevant, because you're not interacting with UEFI anymore and control of the machine is in the hands of the kernel, to protect or lose.
Once you've got your kernel signed and UEFI trusts the signer and it boots, you have solved the big UEFI interoperability problem that everyone is complaining about, and the kernel loading unsigned drivers doesn't change that a bit. At that point, you've got your machine working, and Linux is "secure boot compatible."
Refusing to load unsigned drivers is a way to take advantage of what UEFI secure boot ostensibly intends to offer users, as opposed to sacrificing the security which Secure Boot may offer by treating it merely as a compatibility obstacle.
BTW, I hope this whole signed kernel module issue makes people think back to Torvalds-vs-Tanenbaum. We all know who won, but are you still sure who was right?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
In theory yes, but in practice my hovercraft is full of eels.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I fully intend to keep UEFI secure boot turned on whenever possible. It's a very useful security feature. We're already seeing some malware that modifies the Windows bootloader to get around 64-bit Windows code signing checks.
Say What?
Who runs the signing service is the _entire_ point. Saying that is like saying "forgetting the death and distruction for a moment" in the second paragraph on your "what is wrong with nuclear weapons" paper.
Nobody has _any_ problems wiht signed boot loaders if the people who OWN THE COMPUTER have are the people who get to sign the code.
The problem is that the people who make the bios are the ones who get to sign the code.
So forgetting who will have the keys to your car, and house, you can just sleep tight with only being able to start your car or enter or exit your home with express permissions from the on-star lady okay?
That's not hyperbole. The "we own the keys to your computer" would be very like requiring you to have a body scan before you can enter your car or house so that it is known that you are not carying contraband (say that copy of [your religious text here] or any person who isn't on the "approved rider or resident" list maintianed by General Motors).
The "who gets to decide these things for you" is the only and entire problem.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
If you have a problme with the MAFIAA you don't fix your problem by then _joining_ the MAFIAA.
Quite frankly the problem with UEFI is that it is broken in it's _founding_ _assumptions_. Namly it assumes that the hardware manufacturer or BIOS writer is the "correct" person to have the boot-keys to the device. That is, it assumes that the computer shoudl not be controlled by its rightful owner.
If the system were even in the correct neighborhood of "correct" the system would require that the root key would be constructed by the owner of each device and that said owner would then have a means to exclusively sign the boot loaders of their choice. This would not be hard to do in any technological way.
Once this was done, then when _I_, as the owner of my device, were to buy Windows 8, or Red Hat, or build-my-own loader for some other purpose, or add memtest86+ to my box, I would use my key to sign my installs to prevent tampering.
The UEFI assumption is that I souldn't be able to sign my system to prevent tampering by, say, Micorosoft by securing my system with my own keys and then running Windows as I see fit.
So yea, I don't see why Red Hat should "join" (e.g. buy in with a hefty cash bribe) UEFI for the right to be one of the anti-user "decider" guys when they beleive the apprach is broken by design.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Vote with your wallet
This is one of the most odious, repeatedly parroted phrases I know. Let me explain why:
First of all, it is a direct statement that those with money should be those who make all the decisions. This has obvious inherent flaws. But I imagine you are not one of the super-rich. All the same, you obviously only say this because you are on the side of the majority. My issue with your enraged (and heavily capitalised) post is that you imply that unnecessary limitations are OK if they don't affect most people, and that the rest of us should shut up about it. How is that possibly the case? Just because Microsoft have the resources to sponsor companies to close down their devices doesn't mean they should be allowed to. You may have heard of court cases against MS along these lines.
On the Apple note, the difference is that they make all their product in-house, and so there's no fear of their OS becoming the only compatible one in the industry. However, of course I object to their efforts to make the iPod (etc.) incompatible with other software than iTunes. I don't see why I wouldn't object to it.
--
So, would having frog gits get the fuck out of slashdot have your nipples explode with delight ?
micro$oft > ireland > bahamas > bermuda > fiji > russia > china > angola > columbia > italy > etc > etc (whatever the chain is)
i really doubt that the mightly US government gets much dosh from redmond
Apple are a hardware company, who make devices that come with software
Microsoft are a software company, who make software that runs on generic hardware
Android is an OS that many companies use on varied hardware, including some that also run MS software
Linux is an OS usually with a vast suite of software that many companies and individuals use on generic hardware most of which can also run MS Software
These are four different entities, that are not directly comparable, or in many cases even competing, they all overlap each others markets to some extent
Every time I see a x vs y comparison I am amazed at the conditional statements needed to make even a vaguely reasonable comparison
Puteulanus fenestra mortis
If the technical brilliance involved with the wonders of Jailbroken iOS devices, OSX86 and countless other 'enabling' projects is any indication - any attempt to really stop people from running other OSes will only slow people down from trying other software. It will similarly propel others to try even harder. Regardless, geeks like to tinker and play around with various options. An operating system that provides as much openness as Linux or BSD will always be in sufficient demand to wage a battle to circumvent silly security technologies designed to impair the fundamential functionality of the hardware platform.
Anyway, whatever, if Microsoft wants to give us more fodder and employ some security nuts, I'm fine with it. It won't really change anything in the big picture.
Uhh...to use a phrase popular in these parts 'I don't actually have a horse in this race' as i'm happy with my dumbphone and netbook, which BTW said netbook came with not only Windows 7 but also an instant on Linux environment called Expressgate which is one of the reasons I bought it, so i'm not "for" or "against" anybody here and the automatic assuming that I am just lets everyone know you DO have a horse in the race and are one of those "everyone go to hell but cave 76!" types that treat corps like ballclubs.
As for voting with your wallet it doesn't have a damned thing to do with "uberrich" and if it did the only purses you'd see in stores would be Prada and there sure as hell wouldn't be a line of Snooki zebraskin bags in every damned store. No voting with your wallet is VERY democratic and that is probably why FOSS zealots hate it so, because they have yet to make an OS people actually want. lets take Google Android for instance, which only came about because google took it AWAY from the fiddly CLI happy community and used the kernel to make an ALL GUI all the time OS that is based around an app market kinda like...well Apple obviously. if it had a damned thing to do with uberrich how do you explain MSFT being dead last hmmm? They have thrown obscene amounts of money at WinMo and WinPhone and now Win 8 ARM yet people voted with their wallets and you can't give the things away, why? Because people LIKE Android and iOS that's why! they like the features, the like the GUI, they like the form factor, its all decided by people voting with their wallets.
but the fact that you think people shouldn't be able to choose just shows you to be an elitist, thinking the public is "sheeple" that you oh wise one should be able to decide for. Well i got news for you pal, just as MSFT found out with Vista, WinMo, and I'm betting WinPhone and WinARM and Apple is gonna find out if they don't come up with something truly kick ass soon the public is more than willing to dump your ass if you don't have what they want. Its no different than how you can't find a single retailer in America stocking Linux boxes on shelves or how MSFT is dead last in phones, you give the people what they want or they walk away, simple as that. But you thinking the rich can magically decide for the masses just shows how out of touch you are with the average consumer because frankly nothing could be further from the truth, for an example look at how Intel is pushing "ultrabooks" yet the local Walmarts and Staples are packed to the brim with AMD netbooks and laptops that are frankly selling like hotcakes. the corps can say "thin is in" all they want but if the public doesn't want the unit or doesn't think its worth the price its just gonna sit there gathering dust.
ACs don't waste your time replying, your posts are never seen by me.