Will Secure Boot Cripple Linux Compatibility?

MojoMax writes "The advent of Windows 8 is drawing ever nearer and recently we have learned that ARM devices installed with Windows 8 will not be able to disable the UEFI secure boot feature that many of us are deeply concerned about. However, UEFI is still a very real danger to Linux and the freedom to use whichever OS you chose. Regardless of information for OEMs to enable customers to install their own keys, such as that published by the Linux Foundation, there are still very serious and as yet unresolved issues with using secure boot and Linux. These issues are best summarized quoting Matthew Garrett: 'Signing the kernel isn't enough. Signed Linux kernels must refuse to load any unsigned kernel modules. Virtualbox on Linux? Dead. Nvidia binary driver on Linux? Dead. All out of tree kernel modules? Utterly, utterly dead. Building an updated driver locally? Not going to happen. That's going to make some people fairly unhappy.'"

"Freedom"

[bonch]

Would someone interested in Linux on these particular tablets be able to order one from a vendor with Linux (or no operating system) pre-installed? I couldn't find information on whether or not OEMs are restricted from selling pre-installed Linux versions of the tablet. The SoftwareFreedom website says "any ARM device that ships with Windows 8 will never run another operating system, unless it is signed with a preloaded key or a security exploit is found that enables users to circumvent secure boot." The phrase there is "ships with Windows 8," which suggests to me that Custom Boot-enabled versions could ship without Windows. Admittedly, I have a hard time seeing it as a freedom issue, as these are just tech gadgets at the end of the day. I'd rather it was framed as an inconvenience argument, not a freedom one.

Re:"Freedom"

[hedwards]

Tablets won't be able to be fully certified by MS if they don't have secure boot enabled with no way of disabling it. There may be some manufacturers that opt to have a second line for Linux, but I doubt that will be very common. The problem is one of logistics it's not that much cheaper to have a second line that supports Linux, you have to support it and QA it. But, if you just ship hardware that's supported by Linux then you lose no money on that and sell more units. Of course MS is the party here that's misbehaving.

The issue is that ultimately, they're selling these devices that can't have other OSes installed without cracking them, that's inherently a freedom issue.

Re:"Freedom"

[Microlith]

So is Apple

Apple does not sell its OS to 3rd party hardware vendors and dictate how to lock down the device.

nothing is stopping Linux tablets from coming to market, in fact there are lots of them out there now

There are, but how long until MS ramps up the pressure to push Android out of the market via legal and possibly illegal means?

If you buy a 'Designed for Windows 8' device it's no different than buying an iPad with regard to the operating system.

Sure it is. The vendor is being forced by the OS supplier to set the device up in a way that precludes alternatives, and leveraging their monopoly platform to do it.

I doubt there are many people out there who bought an iPad and are complaining that they can't install Linux on it (me included), so why should it be any different for these 'Designed for Windows 8' devices?

Yeah, minorities should ALWAYS be ignored. Only the masses should ever get what they want, everyone else can go fuck themselves. Right?

Re:"Freedom"

[Darinbob]

Because when you buy a device you should be allowed to modify it. It is your private property at that point. It doesn't matter how many stupid people only use them to show off to friends, if even one single person in the entire world wants to be able to modify their personal property in a way that causes no harm to others then it is their right to do so.

Re:"Freedom"

[Sir_Sri]

Other way around. These are linux (andriod) tablet makers being paid by MS to make a Windows version. Just like phones, these will be samsung galaxy tabs, acer iconias etc. with a minor refresh/rebrand to run windows. Not windows tablets being done the other way around.

The gadget market is very different from the desktop market anyway. Right now it's an iPad market, with some other hangers on. Whether MS can change that is an open question, but it's not like you can put linux on your iPad, and it has 90% of the market right now.

Re:"Freedom"

[Microlith]

And they only have to lock it down if it's 'Designed for Windows 8'

Everything will be "Designed for Windows 8" if it runs Windows.

and if it's ARM, if they don't put on that Windows 8 sticker then they don't have to do anything.

And Microsoft also doesn't have to sell them licenses they can put on devices that don't meet the guidelines.

And i'm sure Google will just rest on their laurels and just let Android die.

Google may continue to fight but all MS has to do is hinder and slow it.

if you didn't want Windows 8 you wouldn't buy a device designed for it, unless of course you're an idiot.

Go find me a motherboard or graphics card that don't have the logo. Go on, do it. I doubt you can.

What the hell. Not a few years ago restrictions like this were acknowledged as being bad. Now people can't rush fast enough to defend lock down like this, especially with Microsoft pushing it.

Re:"Freedom"

[sjames]

Of course you're free to take a walk in your own front yard, just watch out for the tiger pits we put in. And the bear traps. OH, and the unmarked minefield. But we have done absolutely nothing to stop you from taking a nice walk in your own front yard.

Re:"Freedom"

[Microlith]

The Windows logo no longer indicates a platform advantage

Sorry, no. It's a HUGE platform advantage, because they can place the same logo on tablets and desktops. The catch with the Windows 8 tablet is the software is available only via the store. This is great for Microsoft, because they can say "buy the software for Windows 8 on our store, and you can use it on both your desktop and tablet!"

So they link the desktop monopoly to the tablet space, and leverage it to extend their reach into another.

A manufacturer can still make an ARM device that runs Windows and allow Linux as well -- they just can't put the Windows logo on it.

Can they? I deeply suspect that Microsoft will make OEMs agree that any and all tablets running Windows will meet the logo requirements, or they won't get the OEM agreement they want (IE no Windows for your tablets.)

The problem is stupid consumers who demand to see that logo.

And that's exactly what Microsoft is banking on. Oh and finding some way to drive Android out of the market.

Re:"Freedom"

[hedwards]

There is no requirement that you dominate the market to be guilty of antitrust violations. Agreements between companies to lock out other companies to this extent are going to be in violation of antitrust regulations. This isn't just an exclusivity agreement between the companies, this is an exclusivity agreement that also involves the end user and prevents access to the device by other companies.

If MS contracted them to build the devices that would be a completely different situation. That's well established and Apple, for one, has been doing that for decades. What isn't well established is the practice of withholding certification if the product is capable of running a competitors product.

Re:"Freedom"

[Microlith]

No it won't.

Do you seriously think that MS is going to let a vendor ship Windows on a device without their logo on it? Doubtful.

the manufacturers don't have to sell them with Windows either, they could sell them with Linux.

We've said that with PCs as well. Look where that went.

Hinder and slow it? Android dominates MS in the tablet market as it is.

Yeah, which is precisely why Microsoft is doing their little patent protection racket against every Android vendor in the market. They want to weaken Android and raise the cost of using it so that the vendors give up.

The tablet market is already saturated with devices that don't have the Windows logo.

Go do it. I asked you to go find me core system hardware that doesn't have the Windows logo on it.

Yeah look at how the ipad has destroyed the world with its lockdown

Sure, it's causing bullshit lock down and walled gardens to spread.

Re:"Freedom"

[Darinbob]

There are some cases where secure bootloaders are valid. Ie, so that only owners can modify their devices instead of just anyone who has physical access (electricity meters), rented or leased equipment (broadband routers), and so forth. Sometimes the device requires a level of trust as part of its design and the owners insist on knowing that the firmware has not been tampered with, such as encrypted routers.

Additionally there is often a market need to create a secured device to prevent or discourage third party sales or hacking. I've seen this activity common in medical equipment where there can be an active trade in in Russia or China of buying old machines and reimaging them and there's no opportunity to sue (yes a murky issue as you buy software features separately from hardware, but the end-user is legally forbidden from putting their own software on in many countries). If I go in for radiation therapy treatment I want to know positively that the hardware/firmware/software has passed FDA scrutiny.

The issue here with Microsoft and Apple is that they are huge players in the market and they're not doing this to just niche devices. With MS specifically they have a known guilty track record of antitrust activity. MS isn't going to require signing of all third party apps, they specifically want to make sure there is no competition for the operating system

It would be better overall to allow the consumer to turn on and off the trust levels on the devices. If the operating system boots up and notices that it's not on a secured system then it can just warn the user instead of refusing to boot. This way you can make things more secure without denying the consumer their right to use the equipment in any manner they want.

Re:"Freedom"

[Anne+Thwacks]

Tablets won't be able to be fully certified by MS if they don't have secure boot enabled with no way of disabling it.

IANAL, but this would appear to contravene European laws on restrictive trade practices. I can see another monopoly related court case on the horizon, and a possible way for Europe to pay of its bankers.

Simple solution

[NeoTron]

Don't purchase any of these ARM powered devices which run Windows 8.

Re:Simple solution

[taniwha]

Oh no - you should purchase them .... but them return them because they don;t work with Linux

Re:Simple solution

[SeaFox]

No, he's being serious. If you buy then and then return them opened, the store can't resell them as brand new and lose money.

Re:Organized trolling campaign on Slashdot

[Tsingi]

Oh fuck off.

Re:What this really affects

[ClioCJS]

Myopic.

Reminds me of when drug testing started to take hold in the 1970s - "If you don't want to drug test, you can choose to work at a job where you don't." Except generally, assholism comes with built-in scope creep. Now you can't get a job at Home Depot pushing carts without having machines inspect your personal fluids to determine your off-work behavior. The simply "if you don't like X, then go elsewhere" so-called 'solution' is a fallacy, and always has been. It's a way to avoid a problem; it does not fix anything, or prevent a problem from getting worse.

Another great example - "Don't like crime in this city? Move to another city." Or "Don't like the shitty laws here? Move to another country." {And when the countries of the world unite to form a cartel of shitty laws worldwide -- for instance ACTA -- they will be far harder to fight.}

This is more than just a phone and tablet issue

[Calibax]

Right now, the ARM architecture equates to tablets and phones for many, maybe most people.

However, a number of companies (Qualcomm, NVIDIA, and others) have announced that they are developing ARM processors to challenge Intel in laptops and desktop systems. Probably they are going with ARM because Intel is being somewhat uncooperative (and maybe anticompetitive) by not letting them have licenses that would allow them to produce x86 compatible systems.

For these companies, having Windows on their ARM systems is vital. However, we shouldn't be short-sighted - restricting the ability for ARM systems to boot anything but Windows will (in the long run) benefit Intel, AMD, Via, etc. as much as it will benefit Microsoft by restricting which operating systems the upcoming ARM based systems can boot. They will either run Windows or they will run everything else, depending on the boot ROM in the system. Guess which most will chose.

Re:What this really affects

[ClioCJS]

The same entitlement complex that those who enforce anti-trust laws have.

Also, whoosh. My point went over your head based on your metaphor that does not represent the situation at all.

A more apt metaphor would be: What if new devices started using proprietary screwdriver bits? Maybe they get a kickback from the screwdriver bit industry, or manufacture the bits themselves to pad their profit (remember the outrage when the iPhone changed its screws?). The "if you don't want that tool, buy another tool" metaphor simply does not work. You cannot use their tool because they have changed it to be less adaptable. People can buy phillips and flathead screwed devices 'til the cow comes home, but there's enough mindless consumers and people that it would not change the bottom line enough for $CORPORATION to change their ways. After another company sees the money they make, they start using proprietary screws too. Eventually, it becomes an industry trend. You can either shell out for the proprietary screwdriver, or use none of these devices. Either way, your unwillingness to go with a bullshit 'feature' does nothing to stop that bullshit from creeping into every device in existence; you merely stuck your head in the sand.

YOU actually come off as the entitled one here, except that you feel entitlement for the faceless corporations that are only interested in your money, rather than for yourself and your own freedom of market choice. You somehow feel that if they were forced to offer something that costs the same to make, but allows people greater freedom, that somehow this affects your livelihood or your "feelings" on what a corporation should be allowed to do. Unless you're a CEO yourself, you're simply loving to learn the taste of the boots you lick. In fact, simply boycotting a product does not make its shitty features go away. And corporations were originally only allowed to continue existing if they served the public good; otherwise they died a mandatory, automatic death sentence. (That is, before those same corporations and their cronies re-wrote the law so that they have more rights than actual people. Privatize profits, socialize losses, no death penalty if you're a corp, and if you're a CEO you can kill someone and not go to jail because you're deemed more important than others.)

I mean, imagine someone saying "if you don't like the fact that airbags can decapitate your baby, then don't get a car with airbags". Do you think that stopped them from coming? Now I am in danger of responding to your bad metaphor with another metaphor, but my point -- which still stands -- is that simply avoiding something you don't like does not make it go away.

It's not a "simple solution". It is neither simple, nor a solution. It is not simple to reduce your freedom of choice, and it is not a solution in any way, shape, or form. A solution solves a problem. The problem still exists. You've done nothing.

"Don't like wars over oil? Then don't buy gas!"

"Don't like abortions? Then don't have one!" (This is a trick example, as I *love* abortions. But to someone who thinks abortions represent a problem {which is not me} -- this 'solution' does not actually solve the 'problem'.)

"Don't like the encroachment of civil liberties in the name of the drug war? Then don't do drugs (alternate: move to another country)."

"Don't like cops tasering people? Then don't mouth off to cops!"

Anyone who thinks this attitude constitutes a solution has a major cognitive logic defect.

Windows is Oranges in this case

[Zero__Kelvin]

You are comparing Apples(tm) and Windows(tm). What OS does Apple sell? What computer models does Microsoft sell? See the difference?

Re:Windows is Oranges in this case

[Rennt]

Vendors were already going to make devices to run Windows 8, and everyone was happy. Microsoft specifically asked vendors to build a device that can only run Windows 8.

knoppix and other testing / recovery secure boot

[Joe_Dragon]

knoppix and other testing / recovery tools also need secure boot.

Does networking booting work with secure boot?

Ghost?

Hard Drive Diagnostics tools (self booting ones)

Dell Diagnostics tools (self booting ones)?

Acronis True Image

clonezilla?

Memtest86+ (better and more to the hardware then the windows memory test tool)

There is alot of stuff some still dos based that is need out side of windows.

Point missed ... entirely

[Zero__Kelvin]

"Except that it's not like that at all, you don't buy a hammer if what you need is a screwdriver ..."

You buy a screwdriver and use the handle to pound in nails when they stop making hammers because Microsoft uses their monopoly to drive hammer makers out of the market.

Re:Organized trolling campaign on Slashdot

[WorBlux]

hell you got choices coming out your asses, so WTF are you bitching for? Vote with your wallet okay? But just because YOU don't like doesn't mean you get to tell ME or anyone else what device we should buy or what features it should have. If I was gonna buy one of these things, which I'm not BTW, I wanna try one of those $70 Android Indian pads the net has been buzzing about, but if I did and was actually gonna use this for real work I'd WANT it locked down, because if its one thing we've seen its that these things are giant targets for the malware guys!

First it's a matter of culture, which does and can effect every one of us. A culture where corporation control what you can or can't do with a computer is a culture detrimental to everyone. Second who has the keys? Locking your stuff up as long as you have a key is not problematic at all. What is is when the key is controlled solely by someone who is willing to sacrifice your interests and goals for the sake of their own.