Slashdot Mirror
Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
ToriaUru writes "Fedora is going to pay Microsoft to let them distribute a PC operating system. Microsoft is about to move from effectively owning the PC hardware platform to literally owning it. Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux. Technically Fedora didn't have to go down this path. But, as this article explains, they are between a rock and a hard place: if they didn't pay Microsoft to let them onto the PC platform, they would have to explain to their potential users how to mess with firmware settings just to install the OS. How long before circumventing the secure boot mechanism is considered a DMCA violation and a felony?" Note that the author says this is likely, but that the entire plan is not yet "set in stone."
How can this be legal and not an abuse of their monopoly power?
Aside from the fact you can turn it off ( for now ) it still sounds like a clear case of abuse to me and someone should be talking to an attorney about this.
---- Booth was a patriot ----
...is about the only thing that might turn me into an Apple user.
RTFA. Then comment.
... how the FUCK this passes the slightest hint of anti-trust scrutiny?
I don't understand how Microsoft is as fault here. Isn't it the hardware manufacturers that are locking out everyone but Microsoft? Shouldn't the hw people be the ones to make the platform open?
You have to do it MS's way or they won't let you sell hardware with Windows on it. MS controls the certificates used in the secure UEFI boot process. You either do it MS's way or you do it your own way ... without any MS products to pre-install.
MS is probably strongarming them.
How does this make you mad at RHEL/Fedora and not Microsoft? Admittedly, Red Hat is negotiating with terrorists here, and that may not be the best option for the ecosystem, but I can see how they would choose that path given that their business--one that helps the linux ecosystem tremendously--is in risk.
Red Hat is willing to pay to be licensed to be able to run on the new hardware. They are going out of their way so you can run Fedora on the new hardware. And you want to ditch them because of it? Remind me never to buy you a beer.
Microsoft doesn't have the right to "license" hard ware. It's not their hardware, it's not even their design.
This is Microsoft forcing vendors in the corner with their O.S. once again. This is non-competitive behavior once again.
If they have such a great O.S. there is no need for locking out others. It's weak and it's sick.
I'm just wondering why Fedora doesn't include a small boot ISO that starts up, presents a simple menu, and takes the pain of unlocking the UEFI chip out of the equation.
I agree perfectly that they shouldn't have to do that, but the tech is certainly there, and most folks are sufficiently apt enough to do it (see also jailbreaking phones, etc).
Quo usque tandem abutere, Nimbus, patientia nostra?
EU will have a field day with this in court. MS, of course, will be the ones having a bad day in court.
Good thing Microsoft's way includes a required option in the UEFI setup to turn off secure boot. This whole story is horribly misleading.
So they must turn off secure booting in order to run another operating system. The DMCA implications aside, I'm not sure which is worse for the consumer: a 'secure boot' of Windows or a 'non-secure' boot of any other operating system?
Why can't I just be in control of my own damn property without being at the mercy of manufacturers?
Well, time to check Red Hat off my list of distros. Any company willing to pay essentially blackmail money does not deserve my business.
For those mystified by the comment subject
Good thing Microsoft's way includes a required option in the UEFI setup to turn off secure boot. This whole story is horribly misleading.
G'uhgh.... once again geeks confusing a technical capability with a real-world practicality. Turning off secure boot sounds bad and raises the barrier to entry for non-Microsoft OS'es. It also complicates the newbie install experience, which is something that Ubuntu, Debian, and many others have worked for years to simplify. And now they are using their monopoly position to extort tribute from a competitor.
-1, Too Many Layers Of Abstraction
A whole $99 one time. Ain't that a bitch.
This has nothing to do with PCs. Nothing. Not one thing.
This is all in reference to UEFI on ARM tablets that Microsoft has partnered up with OEMs to produce to their specs SPECIFICALLY FOR: Windows 8.
Nothing has changed here, nearly all ARM systems are locked down today by OEMs.
Do any of you expect Microsoft to produce one that isn't (zune: locked down xbox: locked down)?
You are completely wrong-- what you say is the opposite of true.
This is referring to x86, not ARM. Fedora is not going to play Microsoft's game on ARM where Microsoft has little influence. But they are going to pay Microsoft a fee to get their bootloader signed for the x86 platform so they can run in the Windows8 world.
E pluribus unum
Yes.
How is "controlling a system and getting money in exchange for licenses" not literally owning?
Up to now, their figurative owning is an "effective" ownership, as in "there are effectively no competitors in this space." However, should you know what you're doing, you could get something else with little effort. With this change, they are actually getting paid for compettitors to be allowed into their space. That is de facto, or literal, ownership.
If Dell wants Windows Certification it better not do this. Per the Windows Certification Requirements, page 122:
Of course for Windows 9, blocking non-Windows operating systems will become mandatory on all devices.
You don't get the 'slippery slope' thing, do you? Or are you one of those 'slippery slopes don't exist' bozos?
> Overwhelmingly, if you wanted to look like you knew why-the-fuck you ought to be on stage, in front of 8,000 people, you went Mac.
Translation: If you want to look like you've got money to burn, then you show off overpriced Apple products.
The "BMW" comparison is very apt really, including the crap quality.
Seeing is decieving...
A Pirate and a Puritan look the same on a balance sheet.
Interesting then that Microsoft provide a way for others to sign their software... which is what Fedora is doing.
Exactly - by paying Microsoft for that right. Isn't that what this whole thread has been about?
Yes, if you pay enough you can get a key. Microsoft is following in Apple's evil footstep by requiring developer registration and, I assume software distribution only through valid Microsoft channels. Do you like any software that you didn't pay for? Well, you'd better find a substitute. Microsoft is tired of FOSS and legacy software cutting into their profits.
Support SETI@home
Or you could... you know, turn on custom mode so that you can run any OS you like.
Or you could, you know, not allow the monopoly PC OS vendor to control the keys that allow the system to boot competing OS's.
Regardless of whether or not you _can_ turn off the secure boot, when you consider what the _majority_ of end users feel comfortable and competent in doing, what kind of barrier to entry does this raise? Would your parents know how to tweak this setting on their own, or feel comfortable doing so? I for one would not even bother attempting to ask my parents, or even some of my siblings, to go and change such an option.
Are the instructions to change this setting even consistent across hardware so that they can be easily published by alternative OS vendors?
RedHat should not have to pay a dime to MS for this IMO, and neither should anyone else. Why couldn't MS have made an option to turn on secure boot by user prompt when they first start their new computers, and require some method provided as standard in the BIOS that allows turning it on only?
Um.... that's as it should be.
If you're running something at the OS level unintentionally that can be really fucking bad for your computer can't it? If you want to install linux this isn't a particularly difficult problem to solve.
The vast vast vast vast majority of users have no idea what the hell is going on on their computers. But they're on the network with the rest of us. Should we take away anti lock brakes because professional drivers can use regular brakes better than anti lock brakes? I think not. There is a way to circumvent UEFI if you definitely know you want to. If you don't know you want to, you don't want to, and should be protected from some malicious application doing it for you.
The vast majority of consumers aren't going to run, or want to run anything on this particular computer they are buying other than windows. I know that's not a popular concept around here, but it's reality. Making it easier for them to be more secure significantly trumps the relatively minor inconvenience suffered by people who know stuff about computers having to use that knowledge and their ability to read.
I assume that like it will be an annual fee with a sliding scale based upon net worth and how much Microsoft likes you. Plus a per unit charge. And your software will need to be distributed through Microsoft's distribution channels which won't be built for OS installation.
Support SETI@home
Not really. Apple machines are a PITA with weird hardware for Linux users too. All it means is Linux users will go back to building their own PCs. Box shifters will simply do a parallel line for server sales.
You're right, this boneheaded move by Microsoft is the best help they could possibly give for Linux on the desktop. Of course, that just not let Microsoft off the hook for antitrust violations, specifically abusing its market power. I can smell a new EU action on the the way, at the very least.
When all you have is a hammer, every problem starts to look like a thumb.
Actually (if you read the article) M$ does not get any of that $99. The fee goes to Verisoft. Microsoft is acting as the gatekeeper for the signup process.
Now I will be VERY pissed if I buy a new motherboard to build my own computer and it won't boot Linux unless I have to buy a key for $99. In such a case I would return the MB as being defective. I hope Asus and other MB makers will give me a choice of bios options when I buy a new MB.
I am pretty sure that if a hardware manufacturer like Dell locks out Linux operating systems
That is not the case AT all.
Its REALLY simple; linux is not being locked out of desktops.
x86 hardware shipping with win8 pre installed needs to have:
a) secure boot functionality
b) windows 8 boot signing keys
c) secure boot functionality turned on
d) and it must be possible to disable secure boot
e) and it must be possible to load additional boot signing keys
So, linux users buying dell pcs (x86) will be able to exercise option d) and disable secure boot.
They can also exercise option e) and install a linux signing key, and leave secure boot enabled.
Linux users are NOT locked out at all.
However, if I want to try Linux for the first time, I'd like stick in a live CD and boot it... I might be intimidated by having to go into bios first to disable secure boot. I'm very likely to be intimidated by having to install a signing key into bios first.
Redhat wants linux to "just work" without the user having to jump through those hoops so the ideal option would be to coordinate with all the oem manufacturers to get a "redhat" or at least "linux" signing key into the bios, so that the linux bootloaders can be signed against that. (The OEMs were fine with this, even enthusiastic... but the cost to do this is extremely high, and there would still likely be several cases where the redhat key was missing, leaving us with an inconsistent and annoying situation.
The other option was to just sign the bootloader with the microsoft key; microsoft is already working with all the OEMs, and already has all the infrastructure in place. Fedora decided to piggy-back on the microsoft key and pay to get the bootloader signed by microsoft.
Is it ideal? No. But in terms of what it does for the users of linux? Its a great thing. Fedora will "just boot" in secure boot mode. Users don't have to disable secure boot to use linux, which is a good thing. Users don't HAVE to manually install a linux key into bios to use secure boot (although they still can if they prefer not to use the microsoft signed version).
The x86 ecosystem remains truly open (in that users can manage boot signing keys themselves if they wish), and trying out linux is remains easy because it will boot with the default installed microsoft keys.
Overall its a good compromise.
Note that on arm tablets the situation is entirely different. option d and e are not available, and fedora isn't getting the software signed for that platform... if you buy a windows 8 arm device you'll have to crack it to put linux on it.
I'm an engineer. I use a MacBook. It works great - the only desktop Unix to date done right. Great quality hardware, too.
By the way, does your bitterness cause you physical pain?
because this does nothing to improve windows security. the purpose is to be a barrier to entry (installation) for non-microsoft operating systems. it doesn't have to be 100% effective, it just has to make it more difficult for non-experts to try out linux (or freebsd or whatever) or to use special-purpose linux-based boot CDs like clonezilla or gparted.
Also, there's no guarantee at all that disabling will be "as simple as flipping a single setting in BIOS". on some machines, it might be. on others, it won't.
Congratulations, you are now a 'grown up'.
Sigh.
All we're saying is that it was considered a Pretty Good Thing when the mainframe era was brought down by the PC. Now, people like you are standing around cheering while the monster reassembles itself.
People older than you remember the way IBM dominated both the hardware and software sectors for many years. They held their customers hostage in every sense but the literal one. They used every technical and legal tool available to suppress third-party innovation. Eventually, people like Ross Perot, Jobs and Wozniak, and finally Bill Gates barged into the room and threw their proverbial hammers at the screen.
Fast forward to 2012. Steve Ballmer is pulling underhanded, abusive shit that would have earned him a fistbump from T. J. Watson. The rebels who once sponsored the '1984' commercial are now working feverishly to put the pieces of the telescreen back together... only this time, they're using Gorilla Glass.
Some of us are old enough to understand that this is not how things were supposed to go. If you're not so old or wise, that's fine... but by calling people who disagree with you "children," your post only shows your own lack of awareness and conscience.