Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

Posted by timothy on from the one-low-low-price-but-still dept.

ToriaUru writes "Fedora is going to pay Microsoft to let them distribute a PC operating system. Microsoft is about to move from effectively owning the PC hardware platform to literally owning it. Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux. Technically Fedora didn't have to go down this path. But, as this article explains, they are between a rock and a hard place: if they didn't pay Microsoft to let them onto the PC platform, they would have to explain to their potential users how to mess with firmware settings just to install the OS. How long before circumventing the secure boot mechanism is considered a DMCA violation and a felony?" Note that the author says this is likely, but that the entire plan is not yet "set in stone."

13 of 809 comments (clear)

  1. Microsoft Pledges to Sell More Macs for Apple by Jeremiah+Cornelius · · Score: 4, Interesting

    I was at 2 major industry tech conferences last month.

    In every keynote and all-hands session, Apple hardware was center and present. Nothing special was made of this - just every damn computer used to demo solutions or held by a GM, VP or C-Level was a MacBook. Desktops were non-existant. Every time an iPad could be used, it was. There were a couple of minor Android appearances - demonstrating multi-platform support, or what not.

    There were a few odds: The HP guys had their own gear, and the IBMers had Lenovos. Some brilliant man from SAP was sadly dragging a 'book of non-descript, perhaps Dell sourced, black plastic...

    Overwhelmingly, if you wanted to look like you knew why-the-fuck you ought to be on stage, in front of 8,000 people, you went Mac.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
    1. Re:Microsoft Pledges to Sell More Macs for Apple by Anonymous Coward · · Score: 5, Interesting

      Maybe in a perfect world, but in the enterprise, Apple is an obstacle and something to have to work around, rather than work with:

      1: Can Apple get me product announcement roadmaps so I can time IT budgets to when models are released? Nope, Apple doesn't do that. IBM, HP, Oracle, and even Dell do, as long as you sign their NDA.

      2: Can Apple get me flexible hardware and software GPOs? Windows's main thing is that I can manage all the thousands of users from relatively few boxes. There are very few tools for this on Mac, and they are department level, not enterprise grade.

      3: Can I get TPM chips on the laptops to ensure protection of data? Nope. FileVault 2 is decent, but can be gotten around with a modified bootsector that would set aside the drive's encryption key. TPM chips stop that cold.

      4: Can I get Macs without cameras due to policies? Sure, if I want Mac Minis.

      5: Can Apple give me a 24/7/365 service time with a 4 hour tech on site? In the past yes, but with the death of the XServe, the best I can do is call and wait a day for a tech to wander out.

      Sorry, Apple isn't enterprise grade. They know this too -- they are making their living by being a "toymaker" and selling to the consumer. I'd love it Apple could get some inroads into the enterprise, but right now, they are not interested in that market.

    2. Re:Microsoft Pledges to Sell More Macs for Apple by Jeremiah+Cornelius · · Score: 3, Interesting

      FOUR LETTERS:

      BYOD

      This is the CIO's only strategy to win. He's accountable for a desktop that needs to remain compatible with apps that he has no responsibility over. That's why XP is still there.

      BYOD moves IT out of the loop - and plays to new devices.

      I still remember: "Who will support these "PC computers" that departments are buying, behing the back of MIS?"

      And: "These LANs that you claim are so successful in a handful of special cases, will never scale to the needs of Corporate IT. "

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    3. Re:Microsoft Pledges to Sell More Macs for Apple by abigor · · Score: 4, Interesting

      I can say firsthand that Macs have made serious inroads at Cisco, not just for mgmt but for programmers as well.

  2. $99 by Greger47 · · Score: 4, Interesting

    What the sensationalist headline and summary forgot to mention is that RedHat is paying a whopping $99 to Microsoft.

    What is more worrisome and more headline worthy is that Microsoft has now become the de facto gatekeeper of your computer BIOS. Without their signature you operating system will not run.

    /greger

  3. Re:If microsoft controls the 'keys' by Penguinisto · · Score: 5, Interesting

    Maybe that's why Microsoft was so eager to drop in that 'no class action' thing into their EULA.

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  4. Re:Why not hardware manufacturers? by WrongSizeGlass · · Score: 3, Interesting

    I boot through EFI, which isn't this new fangled 'secure' UEFI ... and yes, it's secure enough. My comment was targeted at the marketing mindset that MS will be pushing to try to convince non-Windows users that without MS's blessing your OS is no longer 'secure'.

  5. Re:Why not hardware manufacturers? by Rich0 · · Score: 3, Interesting

    Non-secure is the same as what we have now, but it isn't all that great.

    I'd love to be able to tell my computer to only boot an OS that I assign, so that I know that it can't get corrupted by viruses/etc. I could boot from a signed rescue disk if something goes wrong.

    The problem is that the standard won't give the consumer choice over which OSes are trusted. The choices will be MS, or no secure boot at all.

  6. Re:Why not hardware manufacturers? by haruchai · · Score: 3, Interesting

    They probably have no real choice; if they locked out everyone else they would essentially be monopolizing the PC market and I don't think they want to go through that court circus again.

    --
    Pain is merely failure leaving the body
  7. Re:PCs turning into a closed platform... by Microlith · · Score: 3, Interesting

    Then you aren't the target market for the app store.

    And if you aren't the target market for the App Store, better hope Apple never pulls Gatekeeper out.

    The App store is for common joe six pack who frankly doesn't need to editing their apache config files in the first place.

    Deliberately crippling software so that its utility is limited in the name of "security," even if it hinders the end-user's ability to use it, is stupid as fuck.

    My guess is that in the future you'll need a Mac Developers account to access the core features of OSX if you want to do any customizations.

    I expect this too. And then we can mock anyone who suggests that OS X is an open platform.

  8. Re:Why not hardware manufacturers? by Microlith · · Score: 4, Interesting

    The UEFI spec (which Microsoft has a HUGE hand in writing these days) explicitly denies the ability to automatically install keys. They could have made it possible to do so, say by requiring it happen from read-only media, but they didn't.

    It's left vague enough that it's virtually guaranteed to be an enormous pain in the ass to enable secure boot for any platform not explicitly blessed by Microsoft.

  9. Re:Why not hardware manufacturers? by hairyfeet · · Score: 3, Interesting

    I'm sorry but its FUD. The simple fact is all X86 machines are required to allow bypassing secure boot which is as simple as flipping a single setting in BIOS, that's it, that's all. No harder than telling a PC to choose CD as first boot (which one is gonna have to do to install an OS anyway) so this is just FUD. Are they SERIOUSLY saying Fedora users wouldn't have enough common sense to flip a single switch in UEFI? Really? because i find that pretty much impossible to believe. This IS Fedora we are talking about here, an OS so bleeding edge its CDs have stigmata and not the kind of thing Joe Dumbass would be trying for shits and giggles. They even admit in the very first paragraph that ALL X86 are required to allow the simple bypass of secure boot!

    So I'm sorry but FUD is FUD and this is FUD. there is no way in hell someone that is intelligent enough to 1.-Know what Fedora is, 2.-Knows how to download and burn an ISO will be 3.-Too stupid to push Del at boot and choose "Turn off Secure Boot" which is only being turned on by default because rootkits are still a serious problem. Isn't it the Linux community that is always bitching about windows security? why aren't you cheering that they are doing something about it?

    Surely to God the geeks here are seriously fucking dumb enough to believe that a person who would know what Linux is and download and burn an ISO would be too fucking retarded to flip a setting in UEFI, surely not. Hell if they are THAT fucking stupid how would they be expected to even run Linux? Especially a bleeding edge alpha distro like Fedora where being able to do forum lookups and Google their way past problems and do bug reports is the order of the day? There is simply no way in hell to have a user smart enough to do that but too retarded to flip a switch, no fucking way. Its FUD, pure and simple FUD.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  10. Re:Why not hardware manufacturers? by Man+On+Pink+Corner · · Score: 5, Interesting

    So I'm sorry but FUD is FUD and this is FUD

    No, this is a classic slippery slope. In the UEFI version that supports Windows 9, only secure boot is supported. You can't turn it off, but you can still enter a key manually when installing an Untrusted Non-Microsoft OS (UNMOS). The key is 256 characters long, and looks like a ROT13-encoded Perl script.

    The version that supports Windows 10 also supports secure boot only, and still requires key entry. This time, though, UNMOSes are now called IOSes (Insecure Operating Systems.) They will run under a Microsoft-supplied hypervisor that includes mandatory hardware packet filtering.

    And wait'll you see the third-party OS support strategy for PCs approved for Windows 11, code-named "Overton." The plan for Overton is that third-party OSes called PDOSes, or Potentially Defective Operating Systems, can still be run, but not on your local hardware. They will run only on cloud-hosted secure platforms over VNC.

    All of this will happen because someone noticed that people will cheerfully bend over and accept restrictions in each generation that would not have been tolerated in the previous one. Evidence of this claim? Look at the history of Trusted Computing. Starting with the innocent-sounding idea of TPMs with unique CPU ID stamps, which were fought heroically by users until the next season of American Idol came on and everybody kinda forgot about it, the people behind the curtain have gotten everything they wanted over time. All they had to do was demand a little more "compromise" than they could get at any one stage of development.

    In short, everything old is new again. We are all IBM customers now.