Linux Foundation Offers Solution for UEFI Secure Boot

Ever since news broke last year that Microsoft would require Windows 8 machines to have UEFI secure boot enabled, there were concerns that it would be used to block the installation of other operating systems, such as Linux distributions. Now, reader dgharmon sends this quote from Ars Technica about a new defense against that outcome: "The Linux Foundation has announced plans to provide a general purpose solution suitable for use by Linux and other non-Microsoft operating systems. The group has produced a minimal bootloader that won't boot any operating system directly. Instead, it will transfer control to any other bootloader — signed or unsigned — so that can boot an operating system." The announcement adds, "The pre-bootloader will employ a 'present user'; test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems. This pre-bootloader can be used either to boot a CD/DVD installer or LiveCD distribution or even boot an installed operating system in secure mode for any distribution that chooses to use it."

So why even bother with secure boot

As per subject

Re:So why even bother with secure boot

[GameboyRMH]

Exactly. Malware authors can use this. So we've come full-circle and only gained a big heap of complexity. Which is the best we could hope for once this idiotic idea got going.

Re:So why even bother with secure boot

Well, yes, since this is about undoing the damage done by Secure Boot, you're right.
But the people doing this have no power over vendors' decisions to enforce Secure Boot on their systems.

Re:So why even bother with secure boot

[Z00L00K]

And it's my computer and if my computer has features that I can't access, disable or modify - like the encryption chip - then I have a problem with that.

If I need to change key depending on OS - then make it easy - like requesting a password for changing to another chain of keys.

Re:So why even bother with secure boot

[Joce640k]

Exactly. Malware authors can use this.

Not if everything in the startup chain has to be correctly signed ... something which a malware author can't do.

Re:So why even bother with secure boot

[GameboyRMH]

They didn't seem to have any problem setting up boot sector viruses without UEFI secure boot, so if they can get a signed bootloader, why should they now? And signing the startup chain will remove even MORE user freedoms, it's a chicken-and-egg problem that won't end until the OS is at least as locked down as iOS.

Re:So why even bother with secure boot

[Just+Brew+It!]

RTFA. I think you'd notice if your Windows PC suddenly started displaying a Linux Foundation splash screen and waiting for you to hit Enter before booting the OS.

Re:So why even bother with secure boot

[GameboyRMH]

And what will the average noob user do? Hit Enter to use their computer or use a Windows recovery disk* to fix the bootloader? And if they do hit Enter and the computer apparently works fine, what do you think they'll do then?

*Not sold with many PCs, must be burned from the hard disk

Re:So why even bother with secure boot

[godrik]

I don't want a secure boot. I just want to be able to boot whatever I feel like booting.

Re:So why even bother with secure boot

[BLKMGK]

Did you miss the part about a present user test? It means someone will be presented a message and asked to approve before boot proceeds. Sounds like a good way to go to me however it will certainly screw up a server reboot lol.

Re:So why even bother with secure boot

[smittyoneeach]

If you've got a closed system of bits, then enough time, hardware, and interest should yield a way to jailbreak it.
So the real value would seem to be found in upping the time, hardware, and interest requirements.
What could well happen is that, in making Windows really painful to integrate with other systems, Redmond kills their sales.
And wouldn't that just suck Puget Sound dry?

Re:So why even bother with secure boot

[BLKMGK]

Not exactly, it was signed with a weak key produced by one of their remote desktop solutions that allowed licensing of components. Microsoft has since revoked those keys and bumped up the minimum allowed key size to stop this in the future. This was NOT a case of someone stealing a Microsoft key left in the parking lot.....

Re:So why even bother with secure boot

[just_another_sean]

Become a Linux user?

Re:So why even bother with secure boot

There really wasn't any reason for it. Only the doomsayers thought secure boot would matter, the rest of us knew it would have a workaround before it was publicly released.

In a setting where many consumers are mildly paranoid about data theft (not enough to do something themselves, just enough to annoy salesmen at best Buy), secure boot is another bullet point in the advertising. For the many who do not care, it means nothing either way. For the rest of us, it means nothing because we know it has already been resolved.

Re:So why even bother with secure boot

[Megane]

Just make a USB-based watchdog device which periodically sends an enter key press, and is suppressed by a task running on the server. While this could be installed with physical access to the computer, it is unlikely that it could be done remotely. (Then again, if you are lucky enough that your target has the right USB device installed, and you can do a live upgrade of its firmware...)

Re:So why even bother with secure boot

[blueg3]

I don't want a secure boot. I just want to be able to boot whatever I feel like booting.

Then... turn off secure boot?

Re:So why even bother with secure boot

[ByOhTek]

I'm guessing the signing key would have to match or work with some checksum on the boot loader.

That means that changing the boot loader would cause the existing key to stop working.

Then again, malware authors/vendors have no problems with using stolen credit cards to get keys from legitimate vendors... So this whole thing is kindof nuts unless the cost for a bootloader key is absurdly high (on the 10s of thousands of dollars, at least).

Re:So why even bother with secure boot

[bmo]

Because secure boot has never been about securely booting.

--
BMO

Re:So why even bother with secure boot

[Sloppy]

Because the machine comes that way, yet you also want it to boot.

Re:So why even bother with secure boot

[godrik]

If it is possible, I'm fine with that. But it is good to know there are alternatives available.

Re:So why even bother with secure boot

[Hatta]

And I'd be really fucking pissed off if my Linux PC required a user present at the console to reboot. Seriously, how is this a fix?

Re:So why even bother with secure boot

I want a secure boot, not so corps can lock me out, but so I can lock out malware. The problem is the exact same tool can be used for both situations. You have to take the good with the bad. Like any tool, it can be abused.

I don't see what is making Windows more painful to integrate into other systems. Windows(non-ARM) does not require SecureBoot.

Re:So why even bother with secure boot

[marcello_dl]

Do you really think that the makers of an operating system which requires 3rd party AV to correct its own security shortcomings devised secure boot to protect users from malware?

For most corporations dealing with IT, your PC, smartphone, electronic device is "territory" to be owned as much exclusively as possible.

Secure boot has been a FUD operation on free OSes, nothing more.
I repeat it again, If you want to secure the bios put a jumper before the write pin of the eprom/flash memory/whatever. Those who can't open the case and locate it are surely not qualified for a bios upgrade.
I made one firmware upgrade in the last 15 years on my machines, and that upgrade was necessary only if I wanted 64bit linux.

Re:So why even bother with secure boot

A big heap of complexity that will require the consumer to pay a little more PC tax when buying a new machine. The money going to those that control UEFI.

Re:So why even bother with secure boot

[Miamicanes]

>and still find a way to keep the code signed?

With a certificate bearing the same CN as the original? Low, as long as the bootloader realizes that it's never seen anything signed by s0m3hack3r@foo.to, and presents the user with a dialog that says something like, "You have never booted an OS signed by s0m3hack3r@foo.to, and foo.to is not recognized as a known OSS Organization. Click here to boot into your computer's mini-distro and perform an automated legitimacy lookup (internet access required), or (... options that include 'continue if you trust them' and 'cancel'...)

For a side trip, boot into a mini Linux burned into flash that can grab an ip via dhcp or connect to wifi with ssid/key stored in flash or entered now & wget a lookup of the CN from the UEFI bootloader's organization. Known malware CNs would be blacklisted & identified as such, others could be further researched using Lynx before either continuing the boot (optionally remembering the CN for future boots) or aborting.

Re:So why even bother with secure boot

[TheGratefulNet]

"system error: secure keyboard not found. hit any key to continue."

(that was sort of a real error message back in the DOS days. all except the secure part.)

Re:So why even bother with secure boot

[jlv]

As someone up above said "So we've come full-circle and only gained a big heap of complexity".

Re:So why even bother with secure boot

[spike+hay]

The average computer user is not going to be monkeying around in the BIOS. This is about making life more difficult for non-MS OSes, and reverting the mistake that was the open x86 platform.

Re:So why even bother with secure boot

[recoiledsnake]

Here we go with the hyperbolics without even RTFA'ing. You can choose to install the key in the store when UEFI is in setup mode so that you don't see the prompt again.

http://www.linuxfoundation.org/news-media/blogs/browse/2012/10/linux-foundation-uefi-secure-boot-system-open-source

Or just fricking turn off secure boot.

Re:So why even bother with secure boot

[Just+Brew+It!]

It's still better than the alternative (completely invisible rootkit); and it will be immediately obvious to anyone who does have a clue that something has replaced the bootloader.

This workaround seems like a case of "making the best of a bad situation" to me. If Secure Boot is here to stay, something like this is absolutely necessary.

Re:So why even bother with secure boot

[bmo]

The other person already answered what it's about. I will answer this:

As you can easily turn it off if you will,

Not on ARM you can't.

--
BMO

Re:So why even bother with secure boot

Do you really think that the makers of an operating system which requires 3rd party AV to correct its own security shortcomings devised secure boot to protect users from malware?

Which OS do not require AV/antimalware type scanning software to protect userif targeted by malware? The single biggest malware epidemic in modern times in terms of percentage of user base infected (the way to measure user infection risk and infectability of a platform) was Mac OSX Flasback.

This hasn't happened on Linux, yet, but there is nothing magical about Linux vs OSX and Windows7/8 that prevents it. Versions of Flasback installed silently without user intervention on Unix-permission-based OSX. And Windows 8 btw. doesn't require 3rd party AV software as it is built in.

Re:So why even bother with secure boot

There is a point where the interest isn't there, and resistance does work.

Take the PS3 for example. Buy a new one, and there is no way to jailbreak it. Only for a period of a week were PS3s "cracked", and only if someone took the box off of PSN for good. Before that, it went almost four years without anything coming close. to boot, the guy who did the crack is wiped off the face of the planet by Sony.

I will not be surprised when desktop machines will be the same way, completely locked down to only the latest windows version, and cannot be downgraded. Any cracks would cause the machine to be locked off the internet (like how tampered with consoles are thrown off of XBL).

Re:So why even bother with secure boot

[DRJlaw]

And I'd be really fucking pissed off if my Linux PC required a user present at the console to reboot. Seriously, how is this a fix?

Because it is a fix for those who cannot or will not use the alternative of entering their own list of acceptable signing keys into the UEFI, which would not require a user present but draws a great hue and cry that it is "too complex" for the average Linux user to accomplish.

1. Enter your keys into the UEFI key list, walk away; or
2. Have a user present to acknowledge that they want to boot unsigned/signed-but-not-entered code; or
3. Don't use a UEFI PC; but not
4. Prevent the rest of the world from having access to a secure boot chain because you refuse to lift a finger yourself

Re:So why even bother with secure boot

[mystikkman]

If someone is able to partition their hard disk to carve out a Linux partition, one would expect them to be able to tweak a BIOS setting. Already for many PCs you need to change the boot order in the BIOS to boot a Linux CD.

>This is about making life more difficult for non-MS OSes, and reverting the mistake that was the open x86 platform.

Not really, there are some nasty bootkits that load even before Windows and any antivirus can, and then hook themselves to the filesystem to hide themselves.

Re:So why even bother with secure boot

[mlts]

If there is a way to have secure boot accept one's own keys, or just be turned OFF, it is fine with me.

However, with a machine that uses a TPM chip and some sort of filesystem encryption, secure boot is redundant, other than the fact that the kernel is pre-signed rather than signed/sealed by the individual chip.

TPM was done right, where it was shipped disabled. However, it won't take much for the next rev of Windows to force x86 machines to only allow MS keys and remove the ability to turn Secure Boot off, just like the ARM boxes do now.

Re:So why even bother with secure boot

[mystikkman]

Do you really think that the makers of an operating system which requires 3rd party AV to correct its own security shortcomings devised secure boot to protect users from malware?

You mean the Linux folks designed UEFI Secure boot?

http://www.rootkit.nl/projects/rootkit_hunter.html

I repeat it again, If you want to secure the bios put a jumper before the write pin of the eprom/flash memory/whatever. Those who can't open the case and locate it are surely not qualified for a bios upgrade.
I made one firmware upgrade in the last 15 years on my machines, and that upgrade was necessary only if I wanted 64bit linux.

Secure boot is not about the BIOS, it is about bootkits. You don't know what you're talking about and still get modded +4 interesting, typical Slashdot, really. See below for an example.

TDL4 is the most recent high tech and widely spread member of the TDSS family rootkit, targeting x64 operating systems too such as Windows Vista and Windows 7. One of the most striking features of TDL4 is that it is able to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled.

When the driver is loaded into kernel-mode address space it overwrites the MBR (Master Boot Record) of the disk by sending SRB (SCSI Request Block) packets directly to the miniport device object, then it initializes its hidden file system. The bootkit’s modules are written into the hidden file system from the dropper.

The TDL4 bootkit controls two areas of the hard drive one is the MBR and other is the hidden file system created at the time of malware deployment. When any application reads the MBR, the bootkit changes data and returns the contents of the clean MBR i.e. prior to the infection, and also it takes care of Infected MBR by protecting it from overwriting.

The hidden file system with the malicious components also gets protected by the bootkit. So if any application is making an attempt to read sectors of the hard disk where the hidden file system is stored, It will return zeroed buffer instead of the original data.

The bootkit contains code that performs additional checks to prevent the malware from the cleanup. At every start of the system TDL4 bootkit driver gets loaded and initialized properly by performing tasks as follows: Reads the contents of the boot sector, compares it with the infected image stored in hidden file system, if it finds any difference between these two images it rewrites the infected image to the boot sector. Sets the DriverObject field of the miniport device object to point to the bootkit’s driver object and also hooks the DriverStartIo field of the miniport’s driver object. If kernel debugging is enabled then this TDL4 does not install any of it’s components.

TDL4 Rootkit hooks the ATAPI driver i.e. standard windows miniport drivers like atapi.sys. It keeps Device Object at lowest in the device stack, which makes a lot harder to dump TDL4 files.

All these striking features have made TDL4 most notorious Windows rootkit and it is also very important to mention that the key to its success is the boot sector infection.

Another bit:

The original MBR and driver component are stored in encrypted form using the same encryption. Driver component hooks ATAPI's DriverStartIo routine where it monitors for write operations. In case of write operation targeted at the MBR sector, it is changed to read operation. This way it is trying to bypass repair operation by Security Products.

Re:So why even bother with secure boot

The average user is not going to be installing random operating systems either. I fail to see your point.

Re:So why even bother with secure boot

[Cajun+Hell]

Take it easy dude. Let's try to remember what this whole thing is for.

For all the bitching about secureboot, all currently known (yes, this can change) x86 machines which come with it, allow the user to turn it off. Remember the last 4 times you bought a new computer and, in fact, did diddle with stuff in the firmware, maybe to at least check the timings on your expensive Mushkin memory or whatever? Well, then, this whole article and the software it describes, isn't about you because you're going to turn off secure boot, making every aspect fo this boot loader irrelevant. You won't care about pressing enter, because you won't have to press enter.

This is for users who won't do that. This is for people who are dumber or lazier than your grandma's ditzy bridge partner, for which we do not expect them to follow any directions or do anything "extra" prior to using their computer. They're not installing headless servers. They're not "picky" except in the sense that they don't want to have to read or understand anything longer than one sentence. They can, and will, press enter.

The people who are opinionated enough to be "pretty fucking pissed" about pressing enter, will also tend to care enough to do what is needed in order to make pressing enter become unnecessary.

If there are any people left who become furious about pressing enter, but also feel entitled enough to refuse to turn off secureboot, but also feel entitled enough to refuse to install some other secureboot loader, those people can and should go fuck themselves. Or they can go buy a Mac. Or they can boot Windows, and (think about it) they will never notice that they're not running Linux. Just lie to them and tell them Windows 8 is Linux, and they will believe you, and the lie will never have any consequences because behind the blank smile they gave you when you lied, they already forgot what you said.

Re:So why even bother with secure boot

[rwise2112]

RTFA. I think you'd notice if your Windows PC suddenly started displaying a Linux Foundation splash screen and waiting for you to hit Enter before booting the OS.

Then why can't a malware writer (Sony, etc) develop a similar minimal bootloader which looks like a Windows splash screen or regular BIOS screen with a 'press enter to continue'? A lot of users will not even be phased by that. This shows that secure boot is completely useless if it can be gotten around that easily.

Re:So why even bother with secure boot

[sexconker]

The other person already answered what it's about. I will answer this:

As you can easily turn it off if you will,

Not on ARM you can't.

--
BMO

Secure Boot can be turned off for everything except ARM platforms.
Secure Boot must be enabled for ARM platforms.
You can use Secure Boot with whatever bootloader/OS you want as long as you sign it and the UEFI keystore has the key for your OS/bootloader.

If you want to put Linux on an ARM device that comes with Windows, you can either:

A) Wait for a hack specific to that device (see the current phone/tablet market, including Android devices with locked bootloaders, recovery images, etc.).
B) Buy from an OEM that provides a way for you to insert a key of your choosing into the UEFI keystore.

Secure boot is a good thing. It stops pre-boot malware. If you care about putting a different OS on a Windows device, make sure you buy a device that lets you put in your own key. If you can't find such a device, buy an iPad, Kindle, or Android device. You have choices.

Re:So why even bother with secure boot

[garyebickford]

So the real value would seem to be found in upping the time, hardware, and interest requirements.

That's pretty much the same as a description of bank vault locks (from the late 1800s?) - all any lock does is increase the cost, time and complexity to break into a safe. "The more things change, the more they remain the same." :)

Re:So why even bother with secure boot

[sumdumass]

There will likely be a silent switch or some automated booting switch built in for re-provisioning server systems that need to come back up without user intervention.

However, I'm not sure that this secure boot and signing will be able to completely rule out boot sector viruses. If it can get into memory, it can manipulate about anything after that. I imagine something like this might be adapted. But i'm not a coding guru so I could be wrong. I just don't trust microsoft enough to not open a gaping hole somewhere right after the boot loader.

http://www.gfi.com/blog/how-the-tdl4-rootkit-gets-around-driver-signing-policy-on-a-64-bit-machine/

Re:So why even bother with secure boot

Apparently it's Microsoft who will be signing this key as well, so, yeah, that's a bad track record already.

Going by TFA, you just need a key from Microsoft to sign your own bootloader. - That means you can use any of those keys, or a shim signed by any of those keys that by design or accident executes arbitrary code. It's the CA problem - hacking any dinky old manufacturer gets you access everywhere.

You typically can't call home on every boot either, so good luck revoking disclosed certificates.

But it's a moot point, because I doubt Microsoft is going to sign a key for the Linux Foundation at all. The entire purpose of their shim is to bypass the restrictions imposed by Microsoft.

Re:So why even bother with secure boot

[chihowa]

it was implied that one would remedy the malfunctioning or non-existent keyboard and then press the any key

This was in the AT and PS/2 days, when keyboards couldn't reliably be hotplugged.

Re:So why even bother with secure boot

[hairyfeet]

Uhhh....MSFT will banhammer this in a week? They DO have the right to blacklist keys ya know, and its obvious this "hack" by the LF will be used for ill, no ends or buts, so any and all Linux keys will end up banhammered and no court in the world will touch them when they trot out malware and a copy of a website where the LF brag about how their workaround "Will let you boot Linux or any other OS". So congrats LF, you just gave MSFT the excuse that will get most if not all Linux distros banned from new hardware, good job!

Re:So why even bother with secure boot

[GameboyRMH]

The Linux Foundation bought the key from Microsoft you know. It's not an unofficial workaround.

Re:So why even bother with secure boot

[marcello_dl]

LOL, trolling is a lost art. But let's play along.

Rootkit hunter is GPL exactly like GNU/Linux. I can install, no wait, include in any distro, where I find it useful. Not 3rd party in any way.
If that's your argument against the billion dollars market of commercial AV for windows.

> Secure boot is not about the BIOS, it is about bootkits. You don't know what you're talking about.

LOL it's called secure boot then it must secure the boot process. Who can safely check the boot sector for modifications by viruses? The BIOS. Then the viruses might try to reflash the BIOS. So protecting the BIOS (the firmware in general) is the key to secure boot. A signed bios is safe until encryption is cracked - see blu-ray or root CAs snafus. An unmodifiable bios is safe without bothering with encryptions schemes.

Re:So why even bother with secure boot

[jp10558]

I'm sorry, but this is impossible. What about headless servers? Or remote support where you need to reboot the PC? I can't see anyone who knows better buying these "secure boot" (Broken boot IMO) computers.

Re:So why even bother with secure boot

[mystikkman]

>An unmodifiable bios is safe without bothering with encryptions schemes.

An unmodifiable bios is still vulnerable to the bootkit I posted the details about. Secure boot is not.

Re:So why even bother with secure boot

[mea_culpa]

You are assuming that BIOS settings will be user accessible in the future.

Re:So why even bother with secure boot

[bmo]

>Secure boot is a good thing. It stops pre-boot malware.

So?

Why is it mandatory on ARM but not x86?

>buy an iPad, Kindle, or Android device. You have choices.

This is disingenuous, at best.

--
BMO

Re:So why even bother with secure boot

[Just+Brew+It!]

Please read up on how Secure Boot is supposed to work. The bootloader needs to be digitally signed by whoever is in charge of certifying that the Secure Boot bootloaders are "secure". They're not going to sign something that is obviously designed to trick the end user.

Re:So why even bother with secure boot

[Just+Brew+It!]

There is supposed to be a BIOS option to disable Secure Boot. This workaround is a last resort for broken BIOSes that fail to include the option (e.g. stripped down laptop BIOSes like those used by the big OEMs), and users who are too lazy to figure out how to change the BIOS option. Given that many servers run Linux, a server vendor who failed to include the BIOS option would be shooting themselves in the foot.

Re:So why even bother with secure boot

[sexconker]

>Secure boot is a good thing. It stops pre-boot malware.

So?

Why is it mandatory on ARM but not x86?

>buy an iPad, Kindle, or Android device. You have choices.

This is disingenuous, at best.

--
BMO

It's mandatory on ARM because Windows has a fresh start with ARM.
There are billions of x86 devices out there, some which run BIOS and some which run UEFI, and most of which are long since EoLd by the manufacturer.

It would be impossible to require Secure Boot on x86 because of all the current and legacy shit out there, and it would be confusing to consumers.
Right now, a consumer knows that they can do whatever they want with a PC, but not with their phone or tablet.

It's disingenious to say you have a choice between 4 major environments across dozens of OEMs for your toys?
Why? Which of the following isn't a choice available to you?

Android
Amazon's bastard version of Android
iOS
Windows 8 RT

And can you not buy from Sony, Samsung, HTC, Asus, MS, Apple, HP (lol), etc.?

Give me one fucking fact that is in your favor, please. (Hint: You can't. You're just a fucking troll bmo. Go ahead and log onto those alts.)

Re:So why even bother with secure boot

[BLKMGK]

Your thread of probability - it grows thin....

Re:So why even bother with secure boot

[GameboyRMH]

Fair enough but I don't consider secure boot to be a "nice thing." This whole situation is awful and unnecessary, MS has backed the makers of all non-commercial OSes into a corner to deal with a vanishingly rare threat, and if MS thought a secured bootloader could have any impact on piracy they're dumber than I thought.

Re:So why even bother with secure boot

[hairyfeet]

Have you NEVER worked on PCs evar? Or even watched the Black hat conference? Hell I just had to clean one last week where the BIOS was hacked and gave the malware writer control over the entire network, its not like Bootloader hacks and BIOS hacks are rare ya know. Hell type in "BIOS malware" or "UEFI malware" into any search engine you get over 5 million hits!

And then there is the issue of piracy because if you can hack the bootloader then any check will fail, as they can just use the bootloader hack to present the system as a legitimate OEM. Have you never tried the "Win 7 SP1 all versions 32bit" or 64 bit discs? hell they even change the wallpaper to reflect what board it is along with using an OEM sig to match! Passes WGA no problem, updates no problem, I could put a legit Win 7 and the bootloader hacked one side by side and I doubt seriously even a MSFT rep could tell the difference.

So while the fanboys can waste modpoints because I dare to point out the emperor has no clothes the fact is the LF just started waving their willie in the wind and the courts will gladly hand MSFT the ability to cut it off. Secureboot is the ONLY way found so far to have even a chance of stopping the pirates, its the ONLY way so far of doing anything about BIOS infection and boothacking, and the LF just sided with the pirates and fucked it all up. I wouldn't be surprised if MSFT revokes their key before launch just to keep all the pirates from having a field day and again I don't blame them, its their product and they have the right to get paid for it just as Linux fans have the right to give their work away for free.

And the fucking sad part is ALL IT WOULD TAKE to get Linux to work without being douchebags and siding with the pirates is tell Torvalds to stop being a dick about the kernel. I mean here it is nearly 2013 and he just shits out new kernel revs like its his personal playtoy without a care in the world, when if he would simply save up the changes and release one every other year they could be signed for the distros and all would be good. But no, being allowed to change shit whenever he feels like it is apparently Torvald's right, just as banning Linux keys is MSFT's right.

Which brings it all down to the free market as it should be. If enough Linux users buy machines from AMD with the Open Source Coreboot then others will see supporting you is porfitable and will do the same. Wanna guess the odds of that? I'm guessing about the same as me winning 3 powerball drawings in a row while singing during a lightning storm, in other words zipola. Instead they'll be like the asshole a few months ago that bought a Windows machine only to whine when newegg wouldn't take it back after they put Linux on it. Why should anyone care when you won't even buy from vendors like System76 that support you, instead opting for the Windows Tax break?

You reap what you sow, you pay what you owe, and their bootloader hack will have to go, end of story.

Re:So why even bother with secure boot

[drsmithy]

Do you really think that the makers of an operating system which requires 3rd party AV to correct its own security shortcomings devised secure boot to protect users from malware?

Which "security shortcomings" does AV fix ?

Re:So why even bother with secure boot

[GameboyRMH]

So in other words, everyone should bend over and take it now that MS has taken control of all desktop PCs for the purpose of laying another speedbump in front of pirates (who are just more likely to switch to something else?) And Linux should handicap itself to make it more convenient for Microsoft? The Linux kernel changes fast, sometimes there are vulnerabilities in it, Linux shouldn't have to slow itself to a glacial pace on par with commercial OSes to make MS' conquest easier. Microsoft should just ditch the requirement for secure boot by default, and man up and accept that they don't get root on the world's PCs to deal with pirates, just like everybody else.

Re:So why even bother with secure boot

[bmo]

So you "nip in the bud" antitrust problems on x86, but create them on ARM?

Just more of the same for Microsoft.

--
BMO

Re:So why even bother with secure boot

[BLKMGK]

You seem to be assuming that the root for both key paths will be the same, somehow I doubt a key used to sign apps for a remote desktop application of any flavor is going to be allowed to sign bootloaders. It also seems you do not understand exactly how the other key came about, someone didn't just steal a Private key laying around. It's not "a" key but "THE" key that's required.

You might also want to figure out that Microsoft is NOT the signing authority for the key being used here. The Microsoft key is being used only because it's a widely distributed key and Microsoft has apparently agreed to allow it's use for others but if they refuse it's possible to have the CA sign another root. Unfortunately that Public key would be far less likely to be as ubiquitous as the Microsoft key. As it stands right now I see no reason why Microsoft wouldn't allow the signing with this key, it has protections built in to prevent malicious usage.

There will be no myriad of CA signing with the Private key to be hacked, Microsoft will have their Public key distributed far and wide in hardware. They will retain the ability to sign their code and the Root will apparently be able to sign other approved code that will leverage the same Public key. This way Linux kernels COULD be signed and use this key embedded in hardware if desired. Some distro are apparently looking to go that way. However kernels change and are sometimes custom so this shim was created and will be signed by this group to sidestep the hassle. They are getting signed by a key given to them that descends from the Microsoft key. I would bet that a revocation process does exist but I doubt it's a very smooth one.

Note that Verisign not Microsoft gets the fees from this process, they are the CA handling this.

Re:So why even bother with secure boot

[lsatenstein]

And I'd be really fucking pissed off if my Linux PC required a user present at the console to reboot. Seriously, how is this a fix?

I thought the preloader would have a 1024 byte key which for the next foreseeable future would be good enough for it to run. But if the preloader software suggested by Linux Foundation is just about the 1k size, why not just have it as a boot loader extension. It will be protected in the TPM memory.

Re:So why even bother with secure boot

[amorsen]

AT keyboards could be hotplugged. I've never killed an AT keyboard controller. When you inserted an AT keyboard plug, the ground would connect before the data lines, and the pins were sturdy enough to not bend and short circuit. At worst you could send a bit of garbage data to the OS and crash it, but since the OS was often DOS or Windows it had probably crashed anyway.

PS/2 on the other hand was a truly lousy design which did not guarantee anything useful. I have killed the keyboard controller in several motherboards with PS/2 connectors.

Re:So why even bother with secure boot

[DarwinSurvivor]

First they came for the Arms,
and I didn't speak out because I wasn't an Arm user.

Also, *all* windows will require SecureBood, it just needs to be disable-able on non-Arm systems (for now).

Re:So why even bother with secure boot

[DarwinSurvivor]

And I'd be really fucking pissed off if my Linux PC didn't require a user present at the console to reboot. Seriously, how did they bypass my WDE?

FTFY

Re:So why even bother with secure boot

[DarwinSurvivor]

Is everyone going to tell me they lock the doors to whichever rooms their computers live when they have guests over?

Bull crap.

I think you need to find some new friends....

Re:So why even bother with secure boot

[Sloppy]

Uhr? I'm not suggesting MS isn't responsible. I'm saying that if computers which require SecureBoot are what is for sale, then that's a problem that a person who buys computers needs to deal with, and implementing SecureBoot deals with it. That's the point of implementing SecureBoot: you get to use your computer in spite of its firmware's silly requirement.

If it weren't required, then there would be no point to this. But it is required, so there is a point to it.

Virtualization

[sakkathotmagaa]

This just got me thinking - can windows 8 run in as a virtual machine, in say, VirtualBox or VMWare player? Will current 'virtual' bootloaders be able to boot it?

Re:Virtualization

[GameboyRMH]

Not yet:

https://www.virtualbox.org/ticket/7702

But there's no reason it can't.

Re:Virtualization

[adonoman]

Both VMWare and VirtualBox run Windows 8 fine. UEFI isn't required to run it, just to boot off of 3TB disks. and to boot faster.

Re:Virtualization

[afidel]

Windows 8 doesn't require SecureBoot, otherwise their enterprise adoption would be 0% instead of the likely 1-5%. Windows 8/Server 2012 works under ESXi 5.0 with patches and is supported under 5.1.

Re:Virtualization

[shentino]

Technically, you bet.

Legally, like hell.

Re:Virtualization

[lord_rob+the+only+on]

I've installed and run Windows 8 correctly in VBOX on my Debian SID. I mean Win 8 final (RTM, not the CTP this version doesn't work).
It was just a glance at the OS though because I was expecting a real crap, and I wasn't deceived ...

Re:Virtualization

[shutdown+-p+now]

Windows 8 for Intel architectures does not require or expect UEFI, much less Secure Boot.

(if it did, then no existing PC could be upgraded to it)

Honestly?

[giuseppemag]

I worry more about my inability to install Linux on an iPad...

Re:just let microsoft die

[GameboyRMH]

You target MS before Apple? That's like shooting at a vicious pomeranian nipping at your heels while a wolf is leaping for your throat.

Re:just let microsoft die

cause, no one else except for a small subset of geeks even care

Unsuitable for server use?

[Chrisq]

From TFA:

To address this, the Linux Foundation bootloader will present its own splash screen and require user input before it actually boots. In this way, it can't be silently installed and used to hand control to a rootkit without the user's knowledge

Doesn't this mean it is unsuitable for server use - or any "headless" operation such as MythTV?

Re:Unsuitable for server use?

I'm sure they'll end up making it optional, for the uses you mentioned. Plus hopefully you'll be able to just buy a server without the secure boot crap.

Re:Unsuitable for server use?

[drinkypoo]

I hope they mean before it boots for the first time... because otherwise, yes, this is crap.

Re:Unsuitable for server use?

[GameboyRMH]

On servers you'll just have to disable the secure boot feature, no problem for sysadmins, and anyone running a home server should have the skill to do the same, although this could give MS and advantage on HTPCs and home servers run by noobs.

Re:Unsuitable for server use?

[LordNightwalker]

From TFA:

To address this, the Linux Foundation bootloader will present its own splash screen and require user input before it actually boots. In this way, it can't be silently installed and used to hand control to a rootkit without the user's knowledge

Doesn't this mean it is unsuitable for server use - or any "headless" operation such as MythTV?

From TFA:

To facilitate repeat booting (and to make the pre-bootloader useful for booting hard disks as well as USB keys or DVDs) the pre-bootloader will also check to see if the platform is booting in Setup Mode and if it is, will ask the user for permission to install the signature of loader.efi into the authorized signatures database. If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode.

So they offer a solution for your problem, but user input is required for this as well.

Re:Unsuitable for server use?

[Chrisq]

From TFA:

To address this, the Linux Foundation bootloader will present its own splash screen and require user input before it actually boots. In this way, it can't be silently installed and used to hand control to a rootkit without the user's knowledge

Doesn't this mean it is unsuitable for server use - or any "headless" operation such as MythTV?

From TFA:

To facilitate repeat booting (and to make the pre-bootloader useful for booting hard disks as well as USB keys or DVDs) the pre-bootloader will also check to see if the platform is booting in Setup Mode and if it is, will ask the user for permission to install the signature of loader.efi into the authorized signatures database. If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode.

So they offer a solution for your problem, but user input is required for this as well.

OK, so what's to stop me installing a compromised version of Windows? If you can disable all warnings then isn't this bypassing any advantage of a secure boot?

Re:Unsuitable for server use?

[LordNightwalker]

OK, so what's to stop me installing a compromised version of Windows? If you can disable all warnings then isn't this bypassing any advantage of a secure boot?

Well, if you insist on installing a compromised version of Windows and allow it to boot, isn't that your problem? As long as others can't trick you into installing it by sending you some malware, I consider it a non-issue.

Re:Unsuitable for server use?

[BLKMGK]

Yeah it does, and no I don't expect an option to skip the check else they would never sign it and revoke the key as has already been done in the driver world. If you've got a server or Myth box I would expect you to uncheck the option that requires secure boot and not sweat any of this as it wouldn't help you anyway since its currently only a Microsoft option.

Re:Unsuitable for server use?

[ilsaloving]

Then either disable SecureBoot entirely, which makes you no worse off than you are now, or use a distribution that provides proper secureboot keys like Redhat. Companies, et al, who need to have secure operations should like this option very much.

Re:Unsuitable for server use?

[jader3rd]

this could give MS and advantage on HTPCs and home servers run by noobs.

Yes, because you can see the big push Windows is giving Media Center this time around; Microsoft is totally going after that market.

Re:Unsuitable for server use?

[Miamicanes]

You're preventing 'drive by' attacks, which are the ones likely to bite a *slashdot* user.

As long as Microsoft requires that secure boot keys be unconditionally furnished to end users, it's not a problem. The danger is if they allow vendors to charge extra for them or withhold them. A secure boot key *I* can use to sign my own bootloaders for my own PC is a good thing. It only becomes evil when Dell is allowed to sell $99 PCs w/ad-supported OS that can't be replaced by end users (because within 5 years, a non-locked PC would become an exotic niche item with a $1,800 price premium).

Re:Unsuitable for server use?

[fast+turtle]

Yea! MS is really going hard for the HTPC market with their WMC dvr software that isn't included unless you buy Win8 Pro. What's that? Another unwanted/unused feature has been added to Pro? Yep. That's the breaks folks. WMC is no longer included in Home where it should completely replace WMP. God Damn Monkey Boy, can't even throw chairs at the right develepers.

Yes I know just how bad both Media Player and Media Center are but I have found that Media Center works pretty good with just about any Hauppauge Tuner Card with decent drivers. It also handles BD playback, if you have a BD player/burner installed unlike WMP.

Re:Unsuitable for server use?

[ilsaloving]

Of course it won't. But that's how security works. This is just one more tool being made available for people.

Security is the practice of putting up enough road blocks that an attacker decides breaking in isn't worth the effort.

There's no such thing as a be all end all silver bullet solution and anyone who tells you otherwise is selling snake oil.

Slave of MS

[Faisal+Rehman]

LF became slave of MS and now working under its decisions: "the Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader". Bad decision.

Re:Slave of MS

[shentino]

What choice do they have?

MS already got out of the anti-trust nuke we lobbed at it and is still grabbing OEMs by the balls.

mjg59.dreamwidth.org

[bfree]

Linux Foundation approach to Secure Boot
James Bottomley just published a description of the Linux Foundation's Secure Boot plan, which is pretty much as I outlined in the second point here - it's a bootloader that will boot untrusted images as long as a physically present end-user hits a key on every boot, and if a user switches their machine to setup mode it'll enrol the hash of the bootloader in order to avoid prompting again. In other words, it's less useful than shim. Just use shim instead.

Further UEFI bootloader work
A couple of people have asked whether we're planning on implementing the Linux Foundation approach of simply asking the user whether they want to boot an unsigned file. We've considered it, but at the moment are leaning towards "no" - it's simply too easy to use to trick naive users into running untrusted code. Users are trained to click through pretty much any security prompt that they see, and if an attacker replaces a legitimate bootloader with one that asks them to press "y" to make their computer work, they'll press "y". If that bootloader then launches a trojaned Windows bootloader that launches a trojaned Windows kernel, that's kind of a problem. This could be somewhat mitigated by limiting this feature to removable media, and we're seriously considering that, but there are still some risks associated. We might just end up writing the code but disabling it at build time, and then anyone who wants to distribute with that policy can do so at their own risk.

Re:mjg59.dreamwidth.org

[pscottdv]

In other words, it's less useful than shim. Just use shim instead.

You forgot to add this:

For [shim] to be useful you'll need it to be signed by Microsoft, so you'll also need a WinQual account.

Re:mjg59.dreamwidth.org

[bfree]

I'm not sure where your second quote comes from? Yes, shim (or the LF thing) needs to be signed by Microsoft, but the idea here of both these options is that one person/group gets the first-stage bootloader signed (i.e. shim) and then others can use it as a blob which can then be told by a physically present user to trust other items which are not signed by Microsoft. The "here" link in my first post provides a good chunk of extra info.

The solution is simple

The solution is simple. Simply do not purchase ANY computer that requires secure boot, or does not allow you do disable it!

Personally, I think this is a "feature" that is going to come back and bite MS in the derriere.. At least I hope so! :-)

Re:The solution is simple

[BLKMGK]

Pretty sure Microsoft has said that they expect there to be a BIOS option to turn it off. I expect it will be harder to find one that doesn't allow it to be turned off than on that will. I certainly wouldnt buy anything that didn't allow it to be deactivated!

Re:The solution is simple

[PPH]

x86: FOR NOW, Microsoft requires that secure boot can be user-disabled.
arm: Microsoft requires that secure boot cannot be user-disabled.

Smells like Intel vs ARM instead of Windows vs Linux. I wonder how this will play out in the halls of anti-trust?

Re:The solution is simple

[couchslug]

The solution is simple.

USE YOUR INFLUENCE to deter the companies you work for from purchasing any computer which requires secure boot.

So

[Hatta]

When I turn on my PC, it will boot the pre-boot loader, which will then boot grub, which will then boot my initrd which will finally boot Linux. Can we put any more steps in there?

Re:So

[GameboyRMH]

Yes you'll have to press a key to approve the Linux bootloader, every time it boots. Not kidding, RTFA.

Re:So

[ledow]

Every time it CHANGES. RTFA properly.

Re:So

[bonniot]

Yes you'll have to press a key to approve the Linux bootloader, every time it boots. Not kidding, RTFA.

I don't think so. From TFA: "To facilitate repeat booting (and to make the pre-bootloader useful for booting hard disks as well as USB keys or DVDs) the pre-bootloader will also check to see if the platform is booting in Setup Mode and if it is, will ask the user for permission to install the signature of loader.efi into the authorized signatures database. If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode."

Re:So

[Tubal-Cain]

Well the first 'innovation' on this concept would be to have the pre-bootloader start loading init...

Re:So

[ledow]

All of which will happen in a fraction of a second if you don't have boot prompts enabled.

And all of which is nothing compared to the hoops that most system go through to get from switch-on to full operation on the CPU (real-> protected mode, etc.).

Re:So

[Bill+Barth]

Which is great unless you have 5000 nodes that you need to PXE.

Re:So

[fibonacci8]

I feel sorry for you having 5000 nodes of Windows 8 machines booting on your network.

Re:So

[Talderas]

Then you boot WINE.

Re:So

[Valtor]

Oops, just posting to remove a moderation made by mistake...

Re:So

[sootman]

It's bootloaders all the way down!

Re:So

[joaosantos]

We are pretending that uefi doesn't have cryptographic functions to help with this?

Re:So

[seeker_1us]

You could have to wear special boots?

Re:just let microsoft die

That's ridiculous.. they're both wolves, just one is in really sexy sheeps clothing.

Re:just let microsoft die

[somersault]

So far Apple only really care about and have control over their own products. Microsoft are trying to control everything else, which is something like 90% of general purpose PCs.

Re:just let microsoft die

[aaron552]

Maybe it's because UEFI and Secure Boot are not the same thing.

That is correct. AFAIK, Secure Boot is an optional feature of UEFI

Re:just let microsoft die

[GameboyRMH]

Apple is attacking the consumer's expectation of software freedom. You can't go any lower that that without a brain implant.

Re:just let microsoft die

[Nerdfest]

It's true. Someone said nobody except a small subset of nerds even cares. If all the developers who use MacBooks stopped buying them, it would be a big hit for Apple. Corporations would need to do it to get Microsoft's attention. Of course, Apple may not care at this point. You need a MacBook to develop for iOS, and that seems to be the only platform they really care about these days.

Re:just let microsoft die

[ByOhTek]

Your Scottish, aren't you?

(sorry, I have a friend who's a Scottsman who loves to make jokes about Scotts and sheep...)

Open Source Community

[helix2301]

This classic took Microsoft years to develop this technology and it takes the open source community less then a year I love the power of the open source community.

Re:Open Source Community

[ledow]

By buying a key from Microsoft.

Yeah. Nice way to work around this horrendous locking-down technology and promoting openness of hardware and all software (from BIOS up). "Let's buy a key to their proprietary lock-in systems that they can revoke at any time."

Re:Open Source Community

[somersault]

You should keep reading the article until it no longer means what you currently think it means.

Re:just let microsoft die

[ByOhTek]

I think it's worse than that.

Apple is building /their/ product and trying to get everyone to adapt their needs to it. At least MS is trying to make it's product general purpose (if ineptly in some cases), and allow people to have options at every level except the OS. Apple tries to restrict options at ALL levels.

No, linux can't be signed

Because you can compile with slightly different options and now the signature is different and won't boot. You can't sign the changes because the private keys allowed to sign are not given to you and the BIOS needs updating to accept any new ones, so expect to have to prove your existence and pay a LOT of money to get your keys added in to all the UEFI machines.

Re:No, linux can't be signed

I understand all that, but it the user can use any key in the BIOS though a process which _requires_ an actual person with physical access, I still don't see why it can't be done... similarly to how you can add trusted keys for SSL to your browser - something with only advanced users would ever do.

Allow the user to generate keys and sign his/her own binaries with whatever private key. Make it so rootkits still can't do this because it requires a real person.

I don't see how this would be any less secure, as only people who know what UEFI is would ever do this. This way there could actually be some point of UEFI with less technical drawback (not counting usability drawbacks, but certain things could be automated).

Re:No, linux can't be signed

[BLKMGK]

Fully agree! Linux binaries can already be signed, some distro are doing it, so why not allow users to add a key and sign their own? Why not sign a great deal of the boot process while we're at it ala Microsoft? We now have the hardware support it seems...

Boot sector viruses? Zero fucks given

[GameboyRMH]

Boot sector viruses are the rarest form of virus, require root permissions to infect, and aren't especially hard to remove. And we've handed over a big chunk of freedom and made things worse for everyone to fight this minor annoyance (yeah right). This is worse than the computer equivalent of the PATRIOT act.

Re:Boot sector viruses? Zero fucks given

[BLKMGK]

When booting a Microsoft OS it's not just the boot loader that's signed. You might want to spend a little time researching the secure boot process...

Re:Boot sector viruses? Zero fucks given

Its not that we've handed over the freedom, rather, the freedom was taken from us. The extra complexity came from the rat bastard asshole known as microsoft.

Re:Boot sector viruses? Zero fucks given

[rontosteak]

I was thinking more along the lines of TSA, but you have a point.

No true Scottsman

[Dareth]

No true Scottsman jokes about sheep.

Re:No true Scottsman

[ByOhTek]

OK. I could have been mistaken in thinking they were jokes. They could well have been life (or even previous weekend stories).

Re:No true Scottsman

[JustOK]

Yah, they're always very serious when talking about sheep.

For newbies

[Chemisor]

Your solution of any value mostly to newbies who are incapable of going to the BIOS and typing in a new signing key (yes, all BIOS manufacturers worth buying, like ASUS, offer this option). I, for one, will not purchase any computer without secure boot. I like having a trusted hardware root. I like the fact that no malware can get in the boot process without my consent.

Re:For newbies

[BLKMGK]

Actually, if Linux could offer the users the ability to sign their own kernels and other boot pieces, then put the key into the BIOS it would provide greater security for Linux as well! Obviously the user would have to manage their signing key properly and kernel updates would be a hassle but the added security provided could be just as useful. Why not take advantage of this??

Re:For newbies

[Hatta]

Yeah, that works great until Microsoft deprecates the option for Windows 9 or 10. They've already done so on Windows 8 ARM tablets, why wouldn't they do it on x86 PCs?

Re:For newbies

[blind+biker]

Your solution of any value mostly to newbies who are incapable of going to the BIOS and typing in a new signing key (yes, some chipset manufacturers, like ASUS, offer this option for now).

FTFY

Re:For newbies

[thegarbz]

Malware getting in the boot process... So we're creating a system of immense complexity, incompatibilities, which creates an all out shitstorm in the IT world, all to target that 0.001% of malware that actually infects the boot process? What popular malware has done this?

Is it even a credible threat?

Don't forget to visit the TSA website and drop in a few dollars in the donation form while you're at it.

Re:For newbies

[StormReaver]

I like having a trusted hardware root.

The problem is that Restricted Boot (euphemistically known as "Secure Boot") is not there to work in your best interest. It is there to work in Microsoft's best interest. It is just another tool in Microsoft's arsenal to make sure you can't use your computer in any manner not approved by Microsoft.

Restricted Boot is not there to protect you. It is there to protect Microsoft from you leaving Microsoft. Any statement to the contrary is smoke and mirrors to confuse you.

Re:For newbies

[Chemisor]

If motherboard manufacturers (not Microsoft) decide to not provide the option any more, we'll stop buying their boards. At this time this is a purely hypothetical and unlikely event, for that very reason. If and when it happens, we can complain and vote with our wallets; until then you're just spreading unjustified FUD.

Re:For newbies

[Hatta]

we'll stop buying their boards

And just how much market clout do you think Linux desktop users have?

If and when it happens, we can complain and vote with our wallets

Yes, by buying specialty hardware that's likely to cost several times what mass market hardware does. The days of buying COTS hardware and just throwing Linux on it will be over.

until then you're just spreading unjustified FUD.

FUD, yes. Unjustified, no. There's plenty of reason to fear what Microsoft will do with secure boot. A lot of uncertainty as to how open source will continue to thrive. And there's a lot of doubt as to whether there's any satisfactory solution.

Re:For newbies

[jader3rd]

What popular malware has done this?

The Sony rootkit.

Re:For newbies

[phantomfive]

Why? When was the last time you had a problem with a boot sector virus? Is there anything this solves that couldn't be solved using a live-recovery CD? It's not like Microsoft is going to scan every piece of the OS when it boots to make sure it hasn't changed.

Re:For newbies

[Chemisor]

And just how much market clout do you think Linux desktop users have?

You must mean Google, who uses Linux throughout the company. I'd say Google has quite a bit of clout.

Yes, by buying specialty hardware that's likely to cost several times what mass market hardware does. The days of buying COTS hardware and just throwing Linux on it will be over.

I don't think Google will like that either. And you really don't want to make Google angry.

There's plenty of reason to fear what Microsoft will do with secure boot.

Except Microsoft does not make motherboards. And desktops are not the largest market for motherboards - servers are. This is becoming more and more true as people insist on moving to the cloud. Servers absolutely must be dirt cheap for providers to be profitable, and the vast majority of servers do not run Windows. These days Microsoft is not nearly as powerful as you think. Perhaps you should stop living in the 90s and learn some more about the real world today.

Re:For newbies

[Hatta]

You must mean Google, who uses Linux throughout the company. I'd say Google has quite a bit of clout.

Sure, if you can buy a thousand workstations at a time on contract secure boot won't be a problem for you. What about the rest of us?

And desktops are not the largest market for motherboards - servers are.

So I'm going to need to buy a server motherboard to run my Linux based HTPC in the future? How is that not a problem?

Re:For newbies

[celle]

"If and when it happens, we can complain and vote with our wallets"

    And that has worked so well in the past. Face it, you guys are a not even a blip on their sales radar. The problem is Microsoft could just tell the OEMs to drop the no-secureboot option and we'd be SOL. For in the kickback paying and board sales dept. Microsoft out votes any of you. What happens if every OEM incorporates secureboot? It's amazing you guys still don't get the message, MS is seeing large cracks in the software space and is now trying to lock up the hardware. The shock is people still trust a convicted monopolist who corrupted a world standards body just recently to stay relevant. This is just more embrace, extend, extinguish crap.

Re:just let microsoft die

[LordNightwalker]

Personally I don't care much for the marketshare penis waving. Linux does me just fine

Good thing I wasn't drinking anything when I read this... ;)

ARM

[Meneth]

Does this fix the Windows 8 ARM tablet problem?

Re:ARM

[BLKMGK]

I doubt it, chances are they are using a different signing key for that platform - a good
Idea though!

Re:just let microsoft die

[ByOhTek]

I suspect the vast majority of people who would be interested in your suggestion probably already pirate windows, if they use it at all. The negligible loss of sales you are promoting wouldn't even be an annoyance to MS.

Unfortunately, with the desktop losing a lot of ground, and that being the only really customizable platform (face it, DIY notebooks don't have nearly the variety of options, especially in the most important component - the motherboard), we won't see the option we would have seen a few years ago. Namely bios that will allow you to turn Secure Boot on or off. The vendors that cater to DIYers tend to be a lot more interested in the segment of the market you are discussing.

Re:just let microsoft die

[shentino]

And also points out that the vicious pomeranian is taking advantage of the situation by adding insult to injury picking on your heels when you've already got your hands ful dealing with the wolf.

Don't cut the pomeranian any slack just because the wolf happens to be bigger.

Pardon the pun, but dogpiling on someone already under attack is a pretty cheap tactic.

Re:just let microsoft die

[somersault]

Okay, it's a bit weird that I'm defending Apple here, but before the iPhone most people didn't even install apps on their phones. I did personally, but Apple actually increased people's expectations of their phones. Yes they keep a tight reign on their market, but for those people who actually care, there is Android. I have 3 Android powered devices that I use regularly, and I much prefer them to the Apple alternatives.

Most people don't care about software freedom, and never have. There is no "expectation" from anyone apart from us geeks.

Also I just RTFA and I saw this:

"Although Microsoft's stipulations require also that x86/x64 systems provide an option to disable Secure Boot"

This is completely different to what I'd expected after the anger and fear that I've seen here over the Secure Boot thing. It sounds like just another BIOS option. Anyone who wants to try out Linux probably also is aware how to edit BIOS settings. Or they can use a VM if they want to take the easiest route, that will presumably completely bypass Secure Boot too.

Yo dawg, I heard you like bootloades,

so we put bootloaders in your bootloaders.

That's why I dumped Linux for Xzibix

Yo dawg!

I heard you like boot loaders. So we put a boot loader in your boot loader so you can boot up while you boot up!

There is a general truth to consider...

[3seas]

If we make it, we can break it. Making secure boot just more locks to keep honest people out and more headaches for honest people to deal with.

Perhaps the real question here is why do people continue with Windows, when there are other options that have better general security?

Re:There is a general truth to consider...

[jones_supa]

Perhaps the real question here is why do people continue with Windows, when there are other options that have better general security?

Because in its current state Windows is secure enough. And after that, the other features matter more (all software and hardware works, it came preinstalled, etc).

Re:There is a general truth to consider...

[theRunicBard]

Familiarity and that it comes pre-installed as a lot of people have already said. Also: video games. I'm really hoping (but skeptical) that Steam For Linux is successful.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Srsly, what is wrong with you people?

[erikvcl]

Why are you fighting secure boot? Secure boot is a GOOD thing. Making sure your BIOS/UEFI and boot loader haven't been tampered with is a GOOD thing. Let's figure a good way to make Linux work with it. I'm glad that Microsoft is taking this attack vector seriously.

Re:Srsly, what is wrong with you people?

[Hatta]

Secure boot is a good thing when the owner of the PC has ultimate control over which signatures are valid. But Microsoft has tipped its hand with Windows 8 ARM tablets, and I see no reason not to expect them to lock down secure boot on x86 PCs in the future.

If this was a vendor neutral initiative, I can see how it would be useful. But this is being done by Microsoft, for Microsoft. This will not end well for open source.

Re:Srsly, what is wrong with you people?

[petermgreen]

Secure boot is only meaningful if the kernel refuses to load untrusted drivers and the signing keys needed to mark code as trusted are kept off the machine you are trying to protect.

A secure boot setup where the owner is in control is potentially useful for high security setups but also a massive PITA (to get any significant benefit you really need a dedicated machine to act as a signing box). A secure boot setup where someone else is in control of the keys means effectively giving up control of your computer.

Re:just let microsoft die

[somersault]

I'm Scottish, and it's written Scotsman/Scots by the way.

Anyway, back to the topic at hand; I have to say that I don't know what you're talking about. I'd say that at least 80% of sheep aren't that sexually attractive.

Wake on LAN: Press any key to continue ...

[zapyon]

Yeah, great. How are non-MS operating systems going to use this mechanism for remotely initiated booting, as in WOL? Does that mean non-MS shops will have night shift "specialists" on-site to press the Any Key whenever required?

Seems to me that MS has finally given Linux the boot :-(

Re:Wake on LAN: Press any key to continue ...

[kelemvor4]

or.. you could just not turn on secure boot on machines where you don't want it.

Re:Wake on LAN: Press any key to continue ...

[zapyon]

Considering how things usually go, this will only be an option for a limited time. And will not apply to ARM machines as for these MS requires UEFI to be obligatory.

Re:Wake on LAN: Press any key to continue ...

[couchslug]

"Yeah, great. How are non-MS operating systems going to use this mechanism for remotely initiated booting, as in WOL? Does that mean non-MS shops will have night shift "specialists" on-site to press the Any Key whenever required? "

Point this out to CORPORATE customers! They have the pull to get motherboard makers attention.

Obtaining a Microsoft signature will take a while

[swm]

the Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system).

The purpose of Secure Boot is to prevent people from booting non-Microsoft operating systems.
Why on earth would Microsoft sign such a bootloader?

The process of obtaining a Microsoft signature will take a while, [...]

Anyone want to open an over/under line on when this happens?
I'll put $100 on the first patch Tuesday following the heat death of the universe.

Re:just let microsoft die

[nschubach]

Oh, so you're saying the other 20% are asking for it by dressing that way?

Re:just let microsoft die

[nschubach]

Also I just RTFA and I saw this:

"Although Microsoft's stipulations require also that x86/x64 systems provide an option to disable Secure Boot"

The only problem I have is the layman will not want to "make their computer insecure by disabling secure boot" which only serves to stigmatize alternative OSes as the insecure option while Windows is viewed as "more secure."

Why is the linux community struggling with this

[kelemvor4]

To address this, the Linux Foundation bootloader will present its own splash screen and require user input before it actually boots.

That seems like a LOT more of a pain in the butt than simply turning off the secure boot option. In fact, it would be a deal breaker for any of my Linux machines that must be able to reboot unattended every time. It's a "solution" to a trumped up problem. There are plenty of legit reasons to hate Microsoft, but this isn't one of them.


The bottom line: UEFI secure boot is not going to be enabled on any machine shipping with Linux unless that distro has the keys themselves. That is most likely the only group of Linux users not savvy enough to change a single setting in the firmware. If someone builds their own p.c. it won't have secure boot enabled. If someone decides to replace the MS os they paid for with Linux, it's not even slightly unreasonable to think they would be capable of changing the necessary firmware setting.

Every linux distribution I've EVER tried including the "easy" ubuntu is more complicated to install than changing this setting would be. Silliness...plain and simple.

Re:Why is the linux community struggling with this

[cpghost]

That seems like a LOT more of a pain in the butt than simply turning off the secure boot option.

How long will motherboard BIOSes ship with the option to turn off UEFI secure boot? Maybe not tomorrow, but what about 1, 2 or 3 years down the road? That's the real issue here! The problem is that the PC commodity market is about to be turned into a walled garden controlled by, guess who? Microsoft in this case. That's pretty scary stuff actually, and I wouldn't wonder if the regulating authorities (at least in the EU) will sooner or later consider this as anti-competitive behavior.

Re:Why is the linux community struggling with this

[Tapewolf]

That seems like a LOT more of a pain in the butt than simply turning off the secure boot option. In fact, it would be a deal breaker for any of my Linux machines that must be able to reboot unattended every time. It's a "solution" to a trumped up problem. There are plenty of legit reasons to hate Microsoft, but this isn't one of them.

The worry is that the whole 'disable secure boot' thing might go away, and where will we be then?

As for the unattended reboots:
To facilitate repeat booting (and to make the pre-bootloader useful for booting hard disks as well as USB keys or DVDs) the pre-bootloader will also check to see if the platform is booting in Setup Mode and if it is, will ask the user for permission to install the signature of loader.efi into the authorized signatures database. If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode.

Re:Why is the linux community struggling with this

[kelemvor4]

That seems like a LOT more of a pain in the butt than simply turning off the secure boot option.

How long will motherboard BIOSes ship with the option to turn off UEFI secure boot? Maybe not tomorrow, but what about 1, 2 or 3 years down the road? That's the real issue here! The problem is that the PC commodity market is about to be turned into a walled garden controlled by, guess who? Microsoft in this case. That's pretty scary stuff actually, and I wouldn't wonder if the regulating authorities (at least in the EU) will sooner or later consider this as anti-competitive behavior.

That seems unlikely to me because 1. The work to implement the feature has already been done. 2. Time (and money) would have to be spent to remove it. 3. The companies that ship motherboards would limit their customer base unnecessarily without gaining any benefit.

Basically, they'd have to spend money in order to make less money.

The only scenario I could conceive of where this might happen is an anti-competitive move by MS to pay for or somehow force manufacturers to make the change. This wouldn't be without precedent, but I think something like this would be easily leaked and would lead to some kind of regulatory action as you suggested.

On the other hand, your theory reminds me a lot of the fate of "OtherOS" Linux booting on the Sony PlayStation 3 computer. Perhaps your concern has more merit than I originally thought.

Re:Why is the linux community struggling with this

[kelemvor4]

The worry is that the whole 'disable secure boot' thing might go away, and where will we be then?

As for the unattended reboots: To facilitate repeat booting (and to make the pre-bootloader useful for booting hard disks as well as USB keys or DVDs) the pre-bootloader will also check to see if the platform is booting in Setup Mode and if it is, will ask the user for permission to install the signature of loader.efi into the authorized signatures database. If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode.

Ah well that's not so bad, then. The linked article which I quoted doesn't go into that much detail and makes it sound worse than it apparently is.

Re:Why is the linux community struggling with this

[silas_moeckel]

Don't worry MS will either pay for the work, or windows 9 compat logo will require it to prevent piracy and all that. Either way they are hell bent on having everything locked down to insure there revenue stream.

Re:Why is the linux community struggling with this

[Tapewolf]

Ah well that's not so bad, then. The linked article which I quoted doesn't go into that much detail and makes it sound worse than it apparently is.

There are two articles in the summary, the second one - the announcement - has more detail.

Re:just let microsoft die

[Pascal+Sartoretti]

Apple is building /their/ product and trying to get everyone to adapt their needs to it. At least MS is trying to make it's product general purpose (if ineptly in some cases), and allow people to have options at every level except the OS. Apple tries to restrict options at ALL levels.

One huge difference between Apple and Microsoft is that nearly nobody is forced to buy or use Apple products : people use it by choice, and are free to use alternatives. Maybe a few persons use a Mac at work because their company enforce it, plus of course the iOS developers.

In contrast, millions (billions?) of persons use Windows and Office because they have to (company policy) or because they need to produce Office documents.

Re:just let microsoft die

[Baloroth]

"Although Microsoft's stipulations require also that x86/x64 systems provide an option to disable Secure Boot"

MS has to allow people to install other OSes in the x86 market. If you thought anti-trust over IE was bad, you'd love to see what happens if MS tried to lock down all computer systems with Windows installed.

They can get away with it in the ARM market because MS is ~1% or less of the market in that space, so they have absolutely zero monopoly power there.

Re:just let microsoft die

[Hatta]

Apple's policies only affect Apple hardware. Microsoft is pushing this on everyone.

Re:just let microsoft die

[ByOhTek]

I'm not forced to buy or use MS products any more than Apple products.

Actually, given all the peripherals made for Apple mobile products (with their different-from-everyone-else connectors), and not for their competitors, I feel more pressure towards buying Apple than towards buying MS.

Re:just let microsoft die

[jader3rd]

One huge difference between Apple and Microsoft is that nearly nobody is forced to buy or use Apple products

Okay, so what happens when millions (billions?) of persons use OS X and iTunes because they have to (company policy) or because they need to product iWhatever documents? Would you rather live in the Apple "Cupertino controls your entire experience" world or the "Build on top of our platforms to do what you want, just don't muck directly with the licensed software" world of Microsoft?

Why must this be so complicated?

[ZorinLynx]

Wouldn't a simpler solution just be to allow the end-user to sign his bootloader?

Once the boot loader is signed, it's trusted until the next time the system is reinstalled.

The idea is, if something replaces the bootloader, it needs to be re-signed by the user. The process of signing could be convoluted and long enough to keep a user from just blindly clicking "sign" (require special boot media, or a jumper to be set on the motherboard).

This will provide all the security benefits of UEFI secure boot, while retaining the user's control of the system.

Sorry FSF, but fuck you.

I won't use anyone's binary blob, even if it is signed by Microsoft and distributed by the FSF. You Asshats are supposed to stand up for Free Software, bending over to MS and enabling the hardware manufacturers to shrug off pressure from end user complaints by giving them this release valve is BAD. Fuck you all, Each and every one.

Just great. So...

[UltraZelda64]

...now we have to deal with a dummy/shell of a bootloader, which boots the real bootloader, before the OS will even be told to start booting? Come the fuck on--something needs to be done about this, because this is just bullshit. We shouldn't be forced into such unnecessary extra complexity to use our computers that we bought, just because some shitty crooked company decided they want to make everything that runs *their* (read: almost everything) insecure OS a locked-down fortress with the "claim" (hint: yeah, right) that it is being used specifically to stop the spread of malware. There has to be a better solution. Until then, it looks like I will have to stick with x86 machines unfortunately, as much as I would like an ARM-based laptop, until something good is released without Windows... er, I mean, without these restrictions. The Windows tax was bad enough; now we're paying in the form of our freedom to use our computers in the way we want. Thanks, Microsoft. Cocksuckers.

Re:Just great. So...

[UltraZelda64]

Oh, I forgot to add: We're still "indirectly" paying Microsoft for this. Someone had to pay Microsoft the fee for all of us non-Windows users to be able to get the key to write code to "unlock" a machine, on *our* behalf, whether we like or would approve of it or not. So really, we're paying two Microsoft taxes now: for a license that grants us privilege to run Windows on an obnoxiously locked-down system, whether we wanted it or not, and again for the "keys" to unlock the computer to actually be useful and allow us to run what we want, as it should at least by default give the option of in the first place.

So if we choose to run Linux and if in any way it was "unlocked" by the developers by paying Microsoft, we're indirectly supporting Microsoft. As if we haven't already unwillingly been forced to support them just by the fact that we bought a computer with Windows in the first place, which is being specified to require the hardware to work against our wishes. Meanwhile, we lose, as we're forced to support this company not once but twice, and what do we get? A pathetic hack that only adds unnecessary complexity and other problems. The *real* solution? Allow us to disable this "Trusted Computing" bullshit in the EFI firmware. Simple as that.

This is such a fucked up situation, it's disturbing. Hopefully as ARM gains steam, companies like System76 start releasing ARM-based Linux machines so we can completely bypass this shit. Avoid both Microsoft taxes, as well as Microsoft shitting all over our freedom exclusively for their gain. This reeks "abuse of powers" easily as much as or more than anything they did back during the time of their anti-trust lawsuit back in the 1990s.

Re:just let microsoft die

[Pascal+Sartoretti]

Okay, so what happens when millions (billions?) of persons use OS X and iTunes because they have to (company policy) or because they need to product iWhatever documents?

The same problems as we have today with Microsoft, yes. But we are still a very looooooong way from that.

Re:just let microsoft die

[Pascal+Sartoretti]

I'm not forced to buy or use MS products any more than Apple products.

Lucky for you. But many people have a job and no choice.

Re:just let microsoft die

[whoever57]

The only problem I have is the layman will not want to "make their computer insecure by disabling secure boot" which only serves to stigmatize alternative OSes as the insecure option while Windows is viewed as "more secure."

More worryingly, what about when the "security companies" start promulagting the idea that "best practice" is to have secure boot enabled? Many of the security companies make money from the insecurity of Windows, so it is in their interest to make it more difficult to run Linux.

Re:just let microsoft die

[PPH]

Apple builds its own hardware. If they want to secure boot it or lock you into their walled garden, that's their prerogative.

Microsoft doesn't. They are not telling you what you can or can't run. They are telling hardware vendors. Specifically ARM based systems. And they are doing so in a manner that will decrease the value of ARM based hardware.

You might think that Microsoft has created a Windows vs Linux (Android, whatever) distinction on ARM. But who is to say that Windows 9 will get a different boot key than Windows 8? And then again for Windows 10, etc. Microsoft can now jerk the ARM platform manufacturers around any way they want. Maybe even issue a service pack that needs a new boot key and brick all older hardware platforms overnight. The owners of these platforms won't be able to say, "Screw it. I'll just install Ubuntu." The resale value of that hardware will be zero.

ARM just got pwned.

I really don't understand this issue

[DrXym]

Why is it so hard to put every device key in escrow and provide an automated and simple process that allows a user to individually unlock their own device? This escrow could also provide a signing service for any dists on neutral and fair terms that allowed them to replace the bootloader. A locked bootloader is desirable in some regards but it should not be under the control of a single OS vendor.

Frankly, my dear, I don't give a damn.

[westlake]

Apple is attacking the consumer's expectation of software freedom.

The mass market consumer product can have tens of millions, hundreds of millions of users --- and in the case of the Windows PC, a billion or more users --- who quite clearly don't give a s***t about "software freedom" as the geek understands it.

Re:just let microsoft die

[jader3rd]

Apple's policies only affect Apple hardware. Microsoft is pushing this on everyone.

Wouldn't everyone also include Apple? How is Microsoft pushing this on Apple hardware?

No, this is really serious

I repeat it again, If you want to secure the bios put a jumper before the write pin of the eprom/flash memory/whatever. Those who can't open the case and locate it are surely not qualified for a bios upgrade.

It simply does not work that way. Especailly on ARM phones and tablets. Most vendors support secure ROM which is hard wired in the chip and requires a signed bootloader to proceed. Usually the vendor just offers a fake bootloader (or a fuse bit) that can then run uboot or whatever so you can get ChromeOS or Android up on the device.

For UEFI, the UEFI firmware itself is signed, and the AP(application processor, another word for CPU) will refuse to boot. There ain't shit you can do about it without replacing the AP.

It's not FUD. if a phone or tablet maker wants to have ARM Windows, they will be required by a licensing agreement to enable all of these security features from the processor vendor. And it will be nearly impossible for a non-technical person to run a free OS on them in a general way. Each device will have to be hacked and exploited in a unique way.

And I really doubt enough models will be compromised early enough to make running Linux on a cheap Windows ARM netbook a practical thing. Unless this ChromeOS thing catches on, you simply won't have a way to do a Linux ARM netbook in the next few years. (Android keeps resisting Netbooks, they don't sell very well).

It sucks to be a Linux user that has to piggy-back on hardware industry for a more popular OS. It sucks worse when Linux gets locked out of the hardware access we have been taking for granted.

Re:No, this is really serious

[marcello_dl]

> It simply does not work that way. Especailly on ARM phones and tablets. Most vendors support secure ROM...

That's like having an unwritable BIOS, that's ok, it's a corner case of my solution, when you lose the jumper :)

But not in desktops where you might want to reflash the bios for particular hardware support or bugs triggered by particular hardware configuration. If you want secure boot all bootloader signing comes later, first you secure the firmware that does the first stages of booting.

Re:No, this is really serious

[marcello_dl]

> It simply does not work that way. Especailly on ARM phones and tablets. Most vendors support secure ROM...
s

That's like having an unwritable BIOS, that's ok, it's a corner case of my solution, when you lose the jumper :)

But not in desktops where you might want to reflash the bios for particular hardware support or bugs triggered by particular hardware configuration.

Why go thorugh all the trouble?

[flimflammer]

Just turn secure boot off FFS. You are able to disable it. If you're going to go through all the trouble to use this work around, what is the actual benefit to the system anymore? Just turn it off.

Re:Why go thorugh all the trouble?

[flimflammer]

If that ever even happened (which honestly, I think hell has a better chance of freezing over), that has nothing to do with this iteration. There is no reason to apply this workaround to this version of secure boot. If you're going to render the whole thing irrelevant anyway and make it inconveniencing to boot, there is no point to leaving it enabled in the first place.

Re:just let microsoft die

How so? No hardware manufacturer is required to put a "Designed for Windows 8" sticker on the hardware they sell, and it's not illegal to install (or, indeed, even preinstall) Win8 on such hardware.

Re:just let microsoft die

No.

This policy only affects a subset of Windows PCs.

PCs which were built for other OSes are not affected. Remember all those netbooks runnings Linux? You know how Dell sometimes produces Linux laptops? You remember how Walmart sold a Linux desktop? None of those would be affected.

Stop lying by saying that Microsoft somehow controls all the non-Apple hardware. If Linux fans spent more time improving Linux and less time bitching about Windows, then maybe there would be a bigger market for Linux boxes and manufacturers would produce more of them.

"present user" test

[morgauxo]

Sorry, that test fails my usability test. Any hardware manufacturer that wants to sell me a motherboard that requires I use this can stick their motherboard. I for one have no interest in a device which can never be rebooted remotely and can never bring itself back automatically after a power failure.

Re:just let microsoft die

[gagol]

You choose to buy a laptop running Microsoft. You can find some laptops (system76, etc...) that comes with Linux pre-installed. Now, get off my lawn!

How about a link that works

[Skapare]

How about an HTTP link. GIT can do that.

Re:Obtaining a Microsoft signature will take a whi

[fatphil]

> Why on earth would Microsoft sign such a bootloader?

Probably as there are monopoly/anti-trust implications if they don't.

Re:ABOUT DAMNED TIME

[Skapare]

The computers I worked on from 1976 to 1991 didn't have a BIOS yet they managed to come up just fine.

Re:One more option...

[DarwinSurvivor]

UEFI is not a problem! UEFI with SecureBoot enabled by default is a problem.

Re:just let microsoft die

[ByOhTek]

I have a job and a choice. I use Microsoft where it's appropriate, Linux where appropriate, and I could, if I wanted to, add BSD or Apple in there.