Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Linux On Microsoft Surface Is a Tough Challenge

Posted by timothy on from the 5-feet-high-and-risin' dept.

hypnosec writes "With Linux enthusiasts and distro publishers eagerly waiting for a solution to Microsoft's UEFI SecureBoot, there are those who have already looked at the viability of Linux on Microsoft Surface tablet. Matthew Garrett, a.k.a. UEFI-guru, has revealed that those who are keeping their fingers crossed and hoping to find run Linux on Microsoft's tablet are on an uphill walk and it doesn't seem to be an easy one. So why is this? The answer is in the manner in which Microsoft has restricted the Surface from loading non-signed software / binaries by implementing UEFI SecureBoot. Microsoft has loaded on the ARM based tablet its private key instead of the 'Microsoft Windows UEFI Driver Publisher' key, which is needed to sign non-Microsoft software like Linux distributions or loaders. So, no publisher key = no signed non-Microsoft binary = no Linux."

35 of 561 comments (clear)

  1. Another reason not to buy Surface by turkeyfeathers · · Score: 5, Insightful

    As if you needed another reason.

    1. Re:Another reason not to buy Surface by Frosty+Piss · · Score: 5, Insightful

      As if you needed another reason.

      Exactly. Solution? Don't buy a Surface if you want to run Linux / Android on it.

      It's so deliciously simple.

      I don't like Win8 either.

      Guess what? I haven't bought it.

      Another thing I haven't bought:

      http://en.wikipedia.org/wiki/File:Cadillac_CTS_front.JPG

      It's an ugly car... I don't want one.

      --
      If you want news from today, you have to come back tomorrow.
    2. Re:Another reason not to buy Surface by Grishnakh · · Score: 4, Insightful

      Why? This isn't some piece of hardware from a hardware company like Samsung or Dell or Asus or Acer or Lenovo; it's from Microsoft themselves. If you don't like the OS that's loaded on Surface, don't buy it. There's tons of tablets from companies like Samsung that you can run Linux on if you want, which don't employ such measures to keep non-MS OSes off. Purchasing this tablet is only going to put money in the hands of MS anyway, moreso than buying an Android tablet.

    3. Re:Another reason not to buy Surface by Anonymous Coward · · Score: 0, Insightful

      What is so sad is most people don't get this very simple idea.

      Research first and If a product won't do what you want then simply don't buy it.

      Yet so many people buy things and then complain because it will not do what they want.
      And on top of that they put so much effort into trying to get it to do what they want by the time they get it to do that it's considered obsolete.

      If people put more effort into supporting those who build open systems that allow them to do what they want, they would already have it by now.
      But until that happens we will still have people complaining endlessly about what they can't do.

      Let your voice be heard with your wallet. Don't keep supporting those with the keys to the kingdom.

    4. Re:Another reason not to buy Surface by Elldallan · · Score: 2, Insightful

      Actually people should complain, Microsoft is abusing it's OS monopoly in a way that is at least illegal here in the EU and I hope it is illegal by US antitrust standards too. People need to complain, specifically they need to complain to their EU Commissioner.

      Not loading their publisher key is a blatant attempt to try to prevent people from running other OSes on that piece of hardware which is an abuse of their "dominant market share" and they need to be punished for it, preferably harshly

    5. Re:Another reason not to buy Surface by sg_oneill · · Score: 3, Insightful

      Apple haven't really put a lot of effort into locking out jailbreaks. Just a token effort really to appease the devs and itunes lawyers worried about piracy. UIltimately apples money isnt really derived from software but hardware.

      Microsoft on the other hand are all about software. They are much more in need of a lockout to ban competition from their hardware.

      Compare the two approaches: Apple;- No competing hardware (But we dont really care if you install windows on your mac, we'll just think your daft). Microsoft;- No competing software (We dont care if you install us on a competing tablet, surface is just a marketing tool)

      --
      Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
    6. Re:Another reason not to buy Surface by Doctor_Jest · · Score: 5, Insightful

      In what market are you proposing Microsoft has a monopoly ?

      It's in the sentence you quote. Windows. They were convicted of abusing monopoly power in the OS/Browser/Office arena a while back, in case you might've missed that trial. Their "probation" expired recently, so they've been much more aggressive in launching lock-in at the vendor level.

      "Dominant market share" ? In what market ? Not tablet hardware. Not tablet OSes. Not tablet software. What market ?

      They are doing what most monopolies do when they want to dominate a new market. Use their existing monopoly to leverage an unfair advantage and squeeze out competitors. Surely you agree Microsoft has a monopoly in the OS market. The closest competitor (albeit a rich one) is Apple. Standard Oil did it many times over, and it's pretty common even among vertical monopolies like Standard Oil.

      The reason this is an abuse is quite simple. They are requiring ARM based tablets that have Windows 8 certification (take whatever you want from the intended meaning of that phrase) to require a non-user accessible key to certify or "sign" binaries on the ARM platform. Granted, Surface is Microsoft's product, but this will (and it has been WELL documented) apply to ALL ARM processor based tablets, even from third parties. (Want to play in Windows 8 Land? You're going to have to pay the gatekeeper, Microsoft, and not give users the SecureBoot Keys.)

      Implications are that they will continue to move outward from this "non-monopoly" market of tablets and phones into Intel-based "certified" Windows 8 laptops. (Desktops are probably safe, but I wouldn't bet on Redmond's desire to kill Linux and other alternative OSes there too.) All you have to do is look at the history of Microsoft to see that anything they do is geared towards not making a better product than their competitors, but defeating utterly their competitors and leaving them unable to continue. The problem that Microsoft's been facing for decades now is the fact that Linux is free. You can't under-price free, and you can't, in the current Intel architecture, make a suitable "Windows only" system anymore. (There are exceptions, and some driver support sucks, but for the most part, it's not like it was in the heyday of Microsoft's OS hot war against everyone else.)

      Microsoft wants the early 90's back. They also want to do that without attracting the ire of the Federal Government. They do this where they aren't dominant and see how the public takes it. Remember TPM and encrypting hard drives (the ATA standard) back in the late 90's. It was floated about that using that could combat those evil pirates with keys granted by a licensed arm of the government (or contractor, hint Microsoft) Good ol' Senator Fritz Hollings was on the witch hunt claiming if technology companies didn't invent a way to prevent piracy at the circuit level, the federal government would step in... Thankfully that was quashed, and now Fritz is close to his karma catching up to the old cocksucker.

      So forgive us for not believing Microsoft doesn't have a sinister plot in mind with this secureBoot code signing fungasm of theirs. History has proven that they are not to be trusted.... ever.

      --
      It's the Stay-Puft Marshmallow Man.
    7. Re:Another reason not to buy Surface by suomynonAyletamitlU · · Score: 4, Insightful

      You don't understand what "Abusing a monopoly" means.

      When you have a monopoly, you can apply pressure to other people, knowing that there is no competition for them to run to. If they have competition to run to, you aren't abusing anything, you are just being a damn idiot. This is Microsoft's product. The Surface is manufactured by Microsoft and is in every way theirs. They are allowed to make arguably stupid decisions when it comes to their own product, as long as there is sufficient competition that other people do not need to feel impinged upon by their mistakes.

      If all UEFI bootloaders only accept this private Microsoft key, and if it turns out that's Microsoft's doing, that's one thing. However, in my understanding, other OEMs will probably take the publicly signed keys that Microsoft makes available. Microsoft surface, however, will not, which some people find disappointing.

    8. Re:Another reason not to buy Surface by drsmithy · · Score: 3, Insightful

      It's in the sentence you quote. Windows.

      It's not illegal to have a monopoly in your own product. Hopefully I don't have to explain why.

      They were convicted of abusing monopoly power in the OS/Browser/Office arena a while back, in case you might've missed that trial.

      No, I didn't. Which is why I know what market they were actually found to be a monopoly in: x86-compatible PC OSes. Not office. Not browsers. Certainly not something as generic as "all operating systems"

      Surely you agree Microsoft has a monopoly in the OS market.

      Which OS market ? There's more than one.

      The reason this is an abuse is quite simple. They are requiring ARM based tablets that have Windows 8 certification (take whatever you want from the intended meaning of that phrase) to require a non-user accessible key to certify or "sign" binaries on the ARM platform. Granted, Surface is Microsoft's product, but this will (and it has been WELL documented) apply to ALL ARM processor based tablets, even from third parties. (Want to play in Windows 8 Land? You're going to have to pay the gatekeeper, Microsoft, and not give users the SecureBoot Keys.

      So you're arguing there won't be any ARM based tablets on the market soon capable of running anything except Windows 8 ? To be clear, you're predicting the death of Android on ARM tablets ?

      All you have to do is look at the history of Microsoft to see that anything they do is geared towards not making a better product than their competitors, but defeating utterly their competitors and leaving them unable to continue.

      Actually it's a struggle to think of any significant Microsoft product that hasn't won out by being more attractive to customers than the alternatives.

      The problem that Microsoft's been facing for decades now is the fact that Linux is free. You can't under-price free, and you can't, in the current Intel architecture, make a suitable "Windows only" system anymore. (There are exceptions, and some driver support sucks, but for the most part, it's not like it was in the heyday of Microsoft's OS hot war against everyone else.)

      It is stupidly trivial for Microsoft to create a standard for "Windows only" systems. It is trivial today, it was trivial ten years ago, it was trivial ten years before that. They didn't.

      Linux has been free forever. Strangely, it hasn't displaced Windows. It hasn't even displaced MacOS. Indeed, the result has been the complete opposite. Clearly "free" means diddly squat to customers.

      So forgive us for not believing Microsoft doesn't have a sinister plot in mind with this secureBoot code signing fungasm of theirs. History has proven that they are not to be trusted.... ever.

      The only thing missing from your paranoid rant is the ridiculous "DOS ain't done" line.

    9. Re:Another reason not to buy Surface by iserlohn · · Score: 1, Insightful

      Do you make a living presenting logical fallacies as arguments? Nobody is preventing MS from bundling anything as long as they don't abuse their monopolistic position in the market. There are many ways to remedy this or to avoid this in the first place - I suggest you read up on this if you are serious in participating in a debate related to antitrust and competition law.

      BTW, a quick search on Google gives you plenty of references to the Winsock issues and also some history on how Winsock came to be. I take it that you know how to search on the a internet for information. Feel free to disagree but then you would have to accept the facts are not on your side.

      --
      :. Ultimate Control Dedicated/VM Servers
  2. Solution by Anonymous Coward · · Score: 5, Insightful

    Don't buy a surface?

    1. Re:Solution by Anonymous Coward · · Score: 5, Insightful

      Eventually all hardware will be like this. What will be your solution then? Don't buy a computer?

      The trend is clear. Not so long ago, ALL hardware was yours after you bought it. Now, only a fraction is, and the ones that are not, are in the process of being locked down. In 10 years, 15 tops, you won't be able to buy an unlocked device, not a desktop, not a mobile. There will be some way to run Linux still, such as your vendor buying a key, but it's all going to be at someone else's permission.

      Have fun with that world.

    2. Re:Solution by Anachragnome · · Score: 3, Insightful

      "Don't buy a surface?"

      AC, or not, mod up please. Simplest solution possible.

    3. Re:Solution by Anonymous Coward · · Score: 1, Insightful

      The above paragraph indicates they are talking about the Surface (ARM version). Not the pro.

    4. Re:Solution by disambiguated · · Score: 5, Insightful

      In 20 years, there will still be general-purpose computers, but they'll be extremely expensive.

      While I admire your extreme cynicism, you haven't been paying attention to hardware trends. General purpose computers will be expensive relative to the special purpose ones, which is to say they will be dirt cheap (and obscenely powerful by today's standards) .

      Until they make it illegal, someone will always be willing to manufacture general-purpose-do-what-you-want machines.

  3. Well then ... by King_TJ · · Score: 5, Insightful

    no publisher key = no signed non-Microsoft binary = no Linux = NO SALE!

    Honestly, I have no real interest in the Microsoft Surface anyway. I played with one at the store for a little while, and walked away thinking, "Pretty looking, but ultimately adds no value for me." Obviously though, others feel differently.

    Still, if you're someone actually interested in a Surface but NOT to run Windows on it? The fact Microsoft has it this locked down should tell you to move along and not vote for this product with your wallet. It's great to see people enabling hardware to do new things it wasn't intended to do originally.... but where do we draw the line?

    1. Re:Well then ... by martin-boundary · · Score: 3, Insightful

      The line is where it's always been: you buy the product, it's yours, you can do whatever you like with it. It's unreasonable for a manufacturer to try to take those rights away from you.

    2. Re:Well then ... by Andrewkov · · Score: 3, Insightful

      Yet millions and millions of locked cell phones are sold every year.

    3. Re:Well then ... by rrohbeck · · Score: 3, Insightful

      And rooted/unlocked pretty soon.

      --
      thegodmovie.com - watch it
    4. Re:Well then ... by Microlith · · Score: 3, Insightful

      That's not a defense. It doesn't make it acceptable, it just means that the vast majority of people are completely unaware of what they're pulling.

      Which explains much of the governments and corporations in the world today, they act and exploit the ignorance of people on a daily basis.

    5. Re:Well then ... by martin-boundary · · Score: 3, Insightful

      If it's a gratuitous addition specifically to prevent you from doing something that you otherwise could, then they have. For example, if you buy a book and find out the pages have been glued together, that's unreasonable. If you buy a computer and you find out it could run third party software, but the loading system has been disabled, that's unreasonable.

    6. Re:Well then ... by vlad30 · · Score: 3, Insightful

      The line is where it's always been: you buy the product, it's yours, you can do whatever you like with it. It's unreasonable for a manufacturer to try to take those rights away from you.

      No the manufacturer sold it to you "as is" and "fit for purpose" if you want to do something else with it either buy a product that does what you want or go make it yourself. I personally don't like "restricted-boot" so I don't buy a product that has it - exception if the product is well designed and needs no modification

      --
      Your'e all thinking it, I just said it for you
  4. But when Microsoft do it... by EdZ · · Score: 2, Insightful

    So in the same camp as every iPad made, and the majority of Android tablets, then?

  5. Primary reason by KiloByte · · Score: 4, Insightful

    SecureBoot was never about security If it was, Microsoft would put at least some token effort towards blacklisting drivers with ring 0 holes. The point since day one was to hinder the spread of non-commercial alternatives.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    1. Re:Primary reason by YukariHirai · · Score: 3, Insightful

      The point since day one was to hinder the spread of non-commercial alternatives.

      More accurately, to hinder non-Microsoft alternatives on their hardware... it's not like Microsoft would tell Apple "sure, we'll let you put iOS on the Surface" even if Apple had any interest in doing that. It just so happens that the only software that people try to put on Microsoft-branded hardware are non-commercial projects.

  6. Unbelievable. by Anonymous Coward · · Score: 5, Insightful

    Stop. Just stop.

    It's a Microsoft device. It was designed to run Win RT. This is quite clearly marked on the box and the device itself.

    There are a thousand other things wrong with Linux right now and nobody seems interested in fixing them (yes, I'm doing my part, but I only have so much free time to spend fixing random issues and maintaining my own packages). No, instead, we're going to dump all our time and effort into making a device that was NEVER DESIGNED TO RUN LINUX, well, run Linux.

    Sooner or later you just have to say enough is enough. This is almost as stupid as buying an iPad or iPhone and attempting to run Android on it. Just because you're buying "hardware" doesn't mean you're getting the privilege of installing whatever the hell you want on the device. Mobile equipment like this is marketed and sold as an end-to-end solution, you're not buying hardware- you're buying software tied to hardware. Making the mistake of thinking that the hardware is there for you to do whatever you wish with is silly. If you want a tablet to run Linux on, buy a tablet that runs Linux.

    Trying to shoehorn the 'tux onto the ARM Surface is stupid. No shit Microsoft has locked the thing up, they're subsidizing the damned hardware by assuming that you'll run Windows on it and buy applications through the Windows App Store.

    This is almost as dumb as buying a set of kitchen utensils then wondering why you can't build a shed with them. If you wanted to buy a shed, why didn't you invest in a set of proper tools? What on earth made you think a few forks, spoons, and knives were going to let you do the same thing?

    1. Re:Unbelievable. by codepigeon · · Score: 5, Insightful

      I was right there with you until: 'just because you buy the hardware, you think you have the privilege to install what you want'.

      what!!! What has happened to this world?! I bought it. If I want to install DOS 6.2 on it, that is nobody's business but mine. I cant believe the corporations have managed to convince people like you otherwise.

    2. Re:Unbelievable. by jedidiah · · Score: 1, Insightful

      There's nothing "rational" about that post.

      It's MY hardware. Once I buy it it becomes MY personal property to use any way I see fit.

      Your corporate bootlicking is not "rational".

      --
      A Pirate and a Puritan look the same on a balance sheet.
    3. Re:Unbelievable. by Anachragnome · · Score: 5, Insightful

      Where is the rationality in buying a product that doesn't suit your needs?

  7. Expected by Anonymous Coward · · Score: 3, Insightful

    Had Microsoft tried to sell a PC that was similarly locked-down in the late 1990s, I expect they would've gotten sued by the government. However, mobile phones (and game consoles) have traditionally been locked-down, and no regulatory agency seems to mind.

    Now the line is blurring between the two, with the tablet borrowing from both laptops and mobile phones. I assume soon either it'll be OK for any device to be locked down, or all devices will have to be "openable".

    I wonder how that's gonna turn out...

  8. It isn't that it was never designed to run linux by symbolset · · Score: 4, Insightful

    The problem is that it was designed to never run linux.

    --
    Help stamp out iliturcy.
  9. Why bother? by fufufang · · Score: 3, Insightful

    Why would you even bother to put Linux on Microsoft hardware? You have chosen hardware that's crippled by design, you have chosen to get yourself shafted. There are plenty other Linux friendly hardware out there...

  10. Re:What does UEFI really accomplish? by hibiki_r · · Score: 3, Insightful

    Hardware that can run any OS will still be available, if just to fill the server market. There are tons of companies out there running on linux servers, and they have no interest in switching to either windows or being forced into very big hardware. As long as they exist and keep buying, you'll be able to run linux on the desktop, no matter what Microsoft wants.

  11. Ha! by ickleberry · · Score: 3, Insightful

    Back when UEFI came out people were saying how things weren't so bad. Now MS has done exactly what 'tinfoil hat wearing alarmists' said they would.

    Next time, "things will be alright"-folk, dont tell us we didn't tole you!

  12. Apple angle? by csumpi · · Score: 2, Insightful

    You can't run linux on an ipad either. So linux users don't buy ipads either? Do linux users boycott apple and not run linux on overpriced apple laptops because they can't run linux on apple's tablet?

    Why is Microsoft the only evil one for making a tablet that can't boot linux?

    This is just plain silliness. There are a bunch of win8 tablets where secure boot can be disabled and linux installed.