Why Linux On Microsoft Surface Is a Tough Challenge

hypnosec writes "With Linux enthusiasts and distro publishers eagerly waiting for a solution to Microsoft's UEFI SecureBoot, there are those who have already looked at the viability of Linux on Microsoft Surface tablet. Matthew Garrett, a.k.a. UEFI-guru, has revealed that those who are keeping their fingers crossed and hoping to find run Linux on Microsoft's tablet are on an uphill walk and it doesn't seem to be an easy one. So why is this? The answer is in the manner in which Microsoft has restricted the Surface from loading non-signed software / binaries by implementing UEFI SecureBoot. Microsoft has loaded on the ARM based tablet its private key instead of the 'Microsoft Windows UEFI Driver Publisher' key, which is needed to sign non-Microsoft software like Linux distributions or loaders. So, no publisher key = no signed non-Microsoft binary = no Linux."

Another reason not to buy Surface

[turkeyfeathers]

As if you needed another reason.

Re:Another reason not to buy Surface

[Frosty+Piss]

As if you needed another reason.

Exactly. Solution? Don't buy a Surface if you want to run Linux / Android on it.

It's so deliciously simple.

I don't like Win8 either.

Guess what? I haven't bought it.

Another thing I haven't bought:

http://en.wikipedia.org/wiki/File:Cadillac_CTS_front.JPG

It's an ugly car... I don't want one.

Re:Another reason not to buy Surface

I've tried to put the Linux on my CTS. I think they've restricted the bootloader or something because it doesn't go. I also am outraged that my 4-slice toaster seems to be restricted, it will NOT run Linux. This is clearly M$0ft's doing.

Re:Another reason not to buy Surface

[Grishnakh]

Why? This isn't some piece of hardware from a hardware company like Samsung or Dell or Asus or Acer or Lenovo; it's from Microsoft themselves. If you don't like the OS that's loaded on Surface, don't buy it. There's tons of tablets from companies like Samsung that you can run Linux on if you want, which don't employ such measures to keep non-MS OSes off. Purchasing this tablet is only going to put money in the hands of MS anyway, moreso than buying an Android tablet.

Re:Another reason not to buy Surface

[Grishnakh]

If I see the practice of artificially restricting what software the purchaser of hardware can run as heinous, then why wouldn't I try to crack the DRM?

Because you have to put $900 in Microsoft's pocket for the privilege of trying.

If you were somehow getting the thing for free, I could understand your reasoning. Maybe if the thing only cost $49 (and was a loss leader), I could understand your reasoning as well. But it's not free, it's not under $100, it's not even close. There's a lot of better things I could do with $900 than buy a piece of crippled hardware hoping to get Linux running on it and show MS that "DRM is just a waste of resources". Even if you do get Linux running on the thing, so that many more people could shell out $900 to do the same thing, Microsoft will just be laughing all the way to the bank.

If you really have that much spare time and money, why not work on something more productive, like fixing some of the many outstanding problems and deficiencies that Linux is still plagued by? There's lots of other hardware out there that Linux runs sub-optimally on; go buy some of that HW and fix the problems.

Re:Another reason not to buy Surface

[mysidia]

Hackers were able to get Android running even on an iPhone. I don't think the Surface will be a technical impossibility getting Android running on it... the only question will be if hackers are willing to devote the time and energy to it.

IMO it's just not worth it. Don't buy the crap from MS :)

Re:Another reason not to buy Surface

[Joe+U]

That dominant market share of 1%?

Re:Another reason not to buy Surface

[Doctor_Jest]

In what market are you proposing Microsoft has a monopoly ?

It's in the sentence you quote. Windows. They were convicted of abusing monopoly power in the OS/Browser/Office arena a while back, in case you might've missed that trial. Their "probation" expired recently, so they've been much more aggressive in launching lock-in at the vendor level.

"Dominant market share" ? In what market ? Not tablet hardware. Not tablet OSes. Not tablet software. What market ?

They are doing what most monopolies do when they want to dominate a new market. Use their existing monopoly to leverage an unfair advantage and squeeze out competitors. Surely you agree Microsoft has a monopoly in the OS market. The closest competitor (albeit a rich one) is Apple. Standard Oil did it many times over, and it's pretty common even among vertical monopolies like Standard Oil.

The reason this is an abuse is quite simple. They are requiring ARM based tablets that have Windows 8 certification (take whatever you want from the intended meaning of that phrase) to require a non-user accessible key to certify or "sign" binaries on the ARM platform. Granted, Surface is Microsoft's product, but this will (and it has been WELL documented) apply to ALL ARM processor based tablets, even from third parties. (Want to play in Windows 8 Land? You're going to have to pay the gatekeeper, Microsoft, and not give users the SecureBoot Keys.)

Implications are that they will continue to move outward from this "non-monopoly" market of tablets and phones into Intel-based "certified" Windows 8 laptops. (Desktops are probably safe, but I wouldn't bet on Redmond's desire to kill Linux and other alternative OSes there too.) All you have to do is look at the history of Microsoft to see that anything they do is geared towards not making a better product than their competitors, but defeating utterly their competitors and leaving them unable to continue. The problem that Microsoft's been facing for decades now is the fact that Linux is free. You can't under-price free, and you can't, in the current Intel architecture, make a suitable "Windows only" system anymore. (There are exceptions, and some driver support sucks, but for the most part, it's not like it was in the heyday of Microsoft's OS hot war against everyone else.)

Microsoft wants the early 90's back. They also want to do that without attracting the ire of the Federal Government. They do this where they aren't dominant and see how the public takes it. Remember TPM and encrypting hard drives (the ATA standard) back in the late 90's. It was floated about that using that could combat those evil pirates with keys granted by a licensed arm of the government (or contractor, hint Microsoft) Good ol' Senator Fritz Hollings was on the witch hunt claiming if technology companies didn't invent a way to prevent piracy at the circuit level, the federal government would step in... Thankfully that was quashed, and now Fritz is close to his karma catching up to the old cocksucker.

So forgive us for not believing Microsoft doesn't have a sinister plot in mind with this secureBoot code signing fungasm of theirs. History has proven that they are not to be trusted.... ever.

Re:Another reason not to buy Surface

[suomynonAyletamitlU]

You don't understand what "Abusing a monopoly" means.

When you have a monopoly, you can apply pressure to other people, knowing that there is no competition for them to run to. If they have competition to run to, you aren't abusing anything, you are just being a damn idiot. This is Microsoft's product. The Surface is manufactured by Microsoft and is in every way theirs. They are allowed to make arguably stupid decisions when it comes to their own product, as long as there is sufficient competition that other people do not need to feel impinged upon by their mistakes.

If all UEFI bootloaders only accept this private Microsoft key, and if it turns out that's Microsoft's doing, that's one thing. However, in my understanding, other OEMs will probably take the publicly signed keys that Microsoft makes available. Microsoft surface, however, will not, which some people find disappointing.

Solution

Don't buy a surface?

Re:Solution

Eventually all hardware will be like this. What will be your solution then? Don't buy a computer?

The trend is clear. Not so long ago, ALL hardware was yours after you bought it. Now, only a fraction is, and the ones that are not, are in the process of being locked down. In 10 years, 15 tops, you won't be able to buy an unlocked device, not a desktop, not a mobile. There will be some way to run Linux still, such as your vendor buying a key, but it's all going to be at someone else's permission.

Have fun with that world.

Re:Solution

[disambiguated]

In 20 years, there will still be general-purpose computers, but they'll be extremely expensive.

While I admire your extreme cynicism, you haven't been paying attention to hardware trends. General purpose computers will be expensive relative to the special purpose ones, which is to say they will be dirt cheap (and obscenely powerful by today's standards) .

Until they make it illegal, someone will always be willing to manufacture general-purpose-do-what-you-want machines.

Well then ...

[King_TJ]

no publisher key = no signed non-Microsoft binary = no Linux = NO SALE!

Honestly, I have no real interest in the Microsoft Surface anyway. I played with one at the store for a little while, and walked away thinking, "Pretty looking, but ultimately adds no value for me." Obviously though, others feel differently.

Still, if you're someone actually interested in a Surface but NOT to run Windows on it? The fact Microsoft has it this locked down should tell you to move along and not vote for this product with your wallet. It's great to see people enabling hardware to do new things it wasn't intended to do originally.... but where do we draw the line?

Primary reason

[KiloByte]

SecureBoot was never about security If it was, Microsoft would put at least some token effort towards blacklisting drivers with ring 0 holes. The point since day one was to hinder the spread of non-commercial alternatives.

Unbelievable.

Stop. Just stop.

It's a Microsoft device. It was designed to run Win RT. This is quite clearly marked on the box and the device itself.

There are a thousand other things wrong with Linux right now and nobody seems interested in fixing them (yes, I'm doing my part, but I only have so much free time to spend fixing random issues and maintaining my own packages). No, instead, we're going to dump all our time and effort into making a device that was NEVER DESIGNED TO RUN LINUX, well, run Linux.

Sooner or later you just have to say enough is enough. This is almost as stupid as buying an iPad or iPhone and attempting to run Android on it. Just because you're buying "hardware" doesn't mean you're getting the privilege of installing whatever the hell you want on the device. Mobile equipment like this is marketed and sold as an end-to-end solution, you're not buying hardware- you're buying software tied to hardware. Making the mistake of thinking that the hardware is there for you to do whatever you wish with is silly. If you want a tablet to run Linux on, buy a tablet that runs Linux.

Trying to shoehorn the 'tux onto the ARM Surface is stupid. No shit Microsoft has locked the thing up, they're subsidizing the damned hardware by assuming that you'll run Windows on it and buy applications through the Windows App Store.

This is almost as dumb as buying a set of kitchen utensils then wondering why you can't build a shed with them. If you wanted to buy a shed, why didn't you invest in a set of proper tools? What on earth made you think a few forks, spoons, and knives were going to let you do the same thing?

Re:Unbelievable.

[codepigeon]

I was right there with you until: 'just because you buy the hardware, you think you have the privilege to install what you want'.

what!!! What has happened to this world?! I bought it. If I want to install DOS 6.2 on it, that is nobody's business but mine. I cant believe the corporations have managed to convince people like you otherwise.

Re:Unbelievable.

[Anachragnome]

Where is the rationality in buying a product that doesn't suit your needs?

Why would you want to?

[fermion]

Before surface, MS WIndows ran on commodity hardware. If you needed a cheap *nix box you could go down to the store, but a MS Windows machine, through away the MS license, and load your favorite *nix.

If you want a *nix that runs on MS Surface caliber hardware and aren't worrying about licensing, get an iPad. You can fill it up with important apps for under $100.

If you want a cheap *nix pad, get an android. It still has licensing issues, but is the commodity hardware that was the MS Windows machine.

The reality is that OSS is going to be a few years behind MS, which is a couple years behind Apple. Look at the office app. Openoffice.org was possible only because the office application is now legacy and MS did little to keep the product unique. While the GUI was available in high end Unix machines since it was available for Apple, commodity machines did not have graphic coprocessors that made GUIs efficient until the early 90's.

So it is an advancement that we had a functional *nix tablet, in the form of android, before we had a functional MS tablet, in terms of surface. So I am not sure why we would want to make MS Surface anything other than a marginal device by standardizing it as a *nix device. I mean, one thing about windows is it was the standard for writing memos and the like, so if you could get the MS Windows applications running in *nix, then you would not have to have a MS license. But what Apps does MS Surface have? I mean MS is so desperate that they are buying banner ads on /. begging developers to write apps.

Just let the MS Surface die a graceful death. Don't glorify it by even suggesting it should run and *nix.

It isn't that it was never designed to run linux

[symbolset]

The problem is that it was designed to never run linux.

Re:What does UEFI really accomplish?

[Microlith]

Whether Secure Boot makes your system more secure is still up in the air.

What does UEFI do? It lets us move past many of the ancient holdovers from 30 years ago that imposed silly limits on PCs, like 2TB limits on the boot drive, the MBR and associated partitioning scheme (GPT is much cleaner.) It also removes all the 16-bit, 1MB memory window limitations at boot time, moving the processors directly into 64-bit on startup and never leaving. All the archaic stuff moved into a compatibility module that can be turned on and off as you see fit.

I won't buy a UEFI motherboard. Period.

Best of luck to you, I hope you enjoy MIPS. Every x86 board vendor has moved to UEFI.

My views of ownership may differ from yours

[tuppe666]

Just because you're buying "hardware" doesn't mean you're getting the privilege of installing whatever the hell you want on the device.

See ignoring the massive flag waving response. I have this belief that if I buy something I can do what the hell I want with it. When did I start hiring/licensing my computer!! Can Microsoft really not effective compete with Linux the OS you claim in not ready (It is has been for years) I believe the Android variant is set to eclipse Windows Next Year.

When Did Apple Lock their computers

[tuppe666]

just another lesson learned from Apple.

I'm tired of Apple being used to justify shitty behaviour from Microsoft. In this case its no even true.

Specious logic

[Mr.+Underbridge]

There are a thousand other things wrong with Linux right now and nobody seems interested in fixing them (yes, I'm doing my part, but I only have so much free time to spend fixing random issues and maintaining my own packages). No, instead, we're going to dump all our time and effort into making a device that was NEVER DESIGNED TO RUN LINUX, well, run Linux.

Until relatively recently, no device was *ever* designed to run linux. If the Linux community accepted that approach, Linux wouldn't run on anything.

I think it's important, and sends a message to big companies, that Linux run on everything. It tells them, you will not avoid us. You cannot lock your shit down. No matter what you do, we'll be there.

If I was more clever, I'd do a rendition of a Police song to accentuate the point.

Re:Good!

[cbhacking]

MS made (and still makes) some of the first and best mass-market ergonomic keyboards. It was apparently actually a response to an internal problem; too many of their employees were getting RSIs and the best solution was to manufacture their own improved keyboard design. MS also makes some of the best general-purpose mice (1000 DPI, 5 buttons, excellent optical sensor, cheap) and laptop mice. They have competition in all those areas, and some of their more exotic designs haven't fared too well, but the mainstream Intellimouse designs have gone through something like eight generations of steady sales. I don't know how well they've done on the webcam market, though.

Also, since we're talking hardware, the Xbox and Xbox 360, while very expensive to make and taking a long time to recoup that investment, are certainly products which "did not tank". The Kinect has sold fantastically, although the gen1 model is feeling a little gen1 these days.

As for Surface... that remains to be seen. The lockdown on the UEFI and bootloader is a pain (personally) and will cost them a few sales (some portion of Slashdotters who would otherwise buy a widescreen tablet with a really nice cover/keyboard/trackpad accessory). Beyond that... it remains to be seen. The Surface Pro is even more a mystery in terms of market response.

Re:Which tablets?

[CajunArson]

So basically you are assuming that the Microsoft locked-down bootloader is impervious to hacking while all the Android ones suck and can be circumvented easily. Without knowing it, you've just complimented Microsoft's software engineering ability.

If the Surface doesn't just bomb out in the market, there will very probably be some hacks that make it possible to load on a new OS. Frankly, my Android phone is much harder to install a new OS on that any other piece of hardware that I've ever owned even though it theoretically isn't "locked down" so I'm not going to point fingers at Microsoft for copy-catting everybody else in this space.

Things change

[cbhacking]

None of the prior-generation x86 Windows tablets ran an OS that was really touch-friendly. The software, even more so than the hardware, crippled them as products. Additionally, the hardware has come a long, long way. Tablet PCs used to come in two form factors:

1. Badly overpriced/underpowered laptops with funky screen hinges, styluses, and mediocre battery life,
2. Very thick and heavy (for a handheld device) "slates" with high prices, poor performance, no easy way to use them like a laptop, probably a stylus, and mediocre battery life.

#1 achieved some popularity in workplaces and university campuses, where the ability to take notes and documents on a reasonably portable device that could also run "real programs" was useful, but they were never a commercial hit and until software like OneNote started appearing, there wasn't a lot that took advantage of their unique functionality. For the same price, you could get a more portable and durable ultra-light laptop, or a more powerful and durable conventional laptop, or a vastly more powerful non-tablet laptop. For a lower price, you could get a more powerful and durable small laptop, or a much more powerful (though less portable) typical laptop. With tablet functionality imposing such a hit on the performance and cost, and the software not there to back it up, of course they weren't popular.

#2 was even worse off. Although slightly more durable (no easy way to cover the screen though, unlike the convertible clamshell designs) and more portable (no keyboard, etc.), they were worse off for software (some programs just can't be used without a keyboard, and the on-screen keyboards take up too many pixels and are a pain to use) and were so niche that they had very little to drive the price down (convertible tablets had a reasonable amount of competition, with most major laptop vendors offering at least one model at a time in the last decade or so). Combined with their crippling inability to be used as a typical laptop (no built-in stand, no convenient way to offer peripherals), of course they sold terribly.

The world is different now. The introduction of cheap and accurate (if not precise) capacitive touchscreens has made multi-touch a far more common tablet interface than stylus digitizers. Low-power CPUs and high-capacity batteries have more than doubled tablet battery life, even as the devices have gotten thinner and lighter yet also more powerful. Relatively cheap and widely available solid-state storage has drastically improved performance, weight, battery life, and durability of modern tablets compared to their predecessors. The earmarks of the old tablet form factors are all but gone, even as the general classes of form factor - convertible and slate - still exist. Those lines are blurring now too, though.

On the software side, multi-touch has made interacting with a tablet much easier and more practical. Largely as a result of the rise in touch-driven phones, users are much more familiar with interacting with a computing device via touch - it is, after all, a natural paradigm, and one which the old tablets typically didn't support well if at all - and developers are much more familiar with writing touch-driven software. The hard-learned lessons of what makes a touch interface usable are finally being embraced by OS and app developers alike. Similarly, the importance of low battery utilization in apps has finally penetrated, and developers are learning to code appropriately. Tablet hardware (at a reasonable price) is finally capable of supporting "real" software - full web browsers and office suites, high-quality games and powerful utility apps, slick media players (and storage for their media) and tools for photographers and artists - in form factors that were before barely usable for handwritten notes and barely capable of running anything else. To find and buy all that lovely new software, built-in app stores are now common. To the user they provide convenience and at least some safety against malware, to the developer they offer di