Slashdot Mirror
Linux: Booting Via UEFI Can Brick Samsung Notebooks
wehe writes "Heise News reports today some Samsung notebooks can be turned into a brick if booted just one time via UEFI into Linux. Even the firmware does not boot anymore. Some reports in the Ubuntu bug tracker system report that such notebooks can not be recovered without replacing the main board. Other Linux distributions may be affected as well. Kernel developers are discussing a change in the Samsung-laptop driver."
It appears even Samsung is having trouble tracking down the problem (from the article): "According to Canonical's Steve Langasek, Samsung developers have been attempting to develop a firmware update to prevent the problem for several weeks. Langasek is advising users to start Ubuntu installation on Samsung notebooks from an up-to-date daily image, in which the Ubuntu development team has taken precautions to prevent the problem from arising. It is, however, not completely clear that these measures are sufficient."
yeah that's why they're not working on a fix and have written off the problem by blaming linux ... oh wait
dumbass
UEFI is working as intended.
Be seeing you...
My paranoid self says that we haven't eliminated the possibility that the right hand doesn't know what the left one is doing.
People in those projects know their section only. People have snuck in nefarious code before. Maybe it's exactly as the project leader wants it. It's not a good possibility, but it hasn't been eliminated yet either.
Kernel developers are discussing a change in the samsung-laptop driver.
To be fair, they didn't realize anybody would actually implement the HCF instruction.
How can I believe you when you tell me what I don't want to hear?
Who said "Man, I long for the old days when installing Linux wasn't as easy as today and all Linux guys were knowledgeable enough" ??
Step to the front now and apologize to all Samsung users.
Now THAT ladies and gentlemen, is a true brick. Not these smartphone soft-bricks that can be solved by a quick flash. you don't go home happy after a brick. Do not pass go. Do not collect $200.
The article spends four and a half paragraphs shouting how Linux has trashed the laptop and even states that "It does, however, only occur when Linux is booted using UEFI." But then right at the end it closes with "In addition to the samsung-laptop driver bug, there may be, it appears, other ways of messing up the hardware and firmware on some Samsung laptops to the extent that they will no longer boot." So, is it really the evil Linux that is fouling up Samsung's laptops, or is the the incompetent Samsung that allows the firmware on the motherboard to be fouled up so badly that it cannot be reflashed? (With regard to the replaced motherboard... I wonder if that is simply the easiest way to handle the warranty. Swap the motherboard, send it back to the customer, repair the "broken" motherboard later.)
Not sure what Samsung you're talking about. Some of the Samsung products I own incorporate free (really free, libre) software products in full compliance with the GPL. They seem to treat free/libre software as an ally, not an enemy.
Samsung notebooks can be turned into a brick if booted just one time
Why do people say "one time" when there's been a shorter word for it for hundreds of years? Damn Fugees...
systemd is Roko's Basilisk.
How will i know in the future, that when buying a new laptop my favorite Linux flavor will work on it?
The previous guy commenting about "sabotaging free software" got marked as a troll... But this is pretty similar to a major eMMC firmware bug present in many of Samsung's phones manufactured in 2011.
The eMMC flash chip is NOT JEDEC compliant, and the wear leveller can go out into la-la-land if you issue a secure erase command to the chip.
Starting with ICS, Google started performing eMMC erase when wiping data in recovery for privacy reasons. This would kill Samsung flash chips.
In the Galaxy Nexus, Google forced Samsung to fix the damn chip with an internal firmware update.
However, in other devices, Samsung worked around it in two ways:
1) Disabling MMC_CAP_ERASE in I9100 kernels for a while
2) Replacing secure erase with nonsecure erase and not documenting this anywhere
Without the assistance of an engineer from Google (whom Samsung later tried to silence as far as I can tell) providing critical information, the opensource community would have been fucked.
Eventually, Samsung claimed they were "working hard" on the issue in early June 2012 - http://www.xda-developers.com/android/samsung-diligently-working-towards-hardbrick-fix/
A month later, in early July, they added MMC_CAP_ERASE to I9100 kernels without providing even the slightest warning - Within a day, a pile of bricks showed up:
http://forum.xda-developers.com/showthread.php?t=1756242
In late August/early September, they submitted a patch to the Linux kernel to work around the issue at a kernel level - It was merged to mainline on September 4.
In early October, they released an update for Sprint devices WITHOUT THE FIX. "testing takes time" is an invalid excuse, as the build date for Sprint FI27 was September 27, 2011 - Almost a MONTH after the patch had been mainlined. The patch is very easy to backport to their I9100 kernel source baseline, so there is no excuse for this.
As a result, I still get PMs on XDA once or twice a week due to people accidentally digging up userspace binaries that perform secure erase. This shouldn't be an issue, as it is the kernel's responsibility to protect hardware from getting damaged by userspace. Samsung's position was that it was an "open source problem" and hence refused to fix it in the end.
Now that the exynos-abuse vulnerability is known and an exploit has been published, it's not an open source problem any more - Anyone who has not yet received an update to patch the exynos-abuse hole is dependent on this planet, out of 7 billion people, not having a SINGLE asshat who decides they want to permanently destroy a few Samsung devices. Even if exynos-abuse is patched, as long as the kernel still allows secure erase commands through, any other privilege escalation exploits will endanger devices again. Despite this, Samsung released an update for Sprint devices (FL24) at the end of December 2012 that *did not contain any protection against this issue in the kernel*
So yeah, Samsung wishes free software would go away - they claim otherwise, and make promises that they care and are trying to fix things, but they never deliver on such promises. Actions speak louder than words, and Samsung's actions send a pretty clear message to open source software - "fuck off and die".
(I won't even go into Samsung's constant and incessant GPL violations here... But it's incredibly rare for any Samsung source drop to correspond to any existing firmware release for a given device. When asked about this inconsistency, Samsung will claim that the firmware that came preinstalled on the device you purchased on launch day at Best Buy is a "leak" and thus they do not need to provide source that matches it.)
retrorocket.o not found, launch anyway?
This sounds like a design issue on Samsung's part. The firmware should not have been allowed to be altered to a state that the machines can no longer boot. Anyone remembers the notorious CIH virus back in the days? Now all you need is just a Ubuntu memory stick and you can render all those Samsung laptops inoperable...
Off your meds again? Paranoid schizophrenia is serious.
Good. Good. That what's we want you to think.
"Even Samsung"? They're useless - months along and they're no closer to even acknowledging that there's cut and paste issue (hanging apps, randomly rebooting device) with their flagship Android phone, the Galaxy S3!
It seems as though there is something badly wrong with the at least some part of the design if a bug of this flavor is possible(much less happening for reasons that even the vendor hasn't nailed down yet).
There are reasons to update/modify the firmware responsible for the first stages of the boot process; but not all that often(especially on a PC-class device, which has tons of both RAM and persistent mass storage available, this isn't some cost-reduced embedded device where the OS has to scribble configuration information in whatever bits of the teeny flash chip that also stores the bootloader).
Can anybody enlighten me as to why (outside of a BIOS update) a situation would arise where the kernel needs to scribble over the motherboard firmware, or where the firmware would be doing anything sufficiently drastic to itself based on input from the kernel that it wouldn't be recoverable?
Regardless of how this was (accidentally or not) triggered, is this a weakness in UEFI such that once one gains kernel-level access to the hardware, bricking a device that was booted using UEFI is trivial?
With BIOS laptops there usually was an emergency recovery mode where the BIOS reflashed itself from an image via USB floppy disk. Was an opportunity missed to make a similar setup mandatory in EUFI (but from a USB stick of course)?
When the copyright term is "forever minus a day", live every day like it's the last.
Or it could be that the project leader inserted such code because he was told to by his werewolf leaders to block the use of the laptop by occultist vampires, who due to their niche market, have to rely on rebranded Linux distros for their neffarious deeds. At the same time, they would be blocking use of the laptop by robot leagions by preventing them from installing an OS that doesn't give them nightmares. I don't know how the pirates (real pirates) fit into this.
The idea that Samsung is in control by werewolves, with Linux usability caught up in the perpetual war between werewolves, vampires, and robots, is not a good possibility, but it hasn't been entirely eliminated yet either.
Looks like you are confusing UEFI with secure boot stuff. BIOS was kind of a legacy mess, and it was about time the interface got updated. UEFI is that replacement. You can get a UEFI setup without the secure boot stuff.
Please.
When I first installed linux it was the powerpc version, that is, a port, on a powerbook, in 2002.
One kernel recompilation and wireless worked, sound worked, gigabit ethernet worked, radeon 3d worked (lots of frames too). Only thing missing, the faxmodem.
Logic says the intel version should have been simpler, because of the 10x-100x mindshare it had. When I switched to intel, not exotic models, it wasn't. In the following years, i had INCREASING difficulties with laptops. The broadcom driver, 3d needing proprietary drivers (and proprietary IMHO means more lockups, instead of more quality). Then with desktops (firmware for the network card, a blasphemy because common protocols for any os to speak to a network card are there at any level of hardware abstraction).
Now, bricking a machine needs something more than a bug, it needs a feature. It makes perfect sense commercially. Hardware makers might bicker about windows to get better deals, but they sure know that if the world switched to linux their sales would go down, for lack of artificial obsolescence represented by the OS/drivers/app upgrade cycle.
The fight for the desktop has begun. Valve, restricted boot, UEFI, ACPI... Buy wisely.
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
UEFI and secure boot are not the fucking same thing.
Bricks can be fixed with JTAG; if you have to outright replace the hardware, that's fried, toasted, nuked. (How the HELL does software do something THAT bad, anyway? Even flashing a ROM for an entirely incorrect model on a smartphone is still technically reparable..)
Facts do not cease to exist because they are ignored. - Aldous Huxley
So you want all the ICs on a motherboard to be socketed? Say it with me: UEFI and Secure Boot are different things!
That makes Apple a FOSS leader....
New Economic Perspectives
On the other hand, people might upgrade their hardware more often if they could be assured their new hardware wouldn't come with Microsoft's latest abomination and a shit-ton of bloatware.
One thing we do know is that hardware manufacturers don't have the balls to try it. Properly, at least, rather than periodic token attempts.
Log in or piss off.
yeah, to the tune of 500k a year to the linux foundation alone.
Yea that makes sense. They're only the largest proponent of Linux on mobile devices in the world.
Get over yourself.
Hmm, let's see who is behind UEFI, shall we? AMD, AMI, Apple, Dell, HP, IBM, Insyde, Intel, Lenovo, Microsoft, Phoenix. Yup, Linux haters all. Obviously this is all Microsoft's fault.
Mine got bricked booting Fedora 18 XFCE..
I tried to install Ubuntu 12.10 a few months ago, using the UEFI boot instead of the regular BIOS boot loading options on a Samsung laptop. The installer started, and all I got was a black screen. When I tried to turn it on again, all I got was a black screen. I assumed it was a hardware problem, and managed to get a replacement laptop. I then tried to do the same procedure again, and I also managed to brick the second laptop. Since the internal SSD is not serviceable, I was not able to resolve the issue, and Samsung was unable to help me in any way. I returned the second laptop, and then I disabled the ExpressCache from Windows before I wiped the system and installed Ubuntu Linux without using UEFI.
Any sufficiently advanced technology is indistinguishable from magic.
Plus $10/device to Microsoft to license all the patents Linux infringes on.
I wish I have a mod point to bump you up
Microsoft is the only PC OS vendor in that list and carries a lot of sway. So much, in fact, that secure boot was designed and implemented completely by them. They did it under the guise of the TCG, whose flag they've been waving for years. Secure boot is just a culmination of the vendor-biased security they've wanted.
It's been around a number of years as well - you could buy PCs doing it for at least 7 years now.
Hell, most PCs built in the past 4-5 years ARE UEFI. They just are hardcoded to boot into the BIOS emulation and legacy boot.
Which begs the question - how does Apple boot Windows 8? Their UEFI doesn't support secure boot as OS X doesn't support it...
Which patents are those, exactly, and where is it proven that they are being infringed upon by Linux?
Learn from the mistakes of others. There isn't enough time to make them all yourself.
And this has nothing at all to do with secure boot, so what is your point?
Next time you post something like this, please login first. That way I can mod you up, if I had mod points.
You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
Trying their best to sabotage free software.
I think you are referring to Microsoft. UEFI Secure Boot is their baby.
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
Because Apple, HP and IBM don't have their own OS on some of their products...
Oh, you want to talk about secure boot now, I thought we were talking about UEFI.
UEFI and Secure Boot are different things!
Except you can't have Windows Boot without UEFI. The traditional BIOS could not prevent you from running any OS you wanted to, without adding some easily avoidable hacks like looking for a specific signature in the boot block.
Their best selling smartphones use Android, which is not free software.
If they donate any money to GNU/Linux projects or other libre projects, they are just scamming and bribing the community.
UEFI: Microsoft's way of giving you a UFIA
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
My point was, quite simply, that Microsoft is the hard-charger behind the move towards secure boot. And they, more than anyone else in that list, hate Linux.
Apple doesn't distribute their OS to any other OEMs, and neither HP nor IBM's OSes matter in the context that Microsoft has heavily pushed secure boot in.
This article have nothing to do with secure boot.....
I think you are referring to Microsoft. UEFI Secure Boot is their baby.
Except that it's not and that this bug doesn't appear to have anything to do with Secure Boot, just UEFI.
You can get a UEFI setup without the secure boot stuff.
Until Microsoft require Windows Boot in a couple of years.
The legacy BIOS was a heap of junk, but throwing the kitchen sink in there and creating a new BIOS that's pretty much an operating system in its own right was not a good solution for anyone other than vendors looking for lockin.
Which begs the question
No it doesn't.
how does Apple boot Windows 8?
The computers are Macintoshes. Apple is the company.
Their UEFI doesn't support secure boot as OS X doesn't support it...
Windows 8 doesn't require UEFI Secure Boot. It couldn't, since one of Microsoft's requirements is that users be able to disable Secure Boot. Having UEFI Secure Boot is a requirement places on the OEMs that ship computers with Windows 8, and Apple doesn't ship Macs preinstalled with Windows.
It seems that Samsung will have to take the blame for this; that is, they should have tested for this. As it stands, it should be considered a manufacturing fault on their part. So the question is now, will the unlucky owners of Samsung bricks have them replaced under warranty?
Well, that's pretty lame if I have to keep updating it every 2 weeks.
On the other hand, people might upgrade their hardware more often if they could be assured their new hardware wouldn't come with Microsoft's latest abomination and a shit-ton of bloatware.
I highly doubt this. Most consumers still call their computer case the "CPU" and buy new computers when they don't have to because they don't realize Windows and their computer are different things. Basically, the average person looks at their computer like they would an advanced VCR.
The sad fact is, most people go out and buy new computers precisely because it has the newest version of Microsoft's abomination and all that bloatware which are marketed as features on the box and by the Best Buy droids. Computer manufactures know this, love it, and bank on it. It's how companies like Intel can get away with requiring a new goddamned socket every year (or less) and not have people storming their castle with pitchforks and torches. My parents don't care. Dell don't care either, because they're selling whole systems and not parts. Likewise, every time Microsoft come out with a new version of Windows, computer makers start seeing dollarsigns.
Logic says PowerPC is easier to support because there is far less hardware to worry about...
There are only a small number of powerbook models, with known wireless, ethernet, video chipsets etc. There are millions of x86 machines with an even wider range of possible peripherals, including often oem versions where the hardware is the same but small firmware differences cause compatibility problems etc, and problems where certain combinations of hardware simply don't work together.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
This is why PC vendors should have never allowed Microsoft to control their hardware. Unfortunately, Microsoft's gain = consumer pain, as usual. I'm guessing that disabling the secure boot feature entirely in the BIOS will avoid the machine getting bricked? If I purchase any new machine that will be the first thing I'll do, along with throwing the Windows installation discs in the trash can.
I've read online that disabling UEFI will mean you can no longer boot from USB. This means on the Samsung Series 9 laptops (which have only USB, no DVD/CD drive) you couldn't install Linux at all. Is this true?
Microsoft is not only guilty of attempted hardware monopoly, but also willfully contributing to the e-waste problem; given that it's a notebook, most folks won't even try to replace the board (and it should just be a replaceable chip, but NOT ALLOWED), but will just throw the whole thing away. Criminal waste due to criminal greed. The EU needs to get their butts in gear and stop this garbage cold.
Modded Troll??? This is true. Microsoft is back to its old monopolistic tricks. They are losing, partly due to their being convicted of monopolistic actions. Now that they see their monopoly slipping they are trying their best to sabotage competitors. They need to have their ass kicked before they leave a giant crater in the tech industry otherwise known as UEFI Secure Boot and Windows 8 Metro. I'm doing my part...I'm typing this from a System76 Ubuntu laptop.
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
Hmm, let's see who is behind UEFI, shall we? AMD, AMI, Apple, Dell, HP, IBM, Insyde, Intel, Lenovo, Microsoft, Phoenix. Yup, Linux haters all. Obviously this is all Microsoft's fault.
OK, why do I have to go to Microsoft to get a signing key to run a particular Linux kernel?
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
eMMC bug... :-\
Not an expert, but my impression is that UEFI is (yet another) bad idea poorly implemented from Intel and a committee of camels.
Exactly how booting an OS can permanently cripple purportedly secure firmware eludes me, but after the past two decades of watching strange ideas become accepted wisdom, I don't find it all that surprising. (OK, OK, I guess bricked is pretty secure. Not very damn useful, but very secure.)
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Okay, first you have the eMMc bug in Galaxy note which would result in permanent brick on factory reset and wipe via custom recovery.
Then in Note 2 you started giving root to any app which told you to.
And now the notebooks are going bricky brick.
Whats with you and the love of bricks?
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
Until Microsoft require Windows Boot in a couple of years.
... so that is to blame on UEFI then? Even if UEFI never existed, MS could decide to have required some other new firmware system if they wanted to force people to switch to such things. Looks like a really crappy slippery slope argument, about as slippery as sand paper.
I don'tknow why you would have to do that. I guess it is because you have absolutely no idea what you are talking about.
You don't need a 'signing key' from anybody to boot with UEFI. You do have to have a properly signed loader to boot a system with secure boot enabled, but that is not the same thing as booting with UEFI, and has nothing to do with the problem being discussed.
Even when using secure boot, you don't need Microsoft to do anything. You can sign your own stuff if you want. If you want to distribute your signed code to others, then they must trust the key that you used to sign. So, you can either a) tell every user how to go about importing your key, b) work with hardware vendors to get them to include your key, or c) sign with a key the user already has. SOME (but not all) Linux vendors decided to make life easy on their customers by having Microsoft sign for them.
Fear, Uncertainty and Doubt Ultimate Edition.
Excellent work; a tip of the hat to the usual suspects.
Log in or piss off.
That the most recent kernel breaks user space on these notebooks?
I just have to comment on the sprint thing... Sprint is almost always late with their updates, look at the Nexus 4... Its a nexus device which gets updates (becaus of sprint) 1-2 months after other Nexus devices that are handled by Google. So I would not only point at Samsung.
So UEFI != Secure Boot?
I always thought it was the same, can you elaborate?
The rest of your comment reflects your logic abilities.
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
UEFI is a replacement for BIOS. As their web page puts it: The UEFI specification defines a new model for the interface between personal-computer operating systems and platform firmware. The interface consists of data tables that contain platform-related information, plus boot and runtime service calls that are available to the operating system and its loader. Together, these provide a standard environment for booting an operating system and running pre-boot applications.
Secure boot is an optional feature of UEFI which can be used to ensure that the boot image being loaded by UEFI is from a trusted source.
The problems described in this article have nothing to do with secure boot.
Plus $10/device to Microsoft for their protection racket
FTFY
Not an expert, but my impression is that UEFI is (yet another) bad idea poorly implemented from Intel and a committee of camels.
So you are saying that Microsoft is not the prime mover behind UEFI Secure Boot? I don't think so.
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
Really weird - why would merely booting a device incur changes to non-volatile memory? There has been similar bugs with Intel's Trusted Execution Technology (probably more a fault on certain BIOS vendors) where merely trying out the technology, i.e. booting into the new mode, would cause the computer go into an endless reboot loop that persisted even across power-off etc. Apparently because some BIOS'es set a "remember to zeroize memory flag" but somehow fails to clear the flag as part of the zeroization!
Yes, Microsoft might have been forced to hire more Americans and the company may have become competent.
Please.
When I first installed linux it was the powerpc version, that is, a port, on a powerbook, in 2002.
One kernel recompilation and
So nothing actually worked until you had to do nerdy shit that no normal person would ever wish to do. Good to know.
Which patents are those, exactly, and where is it proven that they are being infringed upon by Linux?
Who cares, a company the size of Samsung - who has gone up against Apple - is unlikely to be bullied by a waning Microsoft, Microsoft couldn't afford to lose Samsung as an OEM but with the growth of Samsung's smartphone, tablet and linux notebook business they could certainly afford to cut Microsoft loose if push came to shove.
Just kidding, the Republicans want more foreign workers.
So you're blaming MS on something you had no fucking clue about, even insisting when you're being shown how you're wrong? Some people...
So actually you believe the behemoth that is Samsung would be bullied by Microsoft and that Microsoft is doing something illegal that is costing Samsung hundreds of millions of dollars yet Samsung is powerless to do anything about it? Really? These are the people that - despite having *enormous* contracts with Apple - refused to settle and took them on in court, and Apple are much bigger than Microsoft. Samsung also has much more invested in Linux products and makes more money from them than they do from Microsoft and Microsoft can't really afford to lose such a global, influential OEM.
I know it's fun to paint Microsoft as some criminal badboy - maybe you like that kind of thing - but your suggestion that they are some global power that can control anyone - even companies *way* larger than them - is just conspiracy nonsense.
Trying their best to sabotage free software.
I think you are referring to Microsoft. UEFI Secure Boot is their baby.
UEFI has nothing to do with Microsoft, even Secure Boot isn't a Microsoft thing and this story doesn't have anything to do with Secure Boot anyway...nice attempt to drag this topic into another M$ Windoze bash-fest though.
Which begs the question - how does Apple boot Windows 8? Their UEFI doesn't support secure boot as OS X doesn't support it...
Why does it beg that question? Windows 8 doesn't require UEFI or SecureBoot, there's your answer.
"So you are saying that Microsoft is not the prime mover behind UEFI Secure Boot? I don't think so."
I think (and I could be way wrong) that Secure Boot is something that Microsoft found already present in UEFI and has twisted to try to gain a competitive advantage. My increasingly faulty memory tells me the UEFI has a loooong history and in its present form is the misbegotten love child of several 1990s efforts to design a BIOS replacement for PCs. My impression (which also could be way wrong) is that it is an unlovely thing whose single virtue is that it can handle very large disks.
Feel free to research the situation and correct me if I'm wrong
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Even when using secure boot, you don't need Microsoft to do anything. You can sign your own stuff if you want. If you want to distribute your signed code to others, then they must trust the key that you used to sign. So, you can either a) tell every user how to go about importing your key, b) work with hardware vendors to get them to include your key, or c) sign with a key the user already has. SOME (but not all) Linux vendors decided to make life easy on their customers by having Microsoft sign for them.
Trying to act as if UEFI Secure Boot is not a Microsoft driven initiative is being pedantic at best, for the simple reason that Microsoft requires it on all new Windows 8 computers. Since Microsoft is the dominant player, this declaration will cause most new computers to carry UEFI Secure Boot. It is becoming clear to me, especially after reading TFA, that UEFI Secure Boot inherently favors larger corporate players in the OS market over minority players, and thus implicitly favors Microsoft. Computer makers will have little financial incentive to make their computers work with smaller operating systems such as Linux because of its minority status. The structure of UEFI Secure Boot seems to me to require testing with the OS running the computer to ensure it runs smoothly. Samsung obviously did not test with Linux, and thus we have bricked computers. Computer makers are unlikely to test many different flavors of Linux thoroughly on their machines, and thus we are likely to see more computers that simply will not run Linux. And that is exactly what Microsoft wants.
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
Apple doesn't distribute their OS to any other OEMs
So? They produce PCs and are an OS vendor with a significant - and extremely profitable - stake in the market.
and neither HP nor IBM's OSes matter in the context that Microsoft has heavily pushed secure boot in.
Workstations don't matter? You actually believe Linux is so crappy that HP would just drop RHEL and SUSE if Microsoft asked them to? You have some conspiracy theory that Microsoft controls all of these companies and that they could force them to produce only Windows 8 SecureBoot mandatory products? If there is a decline in the PC market it's the consumer market that is going down, in favor of Linux and iOS devices - but even many of the OEMs that do produce Windows machines also produce Linux ones (of course nowhere near as many as the development, testing and support costs aren't worth it for the lack of popularity).
OK, why do I have to go to Microsoft to get a signing key to run a particular Linux kernel?
You don't, if you think you do then you obviously have absolutely no idea what you're doing.
Yes, because in a story that has nothing whatsoever to do with Microsoft you're ignorantly blaming them simply because you have no idea what you're talking about. Either you're a complete retard or you're trolling.
Why is Canonical recommending booting into Linux AT ALL, with ANY image, when "just one boot from UEFI into Linux" can brick the laptop?
It seems to me that it is not safe to attempt to boot into Linux under ANY circumstances.
...Microsoft requires it on all new Windows 8 computers...
I thought it was just required to be "certified"... Though they do require Secure Boot not be able to be disabled on ARM. Supposedly this Windows 8 certification is optional - whatever that might mean. I hope to never buy such a UEFI/Secure boot machine, kind of like how I do not want a Samsung Chromebook. Wiki Cite:
In 2011, Microsoft was accused by critics and free software/open source advocates (including the Free Software Foundation) of trying to use the secure boot functionality of UEFI to hinder or outright prevent the installation of alternative operating systems such as Linux, by requiring that new computers certified to run its Windows 8 operating system ship with secure boot enabled using a Microsoft private key.
"but money is the God of Algiers & Mahomet their prophet." - Rich. O'Bryen June 8th 1786
I never said Secure Boot was not a Microsoft initiative. What I (and others) have said is that THIS PROBLEM has nothing to do with secure boot, and your ranting about Microsoft does not change that fact. THIS PROBLEM seems to be a problem with either Samsung's UEFI implementation or Linux. Neither one of those has a damn thing to do with Microsoft. And UEFI itself is an INTEL initiative, and existed long before Secure Boot.
UEFI (and Secure Boot) are nothing but specifications. Blaming the specification (or even odder, it's author) for someone's failure in implementing the spec is ridiculous. To you blame Tim Berners-Lee every time a web server gets hacked?
Whining because hardware manufacturers place most of their effort on things that most of their customers care about is just childish. Samsung's failure to test with Linux has NOTHING to do with Microsoft.
Why Am I Not Surprised?
Fugue for Aaron Swartz
According to your hypothesis it would be easy to make linux fully support modern macs. All the advantages of x86 and all the advantages of less hardware interactions to worry about.
Is this the case? (I have no intel macs around)
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
Except that what GP posits actually occurs with other companies. One division gives away something, another doesn't realize it and sues everyone for piracy. I don't know how common it is, but it does happen.
Can you point to a single instance of where your werewolf/vampire/robot/pirate... thing has occurred?
UEFI has nothing to do with Microsoft, even Secure Boot isn't a Microsoft thing and this story doesn't have anything to do with Secure Boot anyway...nice attempt to drag this topic into another M$ Windoze bash-fest though.
Simple argument: (1) Microsoft is the dominant player in the computer market. (2) Microsoft is dictating that all new Windows 8 computers have both EUFI and Secure Boot. (3) EUFI and Secure Boot both inherently favor large dominant OS players over minority players. Conclusion: Microsoft is the main force driving the adoption via its dominant market share, and it is doing so to limit competition in the market.
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
Be very glad Obama was elected...
Ummm...no thanks.
As just replied to the same argument then "it would be easy to make linux fully support modern macs. All the advantages of x86 and all the advantages of less hardware interactions to worry about."
Is this the case? (I have no intel macs around)
And, whatever the answer, still your objection doesn't make much sense, because the problems with linux is not "i cannot make this configuration work because this piece of hardware is not known/ not supported", but "as time goes by it is increasingly difficult to make hardware work because of new, underdocumented, protocols and functionalities that nobody really asked for". Go read up in forums what people are doing to have secure boot laptops boot linux, they are trying keypresses out because there is NO OFFICIAL DOCS ON HOW TO GET TO THE FRIGGIN BIOS SCREEN. Go read up what Gates says about ACPI in the halloween documents. Does it fit, now?
Of course I will concede that hardware configs are a problem with x86: a COMMERCIAL problem, because laptop model Foobar/x123-4567890abc has an undefined default config: does it mount an atheros or an intel wireless? who knows! Sometimes you don't even have the same LCD resolution!
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
UEFI has nothing to do with Microsoft, even Secure Boot isn't a Microsoft thing and this story doesn't have anything to do with Secure Boot anyway...nice attempt to drag this topic into another M$ Windoze bash-fest though.
Yer, that's why the first key in any EFI system is not Microsoft's and other OS builders are not having to go to Microsoft to get their keys signed. Oh wait........
EUFI and Secure Boot both inherently favor large dominant OS players over minority players.
Wrong, EUFI isn't a thing, UEFI doesn't inherently favor anybody in any way and Secure Boot is a feature that you can use if your bootloader is signed or you want to sign it since you just install the key, alternatively you can turn it off if you don't want it and operate just as you always have on other (U)EFI systems - like Macs - and older BIOS systems.
UEFI (and Secure Boot) are nothing but specifications. Blaming the specification (or even odder, it's author) for someone's failure in implementing the spec is ridiculous. To you blame Tim Berners-Lee every time a web server gets hacked?
I blame Microsoft because they are using their dominant market position to ensure that the majority of computers sold will not easily run Linux by ensuring that all Windows 8 computers are sold with UEFI Secure Boot. The standard that they are pushing is inherently hostile to minority operating systems. TFA makes it clear to me that computer makers will actually have to do work to make sure their computers work with other operating systems such as Linux. Samsung apparently didn't do that work, and thus we have computers that have been bricked.
Tim Berners Lee just came up with a good idea. He didn't use his dominant market position to impose the standard, which was by the way open, unlike the UEFI system, which is inherently closed.
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
Yer, that's why the first key in any EFI system is not Microsoft's and other OS builders are not having to go to Microsoft to get their keys signed. Oh wait........
Oh wait what? You mean oh wait, you're wrong. Microsoft's key isn't in my EFI system or my Mac which is also an EFI system. Moreover Microsoft doesn't sign any keys so you're wrong again, they aren't a signing authority, Verisign signs keys and can sign your bootloader with Microsoft's key if you want, or you could use your own key and install it on your system or you could turn SecureBoot off.
UEFI doesn't inherently favor anybody in any way
Yes it does. First off, you have to jump through many hoops to get a UEFI key. This implicitly favors large players over small. Secondly, since apparently computer makers have to write their own code to the UEFI spec, they are also responsible for checking that it works with different operating systems. If an operating system does not have a dominant market share, computer makers are less likely to adequately test their systems for that operating systems. This is exactly what happened with Samsung...they obviously didn't test their systems with Linux, and now we see the result...bricked computers. The UEFI spec is inherently hostile to small market players like Linux. And I do blame Microsoft because they are the ones who are using their dominant market share to ensure the majority of new computers carry this abomination.
Login first ... That's an increasingly common request. But frankly, I don't understand it. Why do you say that? I see several problems:
1. You can't mod up a login. /. readership.
2. You can mod up an anonymous post. And, doing so may be good for the
3. Maybe one of the following is going on: AC doesn't have an account / AC doesn't want an account / has his own mod points / would prefer to post anonymously this time only / just doesn't play the karma game.
Yes it does. First off, you have to jump through many hoops to get a UEFI key.
There is no such thing as a UEFI key.
Secondly, since apparently computer makers have to write their own code to the UEFI spec, they are also responsible for checking that it works with different operating systems.
This is a flaw in Samsung's implementation of UEFI, if they made a mistake in their BIOS code it would be the same.
And I do blame Microsoft because they are the ones who are using their dominant market share to ensure the majority of new computers carry this abomination.
The BIOS is long obsolete, Linux, BSD and OSX have all supported UEFI for a long time, Microsoft is the one that has been languishing in obsolescence and now they have finally caught up. The various directors of the UEFI forum (AMD, American Megatrends, Apple, Dell, HP, IBM, Insyde Software, Intel, Lenovo, Microsoft, and Phoenix Technologies) have been shipping UEFI products for many years.
"The legacy BIOS was a heap of junk, but throwing the kitchen sink in there and creating a new BIOS that's pretty much an operating system in its own right was not a good solution for anyone other than vendors looking for lockin."
UEFI is "pretty much" an operating system only to those that don't know what an operating system is. What "kitchen sink" got thrown "in there" and what about the legacy BIOS made it a "heap of junk"?
Lots of people demonstrating willful ignorance in this thread.
Verisign signs keys and can sign your bootloader with Microsoft's key if you want, or you could use your own key and install it on your system or you could turn SecureBoot off.
See, we paranoid folk have seen enough of Microsoft's tactics in the past to believe that it starts out fine and open... "sure use your own key".... but soon it's "your key? HAHA!" (cue mustache-twisting Ballmer in a black cape and stovepipe hat). Those of us who are suspicious can be a little pedantic, but we're just going on track record here, and Microsoft's is abysmal. It's not an indictment of EFI, or the consortium behind it. It's and indictment of the greed of Microsoft and its hatred of Linux.
It's the Stay-Puft Marshmallow Man.
Surely you don't really believe that Microsoft is all powerful do you? Between the might of Apple, Samsung (with its Chrome products), HP (with its RHEL and SUSE workstations), Intel (as the second largest contributor to Linux) and other influential players like Valve, the open PC cannot be bought out by Microsoft.
Did it appear that I was talking only about phones? I wasn't. The first thing to come to mind was my TV. It has some kind of Busybox implementation in it. There's an option on the menu which allows you to view the GPL.
UEFI is a trojan designed to piss off geeks.
Samsung laptops do NOT become bricks if booted via UEFI. Have you seen the things? Pavers or facade stones maybe, but I sure wouldn't build a wall or a nice barbecue with something that thin!
This is a hacked account, for which the owner can not be held responsible.
Its just a teething problem... You have new tech/software UEFI being deployed in a rush, by developers that are used to making small changes to BIOS "1976" dealing with a new system UEFI with limited time, training and experience. Don't forget they have management and shareholders that don't really know how much work this kind of thing takes and think all this just takes 15min and runs on magic.
Just give UEFI a little bit more time to mature before you pick-up the pitchforks.
looks like there's a temporary fix for this already.
someone has to compile it first though :)
seems the problem was the samsung specific bit of kernel loading whatsit was doing BIOS specific things even on EFI, and making a damn fool of itself in the process.
it's now wrapped in an "if EFI..."
Do workstations matter? Every former workstation vendor - Sun, HP, IBM, SGI had dropped their Unix based workstations. The only guys who tried replacing it with something in Unix/Linux was SGI, who tried Linux/Itanium before going to Xeon. Oracle, after buying Sun, only does SPARC servers, while HP too offers the Itanium only as servers. IBM too now only offers Power7 servers - their POWERstations too are extinct.
And none of these companies have replaced their workstation offerings with Lintel workstations. That market is just gone to Wintel.
The boot loader shim for starting Grub (and thus Linux) did indeed need to be signed by Microsoft. Getting a key from Verisign won't help a bit, unless you plan on building your own hardware, or have enough negotiating power to get hardware vendors to include you key.
Yea you're a troll for bringing in a subject when this article have nothing to do with secure boot. How hard is it to figure that out?
Without any evidence to back you up this is just paranoia.
Wouldn't Samsung benefit from all the cool coffee shop kids using their laptops to do a Hackintosh or Ubuntu YouTube success?
Or from the sales of these people?
I haven't bought a PC with Windows since 2006, but I have bought a lot of hardware.
Defining Statistics and Social Research
This was such a stupid post.... I must of not had a good day yesterday...
http://www.theregister.co.uk/2013/01/31/ubuntu_uefi_bricking_samsung_laptops/
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Do workstations matter? Every former workstation vendor - Sun, HP, IBM, SGI had dropped their Unix based workstations.
SGI is defunct and has been for years and Sun doesn't do workstation hardware anymore. HP and IBM still do Linux workstations, particularly HP with RHEL and SUSE, I don't see any reason they would drop them just because Microsoft wants SecureBoot on Windows machines.
The boot loader shim for starting Grub (and thus Linux) did indeed need to be signed by Microsoft. Getting a key from Verisign won't help a bit, unless you plan on building your own hardware, or have enough negotiating power to get hardware vendors to include you key.
It didn't need to be signed with Microsoft's key, it could have been signed with any key and the user just adds that key to the SecureBoot key list on their machine, or they could just turn SecureBoot off and not use it. And no, Linux does not need to be signed with that key either, the grub bootloader shim will ask the user to accept any key from the signed OS that the bootloader shim attempts to load - this should be obvious given that if the OS were signed with an installed key you wouldn't need the shim at all.
Wow!! I remember that command from a spoof ICL machine - that and the Galactic Storage Device!
Reminds me of how lmsensors bricked some Thinkpads during the I2C probing process. It overwrote some bytes in the "security chip" and wrecked a checksum which prevented the machine from booting. IBMs answer was to replace the mainboard. You could reprogram the chip, but the information was hard, if ever, to get. Some guys offered reprogramming services for a hefty fee.
The main reason was that the security chip, wich was a extended I2C eeprom (24RF02) reacted differently to commands as its non-security counterpart.
Crivens! I kicked meself in me own heid!
Did you miss the requirement that every UEFI BIOS must be able to disable Secure Boot if it has it?
Look, I dislike Microsoft's general business practices, and some of their software is worthy of derision. We should definitely keep an eye on this sort of thing. But (a) this article has nothing to do with Secure Boot and (b) you can easily run Linux or other operating systems on any computer with Windows 8. Either disable Secure Boot, install your own certificates, or use a boot loader signed by someone for whom your firmware already has the certificate.
Amusingly, I just bought a Samsung notebook with Windows 8 and Secure Boot. Doesn't seem to be affected by this bug. However, I couldn't make both Windows 8 and Ubuntu 12.10 boot with Secure Boot enabled. After a lot of mucking about, I can boot Ubuntu fine using Secure Boot, but so far I can't chainload Windows 8 for some reason from grub. So I've had to disable SecureBoot, so I can run Windows 8!
UEFI is a monstrous specification that puts an almost fully featured single tasking OS into the mainboard firmware (memory management, file system, loading/linking, UI). At its core it is a good thing that cleans up much of the mess that the layered, hopelessly outdated legacy called BIOS has become. UEFI does away with things like boot blocks, the need for separate setup utilities embedded e.g. in RAID controller firmware and other stuff. The firmware can also be extended by modules placed next to the bootloaders in the same FAT partition. As far as I can remember, it can act as a boot menu for you if you cared to to register multiple bootloaders.
The list of features in this thing is incredibly long. I cannot comment on their actual quality, though. And complex specifications are hard to implement and even harder to get right. I have a feeling that this Samsung problem isn't the last UEFI problem we're going to see.
http://www.moonlight3d.eu/
Something like SecureBoot has been implemented for at least six years on motherboards I figure.
Many OEM hardware vendors would have a special key stored in the firmware somewhere. Without that key, the user can't reinstall the OEM version of Windows that shipped with the machine. I know this because when a motherboard would fail, we'd take one with the same form factor, size and compatible with the original CPU off-the-shelf and install it. Then we'd try to use the OEM Windows CD and no go - wont install. Called manufacturer and was informed that the replacement motherboard had not been "signed". Poor customer was forced to buy another copy of Windows or pay exorbitant cost for replacement OEM mobo.
It's a Lock-In scheme. Plain and simple.
Codifex Maximus ~ In search of... a shorter sig.
bws111 said, "Secure boot is an optional feature of UEFI"
Not for long.
Codifex Maximus ~ In search of... a shorter sig.
I take it you're not going to elaborate but only curse at people.
Codifex Maximus ~ In search of... a shorter sig.
I know one that can comment on quality:
http://www.youtube.com/watch?v=V2aq5M3Q76U
It obviously sucks
New things are always on the horizon
You can not turn it off on ARM devices running Windows 8 (if the OEM wants to participate in the Windows Logo Program, which they obviouosly want to do because it makes it cheaper).
New things are always on the horizon
You can not turn it off on ARM devices running Windows 8 (if the OEM wants to participate in the Windows Logo Program, which they obviouosly want to do because it makes it cheaper).
Which makes it no different to an iPad or any Android device with a locked bootloader, except if numbers are anything to go by WindowsRT ARM devices are virtually non-existent in the market.
There's no need to elaborate, considering the article has absolutely nothing to do with SecureBoot in the first place. If you think they're the same, you made up that fact and the only thing you need to do is consider it false, and then educate yourself.