Spanish Open Source Group Files Complaint Over Microsoft Use of UEFI Secure Boot

← Back to Stories (view on slashdot.org)

Spanish Open Source Group Files Complaint Over Microsoft Use of UEFI Secure Boot

Posted by Soulskill on Tuesday March 26, 2013 @10:30AM from the saga-continues dept.

sl4shd0rk writes "Hispalinux, which represents Spanish Open Source developers and users, has filed a complaint against Microsoft with the European Commission. 14 pages of grief cited Windows 8 as an 'obstruction mechanism' calling UEFI Secure Boot a 'de facto technological jail for computer booting systems... making Microsoft's Windows platform less neutral than ever.' On March 6 of 2012 the Commission fined Microsoft 561 million Euros for failing to offer users a choice of web browser, and there was also a 2004 ruling which found the company had abused its market position by tying Windows Media Player to Windows itself. Relations appear to remain more tense towards Windows in Europe, so there may be some hope of making UEFI more Linux-friendly. UEFI has been implicated in the death of Samsung laptops running Linux."

154 comments

Min score:

Reason:

Sort:

I hope they make the right decision.... by Anonymous Coward · 2013-03-26 10:37 · Score: 5, Insightful

... and that is, to keep secure boot around, but ban the practice of not allowing users to enter their own BIOS keys, or disable it in the BIOS.
I like secure boot from a security perspective, and we actually use it to lock down some embedded Linux products I've worked on. As long as savvy users can disable/override/change keys, we get the best of both worlds.
1. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 10:52 · Score: 0
  
  Mod parent up.
2. Re:I hope they make the right decision.... by aaaaaaargh! · 2013-03-26 11:12 · Score: 5, Insightful
  
  What is most important is that the user must perform the same steps for activating secure boot of an operating system regardless of which operating system is being installed. No extra fiddling in the UEFI for non-Microsoft operating systems and no dependence of other OS makers on Microsoft for anything in this process.
3. Re:I hope they make the right decision.... by 0123456 · 2013-03-26 11:13 · Score: 4, Interesting
  
  As long as savvy users can disable/override/change keys, we get the best of both worlds.
  What about 'unsavvy' users, who can currently put a CD in their drive and install the OS, but in the glorious 'secure' future will have to fiddling in the BIOS instead, if the hardware even allows it?
4. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 11:15 · Score: 0
  
  AMEN!
5. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 11:26 · Score: 5, Interesting
  
  Linux installation had gotten to the point that it is even easy for not so computer savvy people. In fact, installing Mint was a lot easier and
  trouble free than installing windows. Until Windows 8 and UEFI. Yes, you can turn of secure boot, but it took knowing that it should be possible
  and much searching to find out how: The option was not (visible) unless you set an UEFI administrator password. Even with secure boot turned off, it did
  not boot from CDROM. It did boot from USB key, but did not read data from it, ...
  Of course much of this is laptop specific; this is precisely the problem. There is no easy generic recipe, and the not so savvy users are going to give up, and think this Linux thing is too difficult.
  It is not acceptable that one (monopoly) os vendor has the keys to ypur hardware. Secure boot should at least be turned off or in setup mode by default, and it should be easy to install extra/your own keys.
6. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 11:49 · Score: 0
  
  You always had to fiddle in the BIOS, in order to boot from CD in the first place.
7. Re:I hope they make the right decision.... by vux984 · 2013-03-26 11:52 · Score: 2, Insightful
  
  That's just absurd. If I buy a computer with an operating system pre-installed then I expect any relevant UEFI configuration done when I get it.
  If I want to install something else, then disabling UEFI secure boot or installing approriate keys for my alternate choice should be on me.
  And if I buy a boxed motherboard at retail, the selection of preinstalled keys should just be another differentiating factor between models and vendors. I am fully prepared for a real world where everything ships with the microsoft bit already installed and that I need to do some extra work if I want something else.
  But the GP is right, I the end user should have the right to disable secure boot and/or install my own keys on any hardware I buy.
  And not just on on computers, but also on tablets and phones, even consoles. But some of those battles are maybe for another day.
8. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 12:18 · Score: 1
  
  If you disable UEFI on a dual-boot machine then Windows 8 won't boot. So, you can see the problem here.
9. Re:I hope they make the right decision.... by Teun · 2013-03-26 12:20 · Score: 3, Insightful
  
  So then, what is absurd?
  Off course a pre-installed computer should come with UEFI secure boot enabled.
  But it should not be a hindrance like we see now to later or right away install the OS of choice.
  Even when keys are a necessity they should still be available to the rightful owner of the hardware, not some outsider like Microsoft.
  You bought a computer with secure boot, disabling it is the wrong option.
  
  --
  "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
10. Re:I hope they make the right decision.... by rrohbeck · 2013-03-26 12:26 · Score: 1
  
  Now if we get that on any platform including ARM I'll agree with you.
  
  --
  thegodmovie.com - watch it
11. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 13:15 · Score: 0
  
  no Winbugs 8?... perfect! this is what the Dr. recomends for our sanity... no problem here ;)
  I just need to be sure that EVERY computer that I bought with or without winbugs "hate" can run every flavor of linux that I need to use.
  I hope that "[D|H]ell" give us the chance to disable it.
12. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 13:22 · Score: 0
  
  It is not acceptable that one (monopoly) os vendor has the keys to ypur hardware
  Yet, people continue to buy Apple products, and locked down Android phones from whatever carrier. It seems to be acceptable to the vast majority.
13. Re:I hope they make the right decision.... by vux984 · 2013-03-26 13:51 · Score: 2, Interesting
  
  Off course a pre-installed computer should come with UEFI secure boot enabled.
  Right. So if it comes pre-installed with windows, then UEFI secure boot will be enabled and the signing key for windows will be loaded.
  If I want to reinstall windows, uefi isn't going to interfere or be a factor at all.
  If I want to install any other operating system, then its going to be extra effort, im going to have to load a signing key for the OS I want to install, and that means "extra fiddling".
  It is absurd to suggest otherwise.
  But it should not be a hindrance like we see now to later or right away install the OS of choice.
  There is no real hindrance now on x86 systems.
  Even when keys are a necessity they should still be available to the rightful owner of the hardware, not some outsider like Microsoft.
  Yes, the ability to go into UEFI and load whatever keys one likes absolutely should be the right of the rightful owner of the hardware.
  However Microsoft doesn't control the keys, so I don't know what you are talking about. The end user can load whatever keys they want on x86 hardware.
  The current mess is NOT because I can't avoid using microsoft's keys to use linux, or that there is a dependency on Microsoft.
  The current mess is because some linuxes, as a convenience to their users are signing their systems with microsoft keys because those keys are already loaded, so users don't have to go through the trouble of loading a key. But that doesn't give MS control.
  You can even sign a distro with your own key, and load that key into UEFI. No dependency on Microsoft. No dependency even on the distro. But its a bit more extra fiddling for you.
  You bought a computer with secure boot, disabling it is the wrong option.
  I agree, but in general the ability to boot random live CDs, something you compiled yourself from source, and what have you will be simpler if you can turn secure boot off rather than having to sign it and load the key first.
14. Re:I hope they make the right decision.... by crutchy · 2013-03-26 14:50 · Score: 1
  
  why the hell would you buy from dell?
15. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 15:10 · Score: 0
  
  Long story short: boss orders.
  in the past some "hell" models have a good ROI compared with other brands more problematic because of warranty, etc.
  But for some of our "servers" we set up some without tell him. >:O
16. Re:I hope they make the right decision.... by sjames · 2013-03-26 15:23 · Score: 1
  
  So configure it with secure boot OFF. If the user wants to secure the boot, he/she can go through a procedure to generate a key and sign the bootloader (or sign the OS vender's key and add it as a secondary key).
  Secure boot is a feature that might act to better secure a system for a security conscious user who also takes the other necessary steps in OS and applicatoion configuration. Otherwise, it's just a roadblock to installing another OS and provides no benefit to the owner of the device.
17. Re:I hope they make the right decision.... by jhol13 · 2013-03-26 15:45 · Score: 3, Interesting
  
  There is NO security in "secure boot"
  1. What does it secure against? Viruses in (pre)bootloader, nothing else.
  2. How does it secure? By DoS (disabling the boot).
  1. Hugely better way would be the disk controller to disable writing to the first sector of any drive.
  2. That would prevent viruses from writing into the disk in the first place.
  This would work as follows: the (pre)bootloader would set an uncleareble security bit in the disk controller which prevents writing to the sector 0. If the boot is from USB (or a key was pressed, etc.) then it would not set the bit, thus allowing OS installers to write the sector 0.
18. Re:I hope they make the right decision.... by jhol13 · 2013-03-26 15:56 · Score: 4, Interesting
  
  The problem is that there is no advantage to anyone to have "secure boot".
  The "secure boot" does not prevent viruses from writing to the (pre)bootloader, it just notices if it has happened. Then the "notification" or "failure mode" is DoS, your computer won't boot. I'd rather boot with a virus than not boot.
  How about a better solution, something that *prevents* viruses from writing over the prebootloader? Something which will not brick your computer at an important meeting?
  Solution: There is an unclearable security bit in the disk controller which prevents writing to sector 0. The (pre)bootloader would set the bit in the boot, unless the boot is from USB (or a key was pressed), thus allowing OS installers to write the sector 0. All the advantages of "secure boot" and none of the disadvantages.
19. Re:I hope they make the right decision.... by Telvin_3d · 2013-03-26 16:30 · Score: 1
  
  'Unsavvy' users can re-install the OS that came with the computer just as easily (or not) as they can right now. And, almost by definition, people who are installing their own alternate OSs are not unsavvy.
20. Re:I hope they make the right decision.... by sofar · 2013-03-26 17:28 · Score: 1
  
  misinformed much?
  You do not need to disable UEFI in order to boot a different OS, but only need to disable Secure Boot.
  You can disable Secure Boot and still boot multiple OS's (with UEFI, as almost all the major distros now support). You can then add a second key and re-enable Secure boot, and dual boot any OS you want with Secure Boot enabled.
21. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 17:39 · Score: 0
  
  That would not be the right decision. The "tech savvy users" way out is in reality just another hurdle for those who aren't. Secure boot's lockdown features are about control, not security.
  As you demonstrate yourself. Yes, even you calling it "security" doesn't make it so; it's about control. It means that malware --the kind adept at circumventing restrictions for its own gain-- will have another hurdle to take, nothing more. But it also will mean that the people owning the hardware have yet another hurdle to take to make it do what they want it to do, and by its very nature it's a rather involved and convoluted hoop to jump through juuust right. In this marketplace that means less and less control for the end-user. Especially given this software vendor with a dominant market position and a long, long, long history of abusing it.
  Yet you advocate it keep at it with its entire market for your own little selfish niche. You, sir, suffer from a particularly insidious form of the recto-cranial inversion syndrome.
22. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 17:42 · Score: 1
  
  It's worse than that actually.
  If thing is on by default, many users will be:
  a) afraid to disable it.
  b) Wont know how.
  And this will be big enough barrier for them to try out Linux.
  So, unless option is on by default, it's already bad.
23. Re: I hope they make the right decision.... by Anonymous Coward · 2013-03-26 18:07 · Score: 1
  
  Care to provide or point to a "how to" on doing your own key thing?
24. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 19:45 · Score: 0
  
  Since when? It's been years since I've had to do that to get a machine to boot from CD.
25. Re:I hope they make the right decision.... by mathew7 · 2013-03-26 20:28 · Score: 2
  
  My experice comes from Lenovo with Win8 consumer preview.
  Used win7 (from lenovo) and debian, both through UEFI.
  Installed win8 CP over win7. 1st problem: i could no longer change the boot order. I could boot both OSes, but I could not boot linux without boot menu.
  So I used the UEFI tool from debian to change the order.....debian booted by default...but win8 refused to boot.
  No option to disable secure boot.
  So my opinion, MS is to blame only for forcing secure-boot, leading to OEM delivering incomplete implementations.
26. Re:I hope they make the right decision.... by mathew7 · 2013-03-26 20:32 · Score: 3, Informative
  
  That kind of virus protection was present in older BIOS implementations, while win9x/ME was still present. With Win2K/XP, no such protections work (for MBR booting) because other drivers are accessing the HW directly (and you cannot enforce on HW because that would prevent repartitioning).
  For UEFI-booting, the UEFI firmware has a complete path to a partition+file. There is no way to protect a single file with a compromised OS.
27. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 21:39 · Score: 0
  
  What about 'unsavvy' users, who can currently put a CD in their drive and install the OS, but in the glorious 'secure' future will have to fiddling in the BIOS instead, if the hardware even allows it?
  If they're too damn stupid to adjust the BIOS settings, then they're way too stupid to be able to use an alternative OS.
28. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-26 23:00 · Score: 0
  
  How many boot sector viruses have there been in the last 10 years? This is a solution in search of a problem.
29. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-27 00:33 · Score: 0
  
  Its a good thing, but Y cant we have ELF signing instead of MSFT PE exe in BIOS? Y cant we check like MSFT products do to see if its supported before forcing people to boot into it? (most linux products cant go either way, win8 can.) I for one, CANNOT boot SECURE EFI. I dont have the EFI(patch?) to support it. I can boot EFI64 (AMD64) oses. Y cant we OPENBIOS the EFI?
30. Re:I hope they make the right decision.... by MachineShedFred · 2013-03-27 01:50 · Score: 1
  
  Update your EFI.
  All Lenovo EFI versions I've seen (and that's quite a few of them since I own the process of certifying hardware for my employer) have the ability to disable EFI Secure Boot under the "Security" section.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
31. Re:I hope they make the right decision.... by MachineShedFred · 2013-03-27 01:52 · Score: 1
  
  Yeah, that's great for old school MBR-style disks, but when you move into GPT / uEFI, it's a completely different ball game.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
32. Re:I hope they make the right decision.... by jhol13 · 2013-03-27 02:05 · Score: 1
  
  Er ... why? Why cannot you write protect the MBR in GPT/UEFI disks?
33. Re:I hope they make the right decision.... by jhol13 · 2013-03-27 02:16 · Score: 1
  
  The firmware does not access a "file" as it does not undestand the file system you use. So you do not need to protect "a file", you can protect whatever the firmware loads, no matter if it is MBC, MBR, GPT, secondary GPT also, or even a list of (thousands of) LBAs - if you really want.
  Are you still claiming this cannot be done? Why not?
34. Re:I hope they make the right decision.... by mabhatter654 · 2013-03-27 02:32 · Score: 2
  
  The issue is that they pulled a page out of the "Halloween Documents" in that the spec is "open" but OEMs only have to MATCH Microsoft's implementation as a minimum to boot Windows... There was never any "QA" to follow the other parts of the spec.... ... Oops! Imagine that happening?
  The goal is not to "lock out" everybody... But to make 5% of customers that want to use the freature have to beg and hassle manufactures for every. single. model... Individual apathy at each manufacturer will keep it relatively locked down, or perpetually six month behind...
  Ironically, the EFI bios in Macs has few problems now booting most Linux Live CDs...
35. Re:I hope they make the right decision.... by mathew7 · 2013-03-27 02:42 · Score: 1
  
  That's just it: fat32 is known & used. Haven't you seen those 100-500mb boot partitions that win vista & newer create? Those are because of uefi.
36. Re:I hope they make the right decision.... by mathew7 · 2013-03-27 03:14 · Score: 1
  
  Will do, but it's pointless now as I converted to MBR BIOS emulation booting. In the process I learned that Win7 links UEFI booting to GPT and BIOS emulation to MBR. Linux can do any of the 4 combinations (if you know how to set it up).
37. Re:I hope they make the right decision.... by mathew7 · 2013-03-27 03:30 · Score: 1
  
  As a completion, BitLocker may be another reason for the small boot partition.
  But the concept of UEFI booting is not to use the 1st LBA to load the OS. That still remains but it's called BIOS-emulation.
  You know the old "installed OS menu" concept where one OS has to know about another (like dual/triple-booting)? With UEFI that is gone, as each OS will add it's own booting instructions (description + bootloader file + UEFI parameters) without erasing/changing the others (well, it can, but it's against the UEFI specs). So now the UEFI loads a FILE which can reside on the 20th HDD.
  PS: My previous server MB (Intel DG45FC) seems to freeze the boot process when I have a HDD with a linux partition (ext3) and extlinux installed on it. It seems to me that it ignored the MBR partition ID and started probing the FS and basically treating the boot code as FS parameters. I mentioned this because UEFI tries to read all partitions for known filesystems (mainly FAT).
38. Re:I hope they make the right decision.... by david_thornley · 2013-03-27 03:48 · Score: 1
  
  The problem is that there is no advantage to anyone to have "secure boot".
  
  How about being able to reliably boot up to a specific version of an operating system? (Known boot whatever loads signed whatever, which loads signed whatever, etc.) Not that I'm an expert here, but it looks to me like it would be much easier to detect rootkits with secure boot.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
39. Re:I hope they make the right decision.... by lsatenstein · 2013-03-27 04:57 · Score: 1
  
  So then, what is absurd?
  Off course a pre-installed computer should come with UEFI secure boot enabled.
  But it should not be a hindrance like we see now to later or right away install the OS of choice.
  Even when keys are a necessity they should still be available to the rightful owner of the hardware, not some outsider like Microsoft.
  You bought a computer with secure boot, disabling it is the wrong option.
  ===
  should the hardware vendor provide a second level external software bios that the secure boot bios loads? This latter bios would contain the user managed security keys to allow the starting of any operating system. This bios, once its signature is validated would take over from the rom/eprom bios.
  That would solve the problem of permitting any user operating system to boot. The risk, if there is one, is that your selected operating system may contaminate another operating system.
  
  --
  Leslie Satenstein Montreal Quebec Canada
40. Re: I hope they make the right decision.... by vux984 · 2013-03-27 06:16 · Score: 1
  
  This covers a good part of the process:
  http://blog.hansenpartnership.com/owning-your-windows-8-uefi-platform/
41. Re:I hope they make the right decision.... by vux984 · 2013-03-27 06:20 · Score: 1
  
  How many boot sector viruses have there been in the last 10 years? This is a solution in search of a problem.
  No, the problem is "rootkits". And Secureboot provides a mechanism for preventing / detecting them.
42. Re:I hope they make the right decision.... by vux984 · 2013-03-27 06:32 · Score: 1
  
  So configure it with secure boot OFF.
  That's like shipping it with antivirus disabled and relying on the average user to do something quite complicated to turn it on.
  If the user wants to secure the boot, he/she can go through a procedure to generate a key and sign the bootloader (or sign the OS vender's key and add it as a secondary key).
  Gee, that sounds like work, average user will just press skip and run without it. Just like they don't do windows updates or anything else unless they are done automatically, even if they nag constantly.
  How many of us have looked at a users pc with Java, Acrobat, Flash, Windows Update, and their antivirus icons all lit up asking for permission to update and the user just dutifully minimizes them each morning?
  You really want to put the task of enabling secure boot onto them? Get real.
  Secure boot is a feature that might act to better secure a system for a security conscious user
  Except we'd like to better secure systems for regular users who are not security conscious and can't even be relied upon to run even the most trivial updates.
  Otherwise, it's just a roadblock to installing another OS
  The people who want to install other OSes will be sufficiently skilled and motivated to figure it out. We shouldn't reduce the security of average users who will run the OS it came with until it dies just to make it easier for power users to install different operating systems.
  and provides no benefit to the owner of the device.
  Except some security against being the victim of a rootkit. That's the whole point.
43. Re:I hope they make the right decision.... by sjames · 2013-03-27 07:12 · Score: 1
  
  If those assumptions are true, then secureboot won't help them anyway since they'll run as admin at all times and set no password. If they are somehow talked into at least setting a password, they'll dutifully enter it whenever the nice people in wherethefuckisthatistan (or Sony) say they need to.
  All secureboot could possibly do for them is lock them out one day.
44. Re:I hope they make the right decision.... by MachineShedFred · 2013-03-27 07:15 · Score: 1
  
  Well, for one thing, the MBR is only a "protective MBR" and doesn't describe anything about the layout of the disk, and serves no purpose other than making sure disk utilities that don't know how to work with GPT don't blast your partition table to nothingness. Secondly, GPT has a backup table in it's standard layout, so if something does screw with the primary partition table, you can restore from the backup table. Third, if you're using uEFI, and your OS is EFI-boot native, it's not doing the "player piano" boot where the computer is only smart enough to know to look at sector zero to start doing what it's supposed to be doing. Your OS may load extensions to EFI, chain-boot through several pieces of code, etc.
  For instance, EFI-based Macs check the EFI System Partition on every boot to see if a new firmware file was dropped there. If it was, it checks the signature on it (only install signed firmware), and then loads the flashing tool rather than the OS kernel. Windows 7 in an EFI-based install will move all of the BCD stores and boot loader binaries onto the EFI System Partition, which is a completely different file system (and format) than the rest of your Windows install. EFI understands several different file systems including VFAT, so you can have the boot loader named any discrete thing, and in any inode in the file system.
  There is much more going on with GPT / uEFI than there ever was with MBR / BIOS.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
45. Re:I hope they make the right decision.... by vux984 · 2013-03-27 07:35 · Score: 1
  
  If those assumptions are true, then secureboot won't help them anyway since they'll run as admin at all times and set no password.
  Which starting with Vista is a regular user account unless they escalate.
  If they are somehow talked into at least setting a password, they'll dutifully enter it whenever the nice people in wherethefuckisthatistan (or Sony) say they need to.
  These are the people who don't update flash or acrobat or Windows. Why would they enter it for some random popup they know even less about?
  All secureboot could possibly do for them is lock them out one day.
  Are you really advocating that we prefer users to get infected?
  Between default secureboot, default automatic windows updates, default automatic antivirus updates, and a clueless user has a fighting chance of staying clean.
  If the infection can't get much deeper than the the user account, then the user has a shot of the antivirus detecting and removing it, even if takes a couple days for the maware to get added to the definitions.
  If the infection tries to go full rootkit, trips secureboot, and the pc won't boot up. Good. Their PC is broken, and they should get it fixed. Becoming part of the local botnet is not a better outcome.
46. Re:I hope they make the right decision.... by sjames · 2013-03-27 09:49 · Score: 1
  
  I am stating flat out that secure boot contains no magic unicorn dust. People routinely OK everything and authenticate anything and everything in windows. If they won't set secure boot on their new machine, they won't take any of the other necessary steps to maintain a secure system anyway. With or without secureboot, they will be hacked and infected sooner or later.
  If it makes you feel better, how about just making sure the root key in the system is a system specific key that then signs the MS key IF the user requests secureboot setup. Or perhaps uefi should have a setup to walk them through that process.
  Under no circumstance should MS hold the keys to other people's castles.
47. Re:I hope they make the right decision.... by vux984 · 2013-03-27 10:11 · Score: 1
  
  People routinely OK everything and authenticate anything and everything in windows.
  Yes, that applies to some people.
  And many more are reasonably good about not opening random things from the web, and don't visit the darker parts of the web and they don't click "I agree" to UAC to view naked pictures of a celebrity or whatever.
  When they do get infected its usually some sort of drive-by exploit on some legitimate site via a malicious ad.
  Between default secureboot, default automatic windows updates, default automatic antivirus updates, and an innocent by not completely idiotic user has a fighting chance of staying clean. But it all has to be on by default, out of the box. They don't know enough about security to make informed decisions about security configuration.
  If it makes you feel better, how about just making sure the root key in the system is a system specific key that then signs the MS key IF the user requests secureboot setup. Or perhaps uefi should have a setup to walk them through that process.
  None of that makes an ounce of sense. The last thing anyone normal wants to do when they buy a new computer is navigate a UEFI wizard.
  Under no circumstance should MS hold the keys to other people's castles.
  They don't. I don't know why you think that they do. On any x86 anyone who WANTS to can go into UEFI and delete the MS keys, and install their own or any others whenever they want.
  Yes, ARM is different, and we can all agree there is a problem on ARM, but now we're talking tablets and surface RT ... and iPads for that matter.
48. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-28 08:11 · Score: 0
  
  Well, for one thing, the MBR is only a "protective MBR" and doesn't describe anything about the layout of the disk,
  Tangent: it's possible for that MBR to actually describe disk layout in some circumstances, though. Apple's Boot Camp tools will do this when partitioning a disk to dual-boot older non-GPT-aware versions of Windows and OS X. It's a little crazy having two parallel partition tables pointing to the same partitions, but it works, so long as you don't touch it after it's set up.
49. Re:I hope they make the right decision.... by jhol13 · 2013-03-28 16:42 · Score: 1
  
  You seem to forget how secure boot works: it checks the signature of the boot image (OS loaders & drivers). I propose protecting the boot image and how it is found, by listing the important LBAs or partitions (i.e. the places where the OS loaders and drivers reside and how they are read during boot).
  Besides, the EFI is overly complicated.
50. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-30 06:35 · Score: 0
  
  15 years in the business had have never seen or heard of a BIOS compromised.
  Secure boot has nothing to do with security and everything to do with control
51. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-30 06:57 · Score: 0
  
  Bullshit
  Rootkits can run on their on in user or system space.
  They don't have to be attached to a OS file.
  In Windows it is trivially easy to start with user level permissions and escalate privileges.
  Secure boot does nothing to prevent that.
  At best all it can do is detect that so kernel file was overwritten and refuse to boot. That is not exactly a good solution,
  Secure boot is about control, nothing more. To believe anything else makes you an epic fucktard.
52. Re:I hope they make the right decision.... by Anonymous Coward · 2013-03-30 08:14 · Score: 0
  
  10 million Ubunutu users disagree with you.
  Note that I said Ubuntu, not Linux.
53. Re:I hope they make the right decision.... by ambidextroustech · 2013-04-02 02:54 · Score: 1
  
  Wait until Windows Updates re-enable disabled UEFI setups
Radical by Anonymous Coward · 2013-03-26 10:41 · Score: 3, Interesting

I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit. If you want to make money you will actually need to produce good products, not create all these ugly "services" and lock-in mechanisms. The only purpose of them is to NOT have to innovate but make money anyway.
1. Re:Radical by ackthpt · 2013-03-26 10:52 · Score: 4, Insightful
  
  I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit. If you want to make money you will actually need to produce good products, not create all these ugly "services" and lock-in mechanisms. The only purpose of them is to NOT have to innovate but make money anyway.
  The problem is Microsoft does make good products. They don't make great products, though. To prevent you from having freedom to choose and companies to offer better technology applications/plug-ins they still cling tenaciously to their strategy to lock you into their technology or kill competitors with bundling.
  Imagine only being able to buy the petrol for your automobile at specified stations, where the mixture won't result in a burned out engine. There were businesses once who considered or undertook such business models. (some still do, but not to that extent) Microsoft continues to flirt with this strategy -- once in their kingdom you can only get your water from their well.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
2. Re:Radical by whoever57 · 2013-03-26 11:35 · Score: 4, Insightful
  
  The problem is Microsoft does make good products. They don't make great products, though.
  I don't think that is accurate. For the most part, Microsoft makes products that are barely good enough, combined with the fact that Microsoft's monopoly position made it such that most buyers of computers were simply unaware of what was possible. For example, BSODs are rare now, but Microsft was able to convince a generation of buyers that random BSODs were acceptable when competing products did not suffer the same problems.
  
  The fact is that we don't know how far the industry would have progressed without the illegal anti-trust violations which resulted in the supression of competition.
  
  --
  The real "Libtards" are the Libertarians!
3. Re:Radical by girlintraining · 2013-03-26 12:30 · Score: 5, Insightful
  
  I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit.
  
  Many moons ago, now long-forgotten to most of the younger crowd that's moving into spaces like this, there was an informal ideology known as the hacker ethic. One of them, was that knowledge is power, and so it should be shared freely. The right to learn, and the duty to teach, went hand in hand in our community. It didn't matter what laws they passed telling us we couldn't speak, we couldn't teach, couldn't learn -- which is what intellectual property is fundamentally about. We did it anyway. And they called us criminals, they passed laws, they tried to delete us from the network we built, and loved, and replace it with paid shills, corporations, and tons and tons of advertising. And none of that gave a damn about learning, or teaching -- it was about consumption.
  And today, kids these days, they think that consuming their content, their pre-processed and devoid of flavor "knowledge", is what learning is today. And us, those who were here first... it's painful to watch. Sometimes so much so, we have to turn away from our hobbies for awhile, get up, go outside, because the saddest words ever said are "What might have been!" We failed you. The next generation. But we tried. Oh damn, we tried... We thought it would be enough. Nobody could control the internet!
  We never thought that every government in the world, even traditional enemies, would ally themselves with one goal: Destroy this new vessel of human freedom.
  We never thought it would become the tool of your oppression.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
4. Re:Radical by Anonymous Coward · 2013-03-26 12:33 · Score: 0
  
  The fact is that we don't know how far the industry would have progressed without the illegal anti-trust violations which resulted in the supression of competition.
  Not sure what you mean by that. If you mean that Microsoft might have produced something great without the intervention, well... Even if they would have, we would be stuck in a worse monopoly than we have now, which clearly is the worst.
5. Re:Radical by Anonymous Coward · 2013-03-26 12:34 · Score: 0
  
  For the most part, Microsoft makes products that are barely good enough,
  I don't think that is accurate. - insert hyperbole here and pointless drivel -
  Two can play at your game.
6. Re:Radical by Anonymous Coward · 2013-03-26 12:50 · Score: 1
  
  I would write a fully reasoned and explained response, but you strike me as the kind of person who has his or her mind completely made up; the kind of person who would refuse to accept any kind of argument; in short, the kind of person who would simply attack anything I write with his or her ignorance.
  In lieu of that, then, I will ask: how often have you encountered a BSOD that wasn't caused by an incompetent third party, or some kind of hardware failure? Microsoft maintains an extremely complex operating system that provides decades of backwards compatibility (of note, a lot of their most idiotic design choices stem from this). Neither the Linux community nor Apple provide the same. This is actually a pretty important feature in the real world.
7. Re:Radical by PmanAce · 2013-03-26 14:07 · Score: 1
  
  They don't make great products, though
  Visual Studio is a great product and has been for a while now.
  
  --
  Tired of my customary (Score:1)
8. Re:Radical by Anonymous Coward · 2013-03-26 14:53 · Score: 0
  
  >Imagine only being able to buy the petrol for your automobile at specified stations, where the mixture won't result in a burned out engine.
  I think you're confusing Apple with Microsoft there, sport.
9. Re:Radical by epyT-R · 2013-03-26 14:55 · Score: 1
  
  sums up my thoughts exactly. It's really too bad. Computing in the 80s-90s was about indvidual empowerment.. Now it's about intellectual enslavement.
10. Re:Radical by ScentCone · 2013-03-26 15:06 · Score: 0
  
  It's really too bad. Computing in the 80s-90s was about indvidual empowerment..
  Right, as long as somebody else paid to run all the infrastructure so you could have a playground to be free and rail against the people paying the tab. Classic.
  
  --
  Don't disappoint your bird dog. Go to the range.
11. Re:Radical by chrismcb · 2013-03-26 15:14 · Score: 0
  
  The fact is that we don't know how far the industry would have progressed without the illegal anti-trust violations which resulted in the supression of competition.
  I think we have a pretty good idea how far the industry would have progressed. Just look at the non MS world around you.
  As far as Microsoft Products they are far superior to the majority of the products out there. Are they perfect? No, but then neither is anything else.
12. Re:Radical by symbolset · 2013-03-26 15:26 · Score: 3, Insightful
  
  Take a look at mobile for a clue how that would turn out. Without Microsoft's - and their partners' "leadership" the pace of progress has been... astounding.
  
  --
  Help stamp out iliturcy.
13. Re:Radical by symbolset · 2013-03-26 15:33 · Score: 1
  
  I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit.
  It's called mobile. Their crap doesn't play well over here. Come on in. The water's fine.
  
  --
  Help stamp out iliturcy.
14. Re:Radical by Anonymous Coward · 2013-03-26 15:52 · Score: 0
  
  Somebody else meaning the people (in case you forgot where taxes come from)
15. Re:Radical by drkstr1 · 2013-03-26 16:34 · Score: 2
  
  My biggest complaint with Visual Studio is its lack of interoperability.
  
  --
  Fanboy Status: Apache Flex, C#, Eclipse, KDE, Pirate Party, Ron Paul, Slackware, Windows 7
16. Re:Radical by Arker · 2013-03-26 17:05 · Score: 2
  
  In lieu of that, then, I will ask: how often have you encountered a BSOD that wasn't caused by an incompetent third party, or some kind of hardware failure? Microsoft maintains an extremely complex operating system that provides decades of backwards compatibility (of note, a lot of their most idiotic design choices stem from this). Neither the Linux community nor Apple provide the same.
  First case - plenty of times. MS seems to have some issues with race conditions and has for many years. Most BSODs today do track back to the causes you mention - but certainly not all, and historically that was much less true. I have seen GPFs occur even for example under DOS where those explanations were impossible or ruled out. Both linux and apple maintain extremely complicated systems with backward compatibility for code from circa 1968, MS isnt even the same ballpark in terms of backwards compatiblity.
  
  --
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Friends don't let friends enable ecmascript.
17. Re:Radical by jellyfoo · 2013-03-26 17:05 · Score: 1
  
  Any particular reason you had to be so dramatic? It's not necessary to make your point. It's fairly straightfoward really: the bad guys always win; it's a fact of life. They have more money and power than good, honest, moral people will ever have, The best you can do is hold them off as much as possible, but eventually, anything that can be locked down, will be. Anything that can be done to ensure people are kept dumb and mindless consumers, will happen. I know this, because it's happening to me too despite being aware of what I'm becoming.
  It's very hard to fight against those that want to take away your freedoms, and with all the pressures and problems in normal adult life, most people don't have the luxury to fight all the damn time against such things.
18. Re:Radical by Anonymous Coward · 2013-03-26 17:43 · Score: 0
  
  The alternatives are widely successful anywhere Microsoft doesn't have a monopoly. I'm sure that's just coincidence, right? Take your ballmer doll home or I'll stick a needle in it and light it on fire.
19. Re:Radical by Anonymous Coward · 2013-03-26 17:46 · Score: 0
  
  Call me when they can cross compile to something other than Windows.
20. Re:Radical by Anonymous Coward · 2013-03-26 21:22 · Score: 0
  
  Not a valid example. That's dev tools, not consumer software. Part of the reason they get away with trampling on consumers is that they treat 3rd-party developers fairly well.
21. Re:Radical by Anonymous Coward · 2013-03-26 21:22 · Score: 0
  
  The problem is Microsoft does make good products.
  Yeah, their keyboards are supposed to be pretty good. Anything else?
22. Re:Radical by ScentCone · 2013-03-27 00:50 · Score: 1
  
  Somebody else meaning the people (in case you forgot where taxes come from)
  No, meaning the businesses providing the services, the medical students paying tuition, and the consumer activity that makes it possible for any businesses to want to bother to invest in infrastructure in the first place. Taxes pay for very, very little of what all of the Information Wants To Be Free basement dwellers insist should be their playground.
  
  --
  Don't disappoint your bird dog. Go to the range.
23. Re:Radical by Anonymous Coward · 2013-03-27 01:00 · Score: 0
  
  > The problem is Microsoft does make good products.
  http://www.youtube.com/watch?v=mOgOP_aqqtg
24. Re:Radical by Anonymous Coward · 2013-03-27 02:18 · Score: 0
  
  you obviously have never experience an "universe has ended" scenario
25. Re:Radical by MachineShedFred · 2013-03-27 02:33 · Score: 1
  
  Microsoft, incredibly late to the party, has now realized that instead of maintaining all that backwards compatibility in the core OS to be able to run 20+ year old apps in the same space as something published 6 minutes ago, have turned to application layer virtualization.
  Unfortunately, you only get the license to use this if you buy the ridiculously expensive versions of Windows, or are a company giving Microsoft a ton of cash for Software Assurance. But, you can actually run multiple versions of applications side by side (including versions that are listed as incompatible) on modern Windows without a lot of hackery.
  There's also some other application virtualization schemes available from other companies; but they either don't work very well, or require some kind of vendor lock-in scheme that many find distasteful (not that Microsoft's AppV isn't a vendor lock-in, but whatever.)
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
26. Re:Radical by Anonymous Coward · 2013-03-27 03:26 · Score: 0
  
  how often have you encountered a BSOD that wasn't caused by an incompetent third party, or some kind of hardware failure?
  Never had a BSOD at all... in Linux, even on a machine with a flaky power supply. It got so bad Windows (XP) wouldn't even boot, Linux (Mandriva) kept chugging along. I've had poorly written progran hose Windows from 95 to 7, not once in Linux.
  Windows is inferior in many, many ways and has been since before 2000. I have an aging HP tower running kubuntu and a two year old notebook running W7. The notebook has a faster processor and more memory, yet the Linux machine boots faster and shuts down faster. I have the tower set up so it enters its own password on boot, you can't do that in Windows and still HAVE a password. When the Linux box boots, it's set up to reopen all the apps and docs that were open when I shut it down, Windows lacks that feature. I never put the Linux box in hibernate mode; it just isn't necassary. I only boot the Windows box once a month, on Patch Tuesday when it demands that I reboot.
  Linux demands nothing of me; I make the demands and it obeys, opposite of Windows. When there's a patch, a notification pops up, I click "ok" and it's done, updating in the background while I use the computer for what I want to use it for, no reboots necessary. On Patch Tuesday the Windows machine is unusable for at least twenty minutes while it downloads, installs, and takes and even longer time to reboot, while warning me not to shut it off. What happens if the power goes out? This is simply shoddy.
  I had a notebook before the one I have now that got stolen, with a very annoying "tap to click" bug "feature". It took two months to figure out how to shut it off; it wasn't in Control Panel where you would expect it to be, but in a hidden icon on the task bar that took ten clicks to get to (and of course, a reboot). It took two minutes in Linux and three clicks, no reboot -- it was in kubuntu's version of "control Panel" under mouse.
  The OP is right. Anyone who thinks Windows isn't a pile of shit has never used a decent OS. It's slow, bloated, buggy, lacks features, and has no features other OSes lack. The only thing Windows has going for it is that it's prettier than BE or Linux.
  I don't know how Windows got the reputation of being user friendly; it's user-hostile. Bob or Clippy maybe? I don't want my computer or my hammer to be friendly, I want it to be obediant. I want my computer to work for me, not the other way around.
27. Re:Radical by david_thornley · 2013-03-27 04:31 · Score: 1
  
  As far as I can see, that informal ideology is still out there, and I'm not sure it was ever as pure as you imply. It's changed somewhat to cover Free and Open Source software (much of which is ideology-driven) rather than all software.
  It's also a whole lot less prominent because, while the hacker frog didn't grow much, the pond did. If it's harder to find hackers on the web, it's because there's so much else out there, not because they aren't there. Nobody's trying to wipe them out. Nobody cares that much. The "kids these days" (aside from being a topic of constant complaint since the ancient Egyptians at latest) are mostly people who would not have gotten involved in computers before they got cheap and easy to use.
  Take a deep breath and look at what we do have, disregarding what you don't like instead of wishing it was what you do like. My main home development environment (which is all F/OSS) is great. Much better than what I could set up on my first Linux box. It's easier than ever to get technical information from a variety of sources. It doesn't depend on other people's resources (hackers typically didn't own the boxen then, we do now). If you look at the positives I think you'll see it's better than ever.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
28. Re:Radical by Anonymous Coward · 2013-03-28 12:52 · Score: 0
  
  Both linux and apple maintain extremely complicated systems with backward compatibility for code from circa 1968, MS isnt even the same ballpark in terms of backwards compatiblity.
  Oh please. The C language did not even exist in 1968. Early versions of UNIX (and the application software) were written in assembler. Microsoft maintains the same exactly the same level of compatibility with it, in that any modern computer can run a PDP-7 emulator.
  But it's worse than that. Even if UNIX and apps had been written in C from the start, UNIX software that old would still need a lot of work just to compile, let alone run. The C language and UNIX APIs have changed a lot over the decades, and neither Apple nor any Linux distribution have lifted a single solitary finger to make sure that 1970s C code continues to compile and run.
  (Yes, you can find some trivial examples that still work now, like babby's first C program ("Hello, World"). But anything complicated? Nope. Forget about it. And note that the trivial software will likely compile and run on a Microsoft OS without much more effort.)
29. Re:Radical by Anonymous Coward · 2013-03-30 07:31 · Score: 0
  
  There is plenty of 15+ year old Linux code that will compile and run without issue today.
  How many Windows 95 apps can run on 8?
"Implicated" by girlintraining · 2013-03-26 10:42 · Score: 2

"UEFI has been implicated in the death of Samsung laptops running Linux."
Yes, it was seen shortly after the murder skipping down the road giggling, its hands covered in blood, counting the money Microsoft had given it to silence the rival gang members.

--
#fuckbeta #iamslashdot #dicemustdie
1. Re:"Implicated" by Anonymous Coward · 2013-03-26 17:56 · Score: 0
  
  UEFI has been blamed for a slackass implementation by samsung. There is nothing linux specific about that or UEFI specific about that. It's samsungs developers being given a larger role than bringing coffee to those who had a clue who are the issue there.
Making UEFI more Linux friendly by volkerdi · 2013-03-26 10:50 · Score: 3, Insightful

"so there may be some hope of making UEFI more Linux-friendly"
The only hope is to make Linux distributions more UEFI friendly. UEFI and Secure Boot is certainly here to stay.
1. Re:Making UEFI more Linux friendly by GigaplexNZ · 2013-03-26 10:59 · Score: 2
  
  I agree. Also, I'm tired of hearing the lock in complaint with secure boot - Microsoft requires x86 machines to be unlockable, only ARM is locked down. Where's their EU complaint regarding locked bootloaders for competing tablets?
2. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 10:59 · Score: 2, Insightful
  
  'Secure Boot' is designed to prevent alternate OSs from running on that hardware. That's its fundamental purpose.
  The hardware has to be made more Linux-friendly, not the other way around.
3. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 11:00 · Score: 2, Insightful
  
  I would LOVE to see a distribution which signed the kernel, bootloader and all of its packages and required the user to import a key into the UEFI BIOS to make everything work. That would be progress!
4. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 11:03 · Score: 0
  
  Blah, blah, blah. Because Microsoft would never, ever change in the future to require that x86 machines have to be locked down once everyone has 'Windows Boot'. Couldn't possibly ever happen.
5. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 11:03 · Score: 2, Insightful
  
  All it needs to do is require the ability to add MY keys to load MY kernel on MY hardware... and allow me to remove keys I don't trust.
  What is so hard about that?
  Of course MS won't allow it...
6. Re:Making UEFI more Linux friendly by Ynot_82 · 2013-03-26 11:15 · Score: 2
  
  The issues here is one of PR and perception by non-technical users
  
  Microsoft requires x86 machines to be unlockable
  But it's not called "Locked boot", is it?
  It's called "Secure boot"
  and disabling "secure boot" is surely, by definition, insecure.
  Asking new users to disable secure boot is not what distros want to do.
7. Re:Making UEFI more Linux friendly by Omnifarious · 2013-03-26 11:28 · Score: 1
  
  That wouldn't be progress. How many people would bother to figure out how to take the time to do that? No, it has to be so simple to do that it can be done trivially by almost anybody but still require physical access to the machine.
  
  --
  Need a Python, C++, Unix, Linux develop
8. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 11:34 · Score: 0
  
  They also require supporting users who wish to add additional approved keys.
9. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 11:39 · Score: 1
  
  Yeah, it basically needs to become what MS say it is (a security feature) rather than what it really is (a way to relegate alternate OS's to "non-secure" status).
10. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 13:23 · Score: 0
  
  Is that slippery slope lubed with your whiny tears?
11. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 14:23 · Score: 1
  
  Is that slippery slope lubed with your whiny tears?
  No, it is lined with the tears of those who experienced it first hand, from the DOS days onward.
12. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 15:59 · Score: 0
  
  Not so sure. A lot of corporate hardware gets Linux installed right away. If one vendor makes it more difficult, we'll just go buy from another. PC sales are not doing great as it is with Windows 8 and all. The server side is consumed by Linux. It would be quite suicidal for Dells and HPs to make their servers less Linux friendly.
13. Re:Making UEFI more Linux friendly by KingMotley · 2013-03-26 16:05 · Score: 1, Flamebait
  
  Negative.
  Linux can either sign their bootloaders with either:
  1) Their own key and provide the necessary key and have users install it into the UEFI, or have the motherboard/bios manufacturers preload it, OR
  2) Use Microsoft's key and sign it their boot loaders with that since it is likely already installed into most (non-apply) UEFI systems OR
  3) Instruct users to disable secure boot and you can live your live in blissful ignorance never knowing if malware has taken over your entire linux machine, logging every keystroke you make, and recording everything you do, and sending it off to the "bad guys".
  Anonymous Coward flings FUD, news at 11.
14. Re:Making UEFI more Linux friendly by KingMotley · 2013-03-26 16:08 · Score: 1
  
  What is so hard about that?
  Nothing hard about it at all, and that is exactly what it is. Oh, you mean you didn't read anything, nor bother to try and understand what you are talking about before spouting random BS as an anonymous coward? Yeah, that is what I thought.
15. Re:Making UEFI more Linux friendly by westlake · 2013-03-26 16:38 · Score: 0
  
  The only hope is to make Linux distributions more UEFI friendly. UEFI and Secure Boot is certainly here to stay.
  The geek frets over UEFI because he is dependent on cheap commodity hardware built for the Windows eco-system --- and because almost no one buys a PC with Linux installed. The best he can hope for realistically is that a curious user can be persuaded to dual boot.
  That isn't going to happen if he has to disable system-level security.
  Not that he hasn't made it perfectly clear that dislikes and distrusts changing system level defaults for any reason whatsoever.
16. Re:Making UEFI more Linux friendly by sjames · 2013-03-26 17:24 · Score: 1
  
  That would be a separate complaint since it will require action against different vendors.
  Beyond that, as a three time loser, MS is subject to extra scrutiny and very little trust.
17. Re:Making UEFI more Linux friendly by r_a_trip · 2013-03-26 22:35 · Score: 2
  
  Fine piece of invective, but your third point is FUD itself. Secure Boot only verifies the boot process, not if malware is running on a system. As long as malware doesn't alter the boot-sequence and manages to hide from malware detectors, then then all of your horrid scenario still takes place (on Windows, Linux, Mac OS X, *BSD, the type of OS doesn't matter), while Secure Boot will never tell you that anything is amiss.
  
  Secure Boot is just one tiny security measure in a whole arsenal and it isn't even the most crucial one. Bootsector-based malware is rare. The vast majority of malware out there uses holes in the OS or applications or just plain makes use of the weakest link in the system and tricks the user with social engineering.
  
  --
  # touch universe # chmod +rwx universe # ./universe
18. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-26 23:09 · Score: 0
  
  the way UEFI is currently implemented you have the choice of:
  - turn UEFI on with microsoft's key (which is harcoded)
  - turn UEFI off
  if you are very lucky you can also add your own key. But what you can't do is disable microsofts.
  In other words you don't control the keyring of your own machine. Yes, I consider that lockin
19. Re:Making UEFI more Linux friendly by rastos1 · 2013-03-27 00:05 · Score: 1
  
  only ARM is locked down
  "ARM? What's that? Never heard of that. It is certainly unimportant. Who cares if it is locked down. ..." is that what you are saying?
  That word "only" does not mean it is insignificant.
20. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-27 00:18 · Score: 0
  
  only ARM is locked down
  "ARM? What's that? Never heard of that. It is certainly unimportant. Who cares if it is locked down. ..." is that what you are saying?
  That word "only" does not mean it is insignificant.
  I consider Windows RT to be merely a cattle prod to encourage Intel to get their ass into gear. The recent Atoms are competitive on a power and performance level now, so there's no point in using Windows RT with the lack of 3rd party support and missing functionality (such as domain connectivity). If you want an ARM tablet that doesn't run the (in my opinion) pointless Microsoft offering, there's the iPad and plenty of Android devices out there. And most of them also have a locked bootloader.
21. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-27 01:51 · Score: 0
  
  Perhaps, but root kit malware is the worst of them. Properly written, they are virtually undetectable, unremovable and impossible for any single vendor to protect themselves from when they aren't the only OS run.
  Secure boot isn't just a nicety, from a security stand point, it is necessary to ensure that you know that the boot sequence hasn't been modified to allow malware to take control of the hardware before the OS gets a chance to secure it.
22. Re:Making UEFI more Linux friendly by Anonymous Coward · 2013-03-30 07:47 · Score: 0
  
  Microsoft requires x86 machines to be unlockable,
  For now. If you think it will always be that way, you have no sense of history.
Samsung laptops by iYk6 · 2013-03-26 10:58 · Score: 5, Informative

UEFI has been implicated in the death of Samsung laptops running Linux.
That had nothing to do with Linux, and UEFI had no fault in that. The problem is that Samsung wrote a serious bug into their UEFI implementation that causes the laptop to brick if the user does X, Y, and Z under any operating system.
1. Re:Samsung laptops by Kaenneth · 2013-03-26 11:55 · Score: 1
  
  A while back I was doing testing on a DEC Alpha machine that had a BIOS based boot menu.
  I needed to install multiple OS's (Windows NT english, german, japanese...) when I added the 5th or so OS, the machine died since the boot options overflowed into other data, corrupting the bios settings, requiring re-flash of the settings to factory defaults. (I vaguely recall having to set a jumper, but it was a long time ago)
2. Re:Samsung laptops by yuhong · 2013-03-26 12:19 · Score: 1
  
  I think the firmware was called ARC or later AlphaBIOS.
3. Re:Samsung laptops by Anonymous Coward · 2013-03-26 12:54 · Score: 0
  
  And it is only a coincidence that their Windows drivers did the right thing.
4. Re:Samsung laptops by sgt+scrub · 2013-03-26 13:05 · Score: 1
  
  You cleared the BIOS with a jumper. You had two interfaces on that BIOS. One was a GUI for Windows NT users. The other was much like grub2. You had to be in one or the other to install a Windows OS or a Unix OS. IMHO, installing a version of NT for each language wouldn't be considered installing multiple OS's.
  
  --
  Having to work for a living is the root of all evil.
5. Re:Samsung laptops by Anonymous Coward · 2013-03-26 13:30 · Score: 0
  
  The windows drivers didn't always dot he right thing. I have seen reports of it bricking under windows as well.
6. Re:Samsung laptops by KingMotley · 2013-03-26 16:10 · Score: 2
  
  Many windows machines got bricked too, but all the crying is from the tin-foil hat wearers.
Microsoft Responds by Anonymous Coward · 2013-03-26 11:02 · Score: 0

No habla.
UEFI has been implicated in the death of Samsung l by Anonymous Coward · 2013-03-26 11:03 · Score: 1

UEFI has been implicated in the death of Samsung laptops running Linux.
Boy, the things allowed to pass as journalism.
1. It has most definitely been the cause of the Samsung bricks, but it also bricks running Windows. It's an implementation-of-the-spec
issue, but more importantly, it proves that UEFI is still Alpha stage, and a bad idea all around. Let's face it, Windows is frustrating
enough to run, now this added to the consumers' woes, and we're talking serious hurt here. I can't wait to see some update/virus
break the Windows boot - I hope that granite palace has an electrified fence because the pitchforks a-be-a flying when that happens.
2. See #1.
Basic questions by Anonymous Coward · 2013-03-26 11:13 · Score: 0

1. What EU laws are Microsoft alleged to have violated with this UEFI business?
2. What evidence is there?
Neither TFA nor the actual complaint seem to have either of these. But if they do, bring it forward...
1. Re:Basic questions by Kaenneth · 2013-03-26 11:56 · Score: 2
  
  There is a prohibition in the US constitution against ex-post-facto laws; I don't know if there is one in the EU charter.
2. Re:Basic questions by Patch86 · 2013-03-26 20:35 · Score: 1
  
  It would be your standard anti-trust, monopoly-abuse rules we're talking about. Assuming the narrative of the complainant plays out- the company with 90%+ of the market in desktop computers has mandated a rule on all their distributors/OEMs which makes it extremely difficult for any competitors to compete with them. This is bad for competition. It is also something which is only possible for a company with a monopoly- if Canonical demanded the same thing of Dell, they would get no-where.
  Bearing in mind that MS was heavily fined for shenanigans over web-browser bundling, I think it's fair to say that the rules are broad enough to apply to this situation.
3. Re:Basic questions by staalmannen · 2013-03-27 18:11 · Score: 1
  
  In this case, I think it is that Microsoft is the key-signing authority which definitely can be seen as anti-competitive. If they would hand over that power to an independent entity, I think that much of the conserns would be resolved.
also need to ban app store lock in / MS may make t by Joe_Dragon · 2013-03-26 11:19 · Score: 1

also need to ban app store lock in / MS may make that push soon as well.
NO desktop may come as soon as windows blue / 9.
Security perspective? by Anonymous Coward · 2013-03-26 11:25 · Score: 2, Insightful

If savvy users can disable/override/change keys then so can savvy crackers intent on bypassing your security perspective.
Security isn't about adding 'another hoop' to someone's day. And giving MS the keys to your security is just asking for it.
Hmmm... crackers....
1. Re:Security perspective? by c0lo · 2013-03-26 11:56 · Score: 2
  
  Security isn't about adding 'another hoop' to someone's day. And giving MS the keys to your security is just asking for it.
  Yes, it is! security is a matter of trade off: between the value of the protected resources and the cost of protection. And this trade off need to be considered twice, from the PoV of attacked and attacker:
  1. value for you (what do you have to lose if resource is "stolen" or damaged) vs the cost required for you to protect it
  2. value for the attacker (what the attacker stands to gain by stealing/damaging the resource) vs the cost required to do it
  
  --
  Questions raise, answers kill. Raise questions to stay alive.
Now we can be proud of being spanish for once by Anonymous Coward · 2013-03-26 11:30 · Score: 0

In Spain: we are in a deep crisis, our politicians are a shame, but now we have something we have done as a collective that makes me proud. Go Hispalinux =)
1. Re:Now we can be proud of being spanish for once by mug+funky · 2013-03-26 23:22 · Score: 1
  
  don't be so down on yourselves. Jamon Belotta alone is plenty of reason for Spain's existence.
  then there's the free tapas.
Linux secure boot? by dgharmon · 2013-03-26 12:14 · Score: 1

"I like secure boot from a security perspective, and we actually use it to lock down some embedded Linux products I've worked on. As long as savvy users can disable/override/change keys, we get the best of both worlds."

How does it work without using the MS-signed UEFI key

--
AccountKiller
1. Re:Linux secure boot? by sofar · 2013-03-26 17:31 · Score: 1
  
  You remove it (or never have it to begin with if you are a hardware vendor) and put your own platform key on it. For examples on how to do so, please google James Bottomley's blog.
Linux and UEFI by Taco+Cowboy · 2013-03-26 12:41 · Score: 1

I wonder if if there was any collaboration between those from the Linux camp (Redhat / Ubuntu) and those who are behind UEFI, prior to the wide adoption of UEFI on new computers ?
The troubles that are faced by Linux users (for example, the bricking of Samsung laptops) could have been avoided if there was more collaboration / understanding between those two camps

--
Muchas Gracias, Señor Edward Snowden !
1. Re:Linux and UEFI by ozmanjusri · 2013-03-26 18:17 · Score: 2, Informative
  
  The troubles that are faced by Linux users (for example, the bricking of Samsung laptops)
  
  That had nothing to do with Linux or SecureBoot. It was a Samsung bug that also affected Windows.
  It was just first detected by Linux users.
  
  --
  "I've got more toys than Teruhisa Kitahara."
2. Re:Linux and UEFI by Anonymous Coward · 2013-03-26 19:08 · Score: 0
  
  This Samsung bricks have nothing to do with Linux. The damaged was triggered by the stupid UEFI if it's used space exceeded 50% of the flash.
3. Re:Linux and UEFI by Anonymous Coward · 2013-03-27 01:42 · Score: 0
  
  IT was because samsung botched the MBR emulator. Any pre UEFI OS would do it if the bootloader was bigger then X amount of bytes.
Re:Spain is irrelevant. by epyT-R · 2013-03-26 15:05 · Score: 1

how unPC of you.. This is how such words are said in the radiant socia...err I mean radiant corpor...err I mean 21st century.
The European Commission is our friend. Open source is our friend. Acceptance to UEFI is optional, friendly, and secure. The Linux culture is viable and empowered. Prepare to be free, secure, and welcome.
Re:UEFI has been implicated in the death of Samsun by tlhIngan · 2013-03-26 17:03 · Score: 1

1. It has most definitely been the cause of the Samsung bricks, but it also bricks running Windows. It's an implementation-of-the-spec
issue, but more importantly, it proves that UEFI is still Alpha stage, and a bad idea all around. Let's face it, Windows is frustrating
enough to run, now this added to the consumers' woes, and we're talking serious hurt here. I can't wait to see some update/virus
break the Windows boot - I hope that granite palace has an electrified fence because the pitchforks a-be-a flying when that happens.
You do realize UEFI has been around a LONG time now, right? Heck, your PC, if you bought it in the past 7+ years, is probably already running UEFI. Intel used to provide both UEFI and BIOS code, but they stopped at the Core 2 Duo or so in providing BIOS code - it's been UEFI all the way. Prior to that, they've shipped both.
The problem is that some implementations are bad. But BIOS had issues as well - back in the late 90s there was a virus (CIH?) that wiped the BIOS if it could. Heck, BIOS updates were always a tricky affair since many didn't have backup BIOSes yet. Or some updaters didn't check that the BIOSes were compatible (and some STILL don't - you can flash a bad BIOS). And BIOS has been around over 30 years.
And notice how it's only been Samsung laptops? Last I checked, there were Asus, Acer, Sony, Dell, HP, Apple, Lenovo and many more manufacturers of laptops. None of which have reported issues. (And what broke it? Using the EFI storage area to store crash data for post-mortem debugging. Something EFI-enabled OSes have done, like OS X, and I think Windows as well)
Samsung probably tried to do something smart by putting something else - perhaps a quick media loader or something.
Re:also need to ban app store lock in / MS may mak by terjeber · 2013-03-26 18:26 · Score: 1

No, it won't. Don't be paranoid retarded.
Re:Want to know why my post is downmoded? by Zontar+The+Mindless · 2013-03-26 19:17 · Score: 4, Insightful

Your post got downmodded because you're a nutjob gone off his meds.

--
Il n'y a pas de Planet B.
small correction by aepervius · 2013-03-26 21:10 · Score: 1

I am with you sis' but among my community only the mostr idealist of us were thinking this "We never thought that every government in the world, even traditional enemies, would ally themselves with one goal: Destroy this new vessel of human freedom." The msot realist (and I was among them) were more like "enjoy it while it last because very soon all gov & corp of the world will fall onto this new medium like a ton of brick".

--
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Re:Want to know why my post is downmoded? by Anonymous Coward · 2013-03-26 23:15 · Score: 0

I didn't know a lobotomy can grow back...
The Samsung reference is long debunked by mug+funky · 2013-03-26 23:20 · Score: 1

The linux kernel had a minor snafu that causes those samsungs to brick. it's fixed now, and has been for a couple of months.
i wish people would stop it with FUD, no matter what side it comes on. researching claims you make would be a good start, otherwise this shit perpetuates.
1. Re:The Samsung reference is long debunked by lpq · 2013-03-27 05:15 · Score: 1
  
  It wasn't a bug in the kernel, it was a bug in Samsung's UEFI Bios.
  The UEFI BIOS has a place for persistent variable storage. On the Samsung, it had code that checked if *anything* had stored info such that there was 50% space in the variable section. If that happened, the unit self-bricked.
  You can point the finger at Linux and say it pushed the computer over the edge, but the problem was in designing a computer that effectively self-bricks when it's internal HD gets over 50% space. Of course, if you install another OS like Linux, it will take some space -- but that doesn't make the information responsible for the bad design.
Re:Protect yourself with a custom host file by Anonymous Coward · 2013-03-26 23:24 · Score: 0

WTF are you smoking...? -5: Nutjob
Re:UEFI has been implicated in the death of Samsun by Anonymous Coward · 2013-03-27 02:39 · Score: 0

, but more importantly, it proves that UEFI is still Alpha stage, and a bad idea all around.
I fail to follow your logic here. That is like saying the C programming language is still alpha stage because a program written in C nuked your hard drive.
MS won't push to lock you in to their app store? by daboochmeister · 2013-03-27 04:12 · Score: 1

Really?? You believe this? Have you tried to install software on a Surface RT from someplace other than the MS app store?

It will take them time to boil the frog on the x86 front, but dollars to doughnuts, they're going to do everything they can to get as close as possible to Apple's 30% cut of all software installed. They may not get completely there on x86, because of customer-generated and enterprise software that requires complex installation - but I'll bet you any amt of money they gaze longingly in meetings at that greener pasture, and strategize on how to get there.

--
"Ahh! I see you're in that indeterminate Schrodinger state where - oh, uh ... never mind." Dave Bucci
Re:MS won't push to lock you in to their app store by terjeber · 2013-03-27 08:27 · Score: 1

Really?? You believe this?
No, I don't. I know it. How do I know it? Because I am not retarded.

Have you tried to install software on a Surface RT from someplace other than the MS app store?
You do realize there is a huge difference between Win8 and Win 8 RT right? Let me throw you a tiny hint. Legacy software. RT has none. That was a clue to un-retard your brain.

they're going to do everything they can to get as close as possible to Apple's 30% cut of all software installed
They may wish to do so, they'll probably even sell desktop shrink-wrap software in the MS Store. They are never abandoning the desktop market though. Ever. How do I know this? I am still not retarded. Unlike the retarded journalist who actually (professes to) believe the desktop might be gone in Windows Blue. Quite frankly, anyone who even wonders out loud about whether Microsoft might abandon the desktop in that way are too fucking stupid to be allowed the usage of a computer.

They may not get completely there on x86
They are not even try to go there. Microsoft might be a lot of things. Evil, innovative, despicable, monopolistic, whatever. They are not suicidal. Microsoft has been backwards compatible to a degree nobody else has in their market. Others are not even close. Microsoft knows very well that their main customer base is the Enterprise, and they are not so fucking stupid that they would kill their main cash cow. There are a lot of utterly retarded people out there, the aforementioned journalist for one, who are fucking stupid though think Microsoft is though. These people need a brain transplant. The guts of a 1990 Timex calculator watch would be a decent upgrade.
After reading a more in-depth interview... by staalmannen · 2013-03-27 18:04 · Score: 1

At first, I thought that it sounded a bit "whiny" to go to EU to complain (just like I thought about the browser ballot thing), but after reading some more I do think they have one important point: Microsoft has the master key and everyone that wants a signed trusted boot need to get it from them. This does rub me the wrong way. If Microsoft had started an independent entity responsible for Secure Boot signing, this thing would not smell as bad. Hispalinux has some good arguments also regarding the laws of public procurement where the Secure Boot lock-in to Windows actually turns out to be illegal.