Slashdot Mirror
FreeBSD Team Begins Work On Booting On UEFI-Enabled Systems
An anonymous reader writes "The FreeBSD project has begun the process of making it possible for the operating system to run alongside Windows 8 on a computer which has secure boot enabled." Linux distros have taken to using a minimal loader, signed by Microsoft, to enable booting on UEFI systems with secure boot. "Indeed we will likely take the Linux shim loader, put our own key in it, and then ask Microsoft to sign it," says developer Marshall McKusick in the linked IT Wire article. "Since Microsoft will have already vetted the shim loader code, we hope that there will be little trouble getting them to sign our version for us."
I did not know Microsoft won that battle.
“He’s not deformed, he’s just drunk!”
who dont have or build motherboards that can disable EUFI. Seems to me like there's a great market for non EUFI mother boards that can target Linux/Unix users.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
What we need is boards that are user-rekeyable. That way we can insure that our boards will never run Windows again.
...what is the point of secure boot again? Do we still have problems with MBR viruses?
Signing their key is the least Microsoft can do for using large parts of the FeeBSD TCP/IP stack in Windows.
https://lwn.net/Articles/245805/
Have a squat over at the hobo house.
My bet would be that Microsoft refuses to sign the loader, saying that they can only sign if the loader's coded to only load binaries signed by a trusted authority (ie. Microsoft) and that allowing a loader that can load untrusted (ie. unsigned or not signed by Microsoft) binaries compromises the security of the boot process.
Can't they just use the already-signed blob?
Apple uses parts of the FreeBSD user land in OS X, and actual parts that works with the hardware and UEFI is not related to it.
MS has the LICENSE to use BSD code.
They don't owe BSD anything.
Next time you're thinking of whether to license YOUR code using GPL or using something
that allows MS to use your stuff and give nothing back in return... remember this.
Ehud
I've tried both the newest PC-BSD and bsdinstall installers...and they leave a lot to be desired. :/
PS: I don't reply to ACs.
Why would they give back? You can't fix something that is already perfect.
Surely both people who still run BSD on the desktop could just buy another machine
They could in theory, but they can't agree on the definition of "open hardware" and are unlikely to resolve this in the near future.
Don't know where you got the impression that I was somehow favouring Apple hardware, but I stand corrected nevertheless: I should have written "never run any non-free OS, or any code made by someone not truly supporting freedom, in the end".
I don't see much of a problem - it only affects people who wants to dual boot and that is totally last century. Boot Linux and run Windows in a VM.
I think OP was talking about an ethical or moral choice.
You're talking about legal dept.
Huge difference.
pardon me but, can't you pretty much boot anything with the shim? thus defeating the purpose.
from what I can see freebsd could just use the linux shim as well. which is what makes i a shim, that there is no necessity to sign with microsoft everything you boot.
http://mjg59.dreamwidth.org/20303.html
world was created 5 seconds before this post as it is.
Social conventions like owed favors do not exist in the world of business. When billions of dollars are at stake, there is no room to be 'nice.' That's why contracts were invented.
Microsoft Linux is the new name for their Xenix OS.
Linux lost the battle.
Roll over doggie.
Windows doesn't use any of the FreeBSD TCP/IP stack anymore. It did at one time pre-Windows XP, but it was completely rewritten from the ground up prior to Windows XP, but many of the settings (registry settings) remained the same for compatibility.
Sorry, I just double checked, it was rewritten for Windows NT 3.5, and then carried over to Windows 95. So the FreeBSD stack hasn't been in use for nearly 10 years. Some of the ancillary utilities however, were never rewritten for some time and might have used some FreeBSD code in them. They carried the "Some parts... blah blah...Berkely... blah blah" messages in them.
And the only one allowed to sign it is the motherboard maker. And the only one the MB maker will allow to sign is Microsoft. And Microsoft already demand that secure boot be mandatory on (therefore no other bootloader cannot be used) for ARM machines and "the manfacturer is allowed to decide" on x86 *at the moment*.
Therefore your response was ineed a response. It was not, however, an answer.
Since the BIOS already supremely trusts that MS cert, even if you have a hosted virtual machine at the bare metal level, microsoft still have a deeper access to your system compared to you or that OS.
Why is that a good thing?
You assume BSD is unhappy with this result. They are not...and the problem isn't MS using BSD's "stuff" and not giving anything back to BSD in return, it's not giving anything to YOU in return. BSD got precisely what they wanted in that transaction, you didn't.
For what it's worth, Surface Pro (A Microsoft-built device) allows you to disable Secure Boot support if you so choose.
UEFI -> Secure Boot -> Measured Boot (requires TPM)
Which proves RMS right once again. Copyleft really is a more ethical choice.
Hey, AC, time to brush up on your history knowledge. You're three decades late. As for Québec, no matter what some people say, we're still currently part of Canada and have been for a long time. Our origins have roots in France but we're not under their authority.
All Canadians must obey the great robotic overlord Harper or perish under his dictatorship.
NSA - no comments on MS working with the NSA yet?
Democracy Now! - uncensored, anti-establishment news
The Microsoft OS is the most secure operating system. It has never been compromised. Microsoft constantly sets the bar in security, stability, and user flexibility. Secure boot is another precedent, in a long history of security, of how Microsoft works in the interest of the end user. No entity can use secure boot to compromise the Microsoft OS. Trust Microsoft to do the right thing.
"SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE
System 76, Think Penguin...I think Dell and HP may still have some native Linux OS machines available. Lemote in China (what Stallman uses) and there are probably more. We don't HAVE to buy a Mac, Asus, Toshiba, or whatever. We look for alternatives and empower them. It is a pity that AMD boards are not in any native Linux OS machine yet. Usually it is Intel that is on this bandwagon. (Are you reading this AMD?) So if you want a non-intel GNU/Linux native board you are stuck with Lemote...pretty much...anyone know better...?
"SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE
They should be. At the very least you should be.
The GPL and similar licenses help protect code from it's creator. An alien concept to many, but an important one.
To those who disagree: What makes you think you have the right to control the fate of code you've written? Why? Can you provide an argument other than "That's the way it's always been?"
No code (or any other work) is completely unique. Much of it is largely derivative. The fallacy of copyright provides means to lock public knowledge away from the community.
"FreeBSD Team Begins Work On Booting On UEFI-Enabled Systems"
"The FreeBSD project has begun the process of making it possible for the operating system to run alongside Windows 8 on a computer which has secure boot enabled."
These two things are not the same thing. At all. I am *typing this post* on a UEFI system which has no idea what the hell Secure Boot is.
You mean the choice that other people shouldn't be able to use your stuff without paying you, right?
Support my political activism on Patreon.
No it doesn't. An author can change the license at any time, or can simultaneously allow dual-licensing under the GPL and something else. Copyright allows them to do this, and the GPL does nothing to prevent it.
Because that's generally the ONLY motivation for me to write any code. If I don't get to chose to sell it, free it, or keep it private as needed, I would never write any non-trivial code. And works for hire would probably almost entirely stop, too, since they can A) Just use the code someone else developed and B) Wouldn't have any way to keep their code secret, or charge a fee to cover development costs.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
There is nothing unethical about allowing others to use your code for free.
The GPL is no more or less ethical than any proprietary license. It allows people to use your code, ONLY if they meet your terms, and pay you back in the method of your choosing.
And like proprietary licenses, it's good at keeping companies away from your code, and non-interoperable with the protocols you've come up with to make your life easier.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Kerberos and LDAP had BSD/MIT licensed implementations, so Microsoft used them, and now Windows systems are far more secure, and authentication is fully interoperable between Windows and Linux/BSD, which wasn't the case before.
Microsoft using the BSD TCP/IP stack was a GOOD THING. If it was GPL licensed, they would have written their own, probably with bugs and other oddities, and people would have spent years and untold man-hours trying to figure them out, and get the various OSes back to compatibility with each other.
Maybe if KSH93 was BSD-licensed, Microsoft would have used that, too, instead of developing PowerShell and becoming even more insular, and isolating Windows admins from Unix systems.
If not for OpenSSH being BSD licensed, we'd all still be using TELNET everywhere, with untold numbers of companies refusing to tie themselves to GPL'd software, and each specific case not being worth the effort to rewrite it in-house, yet the network effects of having a free version that got used everywhere has improved things for everyone who uses the internet. Come to think of it, I'm surprised Microsoft hasn't started including SSH and SFTP with the base system. I suppose that'll come years after it should have, like a defragmenting tool, zip support, jpeg support, MP3 support, etc. etc.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Are you implying modern windows systems have ssh either as a client or as a server?
Because as far as I can tell openssh has been around more than a decade, and
I haven't seen ssh in win2K, 2003, xp, vista. (I've never used 7 or 8)
m
If all people want to do on a PC is e-mail, Facebook, and YouTube, then why did Windows netbooks replace GNU/Linux netbooks so quickly? I guess it might have had something to do with Microsoft Office or games.
So how long until the Surface Pro or an equivalent tablet becomes price-competitive with the iPad or Surface RT?
At the time when Palladium was in the Longhorn pipeline the whole goal was that features wouldn't effectively boot without being part of the locked down operating system.
And what came out of the Longhorn pipeline in this case was BitLocker in Windows Vista Ultimate. As I understand it, it's a form of drive encryption that relies on the TPM.
And works for hire would probably almost entirely stop, too, since they can A) Just use the code someone else developed and B) Wouldn't have any way to keep their code secret, or charge a fee to cover development costs.
Richard Stallman addresses this argument, that if all code were free, what incentive would there be for software developers to exist. He later made the observation -- rightly, I think but certainly open to argument -- that the majority of software development tends to be done for clients that want custom software. This has certainly been true in my experience as a scientific developer (though I am still young).
It's true that software development wouldn't stop entirely, it would just be reduced to 0.1% of what it currently is.
Those clients that want custom software... How happy will they be if to get that custom software, they MUST expose all the proprietary info and trade secrets they put into it?
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant