Feeds

back to article Shuttleworth: Why Windows 8 made us ditch GPL Linux loader

Ubuntu daddy Mark Shuttleworth has defended Canonical’s decision to play ball with Microsoft's Windows 8 security policy that could stop “unauthorised” Linux builds from booting on new PCs and tablets. Manufacturers must enable a feature called Secure Boot in their products' UEFI firmware in order to be officially labelled …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Bummer!

2
1
Anonymous Coward

Will UEFI open up a chip moding market for PC motherboards?

8
0

This post has been deleted by its author

Bronze badge

another spelling

Bummer? I always spelled it "Bal(l)mer"

4
0
bjr

On x86 systems the BIOS will allow you to disable secure boot so you will still be able to install distros without a signing key, so there is no need for a modified BIOS. On ARM systems there won't be a disable switch. However there is only one Microsoft tablet and dozens of Android tablets so it's really not an issue. If you want to put a standard Linux distro on a tablet just avoid the Surface, it's likely to be pretty feeble compared to Android tablets anyway.

6
3
Bronze badge

"it's likely to be pretty feeble compared to Android tablets anyway."

And where's your evidence to suggest that? The published spec for surface is so thin it's easier to describe a Higgs-Boson. It could be better than all Android tablets, but hobbled by an obscene price. No-one knows. So jumping to assumptions based on simply a pro-Droid/anti-Microsoft bias is both wrong and a bit childish.

3
0
Silver badge
Facepalm

And

And slowly all the doors begin to close and the keyI in the lock begins to turn.......

32
1
Anonymous Coward

But

Most (all?) Android bootloaders are signed, and everyone seems to call that system "open".

Why is it that when Microsoft does it, it becomes closed?

10
19
Anonymous Coward

Re: And

And it's all thanks to Stallman and his GPL3.

8
15
Silver badge
Unhappy

Re: But

Because android runs on devices that have never been really open to start with - hardly anyone installs a different OS on a smartphone.

PCs however have ALWAYS been open - the precident is set , and now MS in some feeble attempt to bolster its hopeless record on security is trying to lock down the boot process which frankly hasn't been much of a vector for malware since PCs booted off floppy disks almost 20 years ago but -purely coincidentaly I'm sure - does make it a lot easier for MS to head off the competition from other OS's being installed.

35
11
Bronze badge

Re: But

All are signed and locked, some manufacturers now allow you to unlock them for free. Encrypting them as well is what started a lot of people rising up against it since prior to that it was just a case of finding an exploit. It still isn't ideal unless you own a Nexus device but it shows that enough of a backlash can make them think about stupid choices. Will it affect Microshaft? I doubt it but I'm pretty confident that a way to install what you want on the ARM tablets will be found.

7
0
Anonymous Coward

Re: But

Because android runs on devices that have never been really open to start with - hardly anyone installs a different OS on a smartphone.

Well of course no one installs a different OS on Android hardware, the signed bootloaders suck and many hardware drivers are binary. I'd love to run NetBSD on current smartphones, but alas I can't, so I have to make do with my trusty old Neo Freerunner. Hey IBM at least was honest and even documented the PC BIOS source code.

Boot process isn't a vector for malware? Are you joking? It's been responsible for some of the largest botnets recently like TDL and Sinowal. Go read about bootkits before going around spreading nonsense.

6
4
Silver badge
WTF?

Re: But

"Boot process isn't a vector for malware? Are you joking? It's been responsible for some of the largest botnets recently like TDL and Sinowal."

Get a clue. How many viruses and malware initially install via the boot process compared to other methods? None. They have to get onto the PC first via the usual methods before it can install itself into the MBR , it doesn't appear on a clean install! All secure boot will do is prevent a previously working OS booting once this happens which will SERIOUSLY piss off users as yesterday they had a working PC, today they don't. PC + botnet client is better than no PC at all.

10
11
Go

Bootable USB is the new Floppy

the boot process [...] frankly hasn't been much of a vector for malware since PCs booted off floppy disks almost 20 years ago

It's pretty easy to make a bootable USB device these days, even using what's bullt into Windows 7. And someone fool enough to forget to change the boot order back after installing from one of these would be vulnerable.

Because of various Linux distros and other homebrew systems, motherboard makers are not going to abandon BIOS or unsigned UEFI boot. This just says they won't be Windows 8-certified. I see a board maker shipping two different versions of the same board, differing only in firmware.

9
2
Anonymous Coward

Re: But

Boltar, are you seriously defending that botnet-infested computers be allowed on the open Internet?

I really hope you're not in charge of running anything serious. That kind of attitude is downright criminal.

Plus I'm sure there'll be some bootable antivirus or recovery system that users can go to. Are you familiar with the concept of recovery partitions?

6
8
Anonymous Coward

Re: But

... As I found out very recently, through the uPnP interface, there can be some quite unexpected 'attack vectors' in the hardware/pre-/early-boot phase of startup.

I got a replacement battery for my laptop. The battery had an embedded uPNP 'accelerator' which installed Lowjacker into the BIOS.

Lowjacker is a 'legitimate' software component that enables hardware tracking (for a Fee, of course...) IMHO, it exhibits a lot of VERY undesirable features: key logging, camera control, read/write disc access prior to boot. It seems to be quite OS agnostic, too: registry access on windows, effective root access on linux and (pc) BSD and does not announce and/or ask for permission.

How this cam to pass, I found out subsequently, is that the 'official' *replacement* battery manufacturer had done a deal with the laptop manufacturer - The battery manufacturer had also done a deal with the tracking software vendor. So, as much as it pains me to admit, maybe its not such a bad thing to have signed execution at the non-abstraction layer(s).

My big concern, though, is that whilst PC manufacturers have been put into this regime by M$ (coupled with their usual total disregard for purchasers/users), given the very significant decline in the market share for new machines (reported elsewhere here on El Reg) and the "octo-disaster" they have unleashed on themselves as much as us, what happens if they cease to be a market player? (I know there would be LOTS of other issues if this were to happen, but...) I'm thinking about the Consumer market users - What happens to their 'technology investment'?

3
2
Anonymous Coward

Re: Bootable USB is the new Floppy

Umm....

I suspect motherboard makers will have a good range of Windows 8/Signed Linux UEFI versions of motherboards and then a small, expensive, selection of others allowing unsigned boot...

5
0
Gold badge

Re: Lowjacker

All that from a replacement battery? That's scary.

Of course, in our brave new world I'm sure our "official" vendor won't have any trouble getting this malware signed by the relevant authorities, so Microsoft's secure boot sequence won't actually help.

11
0
FAIL

Re: But

This whole article is talking about ARM systems NOT PCs - RTFA

5
0
Anonymous Coward

Re: Bootable USB is the new Floppy

Gordon Fecyk wrote:

I see a board maker shipping two different versions of the same board, differing only in firmware

And the unsigned version will cost more of course

6
1
Silver badge
FAIL

@boltar:

"PCs however have ALWAYS been open "

No. No they haven't. Seriously, would it kill you to do some research before posting your reply?

IBM copyrighted their original PC BIOS. It took a few years for Compaq to create a complete clean room reverse-engineered version of it for their own clones, and other companies followed their lead. THAT was how the closed IBM PC platform was forced open. This was never IBM's original plan for the PC.

Prior to that reverse-engineered BIOS, there were a bunch of "nearly-compatible" PCs from the likes of Apricot and others which could run most PC software, but were never 100% compatible due to hardware specifications and BIOS differences.

In fact, almost every personal computer—from the PC right down to the Atari ST, Commodore Amiga and even the humble ZX Spectrum—was designed to be "closed", not "open". Such "closed" systems were the norm, not the exception back then.

Linux (and other operating systems) running on PCs has always been an aberration. As the industry moves away from the traditional PC form-factors, the GNU / Linux community is going to be facing an awful lot more of this sort of thing. Once you get into the "design the whole widget" mentality, the arguments for making your platform open fall by the wayside. Even Android is effectively closed.

Demanding that for-profit corporations with vested interests in closed platforms accede to your demands for openness is futile. It just opens them up to greater support costs, which is a cost most would rather avoid. A better target for the GNU and FOSS communities' efforts would be in designing their own, open, secure platforms built around their open software. It's not that difficult as most of the components would stay the same.

9
6
Bronze badge

Re: But

I don't think so. My understanding is that PCs (x86) are the ones at issue here. An ARM based thingy with W8 certification won't boot anything MS doesn't sign. Fedora got a key from Verisign, signed using the MS key, so Fedora might be a possibility on ARM, depending on the hardware manufacturer. Canonical created its own key, which probably won't be on any W8 certified ARM device, and since Secure Boot can't be disabled on those, I don't expect Ubuntu to be installable on them.

Grub2 is for PCs. MS requires that Secure Boot can be disabled on those, so any Linux can be installed. The real issue is a usability one. If the appropriate keys are on the hardware/firmware, the candidate Linux user won't have to do any scary stuff like installing keys or changing EFI security settings.

For my hardware, however, the FSF proposal seems the right one: I should be able to produce and install my own platform key and, after that, maintain my own software key store. Without that the hardware is not really fully mine and is more or less deficient from its design.

4
2
Silver badge
Linux

Re: But

ARM is just another microprocessor like PPC or 68k or Sparc or Alpha.

ARM doesn't mean Tivo.

2
1
Silver badge
Linux

Re: @boltar:

You're the idiot talking straight out of your nether regions.

ALL of those systems allowed for full control of the hardware and for you to boot any OS of your choosing. You are trying to conflate the ownership of the BIOS code with a regime that prevents the end user from running any OS you like.

There have always been alternate operating systems. The field for PC based operating systems used to be actually rather competitive. There have also been complete or partial replacements for the system software in systems like the Amiga or Atari ST.

The first Linux user I ever encountered ran it on a Falcon.

You're either stupid or a shameless liar.

6
4

Re: Bootable USB is the new Floppy

You can suspect all you want, but that won't be the case. The Windows 8 certification requirements explicitly require that it be possible for the user to disable Secure Boot. *All* Windows 8 certified systems will allow unsigned boot.

3
0
Silver badge

Re: Lowjacker

Not for the official trojan in the official battery - afterall there isn't much you can do to prevent the makers of the keyboard introducing a key logger!

But it does stop another virus infecting the battery in such a way that it gets to run at boot before any windows.OS anti-virus protection. And coincidentally this also protects Linux - if the battery replaced the bios code that is talking to the keyboard before Grub boots there isn't much your virus proof Linux can do about it.

1
0

Re: But

Your understanding is incorrect. Secure Boot will be implemented on both x86 and ARM UEFI-based, Windows 8-certified systems. The difference is that the requirements for each are different. The requirements for x86 systems state that the user *must* be able to disable Secure Boot and/or (I'm not clear whether it's 'and' or 'or') enrol their own keys. By contrast, the Windows RT (ARM) certification requirements state that the user must *not* be able to disable Secure Boot. There's a big difference between x86 and ARM, but not the one you think.

All the Fedora and Ubuntu discussion is in relation to the x86 platform, not ARM. We (Fedora) have stated that we won't provide a Microsoft/Verisign-signed ARM build because we don't agree with the ARM certification requirements (and also because there'll be lots of non-Windows ARM hardware, so we don't really envisage it being such an issue as on x86).

4
0
Silver badge

Re: But

>This whole article is talking about ARM systems NOT PCs - RTFA

No you RTFA. On ARM there is no choice - the signing process only allows a single key. The HW maker decided if they want that to be a Windows key and so allow Win8 or a user key to allow you to run what you want. But the decision is made at build time by the maker. You could try calling Foxconn and askign for your key to be built into a single tablet ....

On the PC you can have mutliple keys but the OS has to be signed by one of them. So you can buy a key from Microsoft or you can use your own. But if you use your own you can't tell anyone the secret - which the GPLv3 may require you to do.

2
0
Silver badge
Facepalm

Re: But

"Boltar, are you seriously defending that botnet-infested computers be allowed on the open Internet?"

I'd rather they weren't but thats better than someone suddenly finding they have a brick instead of a PC. There are other approaches such as constantly putting up reminder windows or rebooting every 10 minutes.

"I really hope you're not in charge of running anything serious. That kind of attitude is downright criminal."

Don't be an ass. Botnets are already out there.

"Plus I'm sure there'll be some bootable antivirus or recovery system that users can go to. Are you familiar with the concept of recovery partitions?"

Are you familiar with the concept of the master boot record? It seems not.

7
5

Re: But

The article is a bit confusing, really. It hauls in ARM in the last paragraph; the earlier bits of the article which quote Fedora, Ubuntu, FSF, SFLC et al don't explicitly mention it at all, and having been involved in a lot of those debates, it's broadly been x86 that's been at issue, not ARM. AFAIK all the public statements from Ubuntu have focused on x86, not ARM.

The situation on ARM - Windows RT - is very straightforward; all RT OEM devices will have Secure Boot enabled with a Microsoft key, and you won't be able to disable it or enrol your own keys. They'll be exactly as locked down as all iPhones and iPads and most Android phones/tablets.

6
0
Linux

Re: @boltar:

I've been around since well before the first home computers were built in the 1970s. I actually built an 8080-based PC (of course I built a processor from SSI, too, but the 8080 was a bit faster ;-). I worked with two fussbudget original IBM PCs in 1982, one of which wouldn't boot until you dropped the keyboard from 3 feet off the table, then you had to find and snap back on the keys that went flying - this was NOT an "IBM quality machine" to say the least! I lusted after the Amiga, played with an Atari ST, enjoyed MacOS 1.0 and the much improved 2.0, and finally grudgingly adopted DOS and then Windows, and finally (oh the bliss!) discovered Linux.

Having lived through the entire personal computer revolution, I can say with the fullest confidence that you are talking utter and complete nonsense.

While the first paper describing the concept of a digital signature was presented in 1976, it was purely theoretical. The first commercially available digital signature system was introduced to the market in 1989, many years after Apple, Atari, Commodore, IBM, and a thousand midget start-ups created the home computer boom, the home computer bust, and the establishment of the de facto IBM Personal Computer standard.

Each and every one of these computers would boot anything you put on its front switches, paper tape, cassette tape, stringy floppy, 8" floppy, 5 1/4" floppy, 3.5" floppy, ZIP drive, optical media, or USB flash drive. (See, I don't need to do the research - I have my own memory of every one of them! Would you like to see my copy of CP/M on 8" floppy? Still got it. Binary code for a 256 byte football game I wrote? Still got it. But I digress...)

Since the ability to require digital signatures followed the IBM PC by about 7 years, I think we can be confident it hasn't "always" been the case that personal computers were limited to the vendor's "approved OS", nor is anyone demanding a "change" to keep systems open.

By the way, I wrote an operating system of my own for my beloved Atari 800, after reading "De Re Atari" which documented every bit of the interface. It was pretty primitive, but dude, it was NOT digitally signed! :-D

7
1
Bronze badge
Flame

Re: But

It really isnt. An infected PC being barred from the internet is highly desirable.

1
3
Bronze badge
Flame

Re: But

Have you looked on Secunia.org in the last ten years? MS has a much better record on security than say Linux or OS-X.

1
9
Silver badge

Re: @boltar:

> In fact, almost every personal computer—from the PC right down to the Atari ST, Commodore Amiga and even the humble ZX Spectrum—was designed to be "closed", not "open". Such "closed" systems were the norm, not the exception back then.

The original PC, the Altair was open. Most small computers (by manufacturer/model) in the late 70 were completely open, many were S100 based or similar with fully published specs. Many ran CP/M but several other OSes were available, some were CP/M clones others completely different.

I don't know what definition you have invented for 'open' and 'closed' but you are quite wrong by any means.

The IBM PC was also completely open. It was fully specified. Anyone could build, for example, add-on boards or implement an OS for it. In fact IBM sold 3 different OSes: PC-DOS, CP/M-86 and UCSD.

It happened that IBM did not want their BIOS stolen by other manufacturers, but that does not make it 'closed', actually they could licence it.

Many non-IBM-PCs ran MS-DOS and most software (as well as other OSes), the limitation was not so much the BIOS but the video cards. MS-DOS was very poor at screen display, BIOS wasn't much better, much PC software did direct writes to the CGA or Hercules cards (note how open because Hercules could make plug in graphics cards). Many non-IBMs had much better graphics, but not CGA compatible.

2
0
Bronze badge

Re: Lowjacker

It's "LoJack for Laptops" from www.absolute.com

0
0
kb
WTF?

Re: But

It doesn't have a single thing to do with malware folks....its piracy. go to any torrent site and you'll find "Win 7 all versions preactivated" that uses a bootloader hack that makes Win 7 even easier to pirate than XP, it even greys out and unchecks the one Windows update that could disable it so it even gets full Windows Updates.

While i would have preferred to see MSFT lower prices to fight piracy, as they did with the $100 family pack before the release of Win 7, in the end its their OS and if they want to get the OEMs to put out secureboot so those home basic machines won't be running ultimate without being obviously pirate that is their business. I'm sure of course in the end the pirates will figure a way around this, they always do but if anyone thinks MSFT is going to all this trouble for the extremely low number of boot bugs I have some magic beans you might be interested in, its all about making piracy of Windows harder.

0
0

Re: And

"Seek freedom and become captive of your desires. Seek discipline and find your liberty."

-- Frank Herbert

0
0

Re: But

I disagree.

It might not be better for the infected user, but it will be better for everyone else...

0
0

Re: @boltar:

Agreed.

I was running NetBSD in the 90s... on a "closed" Commodore Amiga.

0
0

Re: But

Are you familiar with the concept of MBR protection in the BIOS? It seems not.

I have no problems with a "tough love" approach to infected PCs. Too many people do not clean up their own systems because the price of having an infected PC is still way too low. At the end of the day, it is still feasible for the problem to be ignored by the user - and pushed on to everyone else - as the malware goes about its business undisturbed.

When a few people start getting majorly inconvenienced by viruses, it will encourage them to improve their own security - if not, their system can be re-installed as many times as needed before they eventually learn.

0
0
FAIL

Re: But

That's hardly apples for apples.

When you say Linux I presume you mean the entire eco-system compared to when you say Microsoft and you actually just mean Windows vulns.

Finding bugs is also a positive side effect of open source software, not a negative.

0
0
Linux

Re: But

I think that his point was that viruses generally enter via the OS. Windows is unsecure as hell. There are even TV ads for Anti-Virus services all over the place. I haven't seen one aimed at Linux users. So, if Windows wasn't such a piece of crap, security-wise, to the point that a new machine has several anti-virus apps installed from the get-go, restricting the boot to some key scheme is pure merchandising. FUD. But watch every public entity start placing purchase orders for this SECURE version of Windows. Pull my other finger.

0
0
Linux

Re: @boltar:

No one has mentioned the original Apple ][. I mean the one with Integer Basic in rom. Not only was the source code for Integer and Floating Point (Apple Soft) Basic included, the source code for the mini-assembler was too. PLUS all of the pins for the slots and motherboard details and logic diagrams included in the original Red and Blue books. Jobs got rid of all that openess toot-sweet. The Woz was about Open Source before anyone invented the term. That little machine was a dream. I loved mine, and hated Apple when they invited us original investor/owners to take a hike. I spit every time Jobs name comes up, and I've long since run out of spit.

Oh yeah, sometime later a little company named "IBM" introduced a computer that you could open up and plug little cards into slots, and that started the consumer PC revolution. The Woz had it right.

0
0

And how many viri in modern times actually act in this manner?

1
6
Silver badge

None. I've read of bootloader rootkits being produced by researchers as proof of concept, but I haven't heard of one actually being used for a real hack, ever. There were viruses once that used the technique to infect floppy disks, but those died out with the floppy.

2
6
Anonymous Coward

Quite a few - particularly nasty and stealthy

Of notice: Mbroot (behind the famous Torpig/Sinowal botnet) and more recently Popureb, behind the TDL4 botnet.

7
0
Silver badge

Re: Quite a few - particularly nasty and stealthy

I wonder what kind of privileges do you need to install such a piece of malware? Couldn't you, in any that case just modify your system while it runs then?

0
0
Anonymous Coward

Re: Quite a few - particularly nasty and stealthy

What kind of privileges? The usual administrator, of course. If you have privileges to partition the disk you can install a boot virus.

I'm not sure what you mean by the second question. Do boot viruses change the system while it runs? Yes. Some malware even installs their own hardware hypervisor and run the OS on top of that - see Blue Pill.

2
0
Bronze badge
Headmaster

Proper terminonlogy

"...used for a real hack..."

It should be crack, not hack. Crackers break in to systems. Hackers make systems do new, clever things that the designers never considered. Get it straight.

I will for give you as you are probably like the other 90% of the population and believe everything the mass media spoon feeds you.

3
3
Anonymous Coward

Re: Proper terminonlogy

Whether malicious or not, your still modifying the system to do something other than intended. I used to be like you trying to correct people, but when 90% of the security community doesn't distinguish between the two, there's little point in trying to blame media for the issue.

3
0

Page:

This topic is closed for new posts.