Feeds

back to article Linux Foundation ships UEFI Secure Boot workaround

The Linux Foundation's open source workaround for Unified Extensible Firmware Interface (UEFI) Secure Boot has shipped, and while it's not necessarily the easiest way to boot Linux on UEFI-enabled PCs, its authors claim it should now work with any bootloader and any distribution. The Linux community was first alerted to …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Re: From recent experience...

Interesting - see my post upthread about Mint.

The only issue I had was that Ubuntu and Mint both initially booted in UEFI mode with the backlight turned right off, and I only discovered this by chance...

0
0
Anonymous Coward

The best workaround...

...against UEFI is to get MS to bin the whole regime. Where's the regulators when you need them?

2
0
Anonymous Coward

Re: The best workaround...

Go and have a look at the people involved in UEFI, it's all of the (former) BIOS manufacturers, many Linux manufacturers, Apple, IBM, Intel, all the motherboard and chipset manufacturers etc. etc. Oh, and MS.

0
0
Bronze badge

The answer to this:

UFEI = Antitrust.

The sooner a government accepts this, the better off we all will be.

Now to reverse engineer the signing keys (maybe a screen saver application?).

3
2
Anonymous Coward

Re: The answer to this:

Antitrust? Really? Despite the fact that MS mandates for Windows 8 that you must be able to disbale SecureBoot and you must be able to install you own keys?

It's different on ARM as MS has no real presence there and it is normal practice to full lock-down ARM devices anyway. The market is used to that and accepts it.

Yeah, let's see how far that suit gets you.

3
3
Bronze badge
Linux

This argument is becoming tiresome

I'm talking about this:

""Antitrust? Really? Despite the fact that MS mandates for Windows 8 that you must be able to disbale SecureBoot and you must be able to install you own keys?""

Yes despite, the explanation is simple: When something can be abused because the design allows it to be abused, it will be abused. And Microsoft built themselves a nice position to abuse it: "They are the ultimate holders of the keys to the kingdom".

Would you like me having the keys to your house? or a master pin to your credit card? or your bank account details including your passwords? I promise I will not abuse it.

The laws are full or crap to prevent politicians from committing crimes, like stealing, spying on you, or abusing their power. I repeat there are explicit mandates in the law to stop this. Do they succeed?

NO, because when the system allows abuse those people in positions of power will abuse it.

And Microsoft have a history way too full of abuses to overlook anything they do.

4
0
Bronze badge

Re: This argument is becoming tiresome

Actually MS is not the ultimate holder. The motherboard makers can include more keys / other signing organizations. If MS tries to lock the door AND there is demand for unlocked hardware companies like Lenovo and HP will be the first to deliver boards with alternate key holders and reap in the money. UEFI and Secure Boot are NOT MS-Standards and all the big motherboard/pc makers are on the comitee.

Neither has MS the master pin or the bank data. All they do is sign a bootloader, they are NOT getting access to the system. Totally different thing. Worst case they could (in theory) lock you out. Since secure boot can be switched off on all Win-certified boards even that is not possible.

Now if MS does lock the door and nobody cares than Linux might have a problem. This might happen on the desktop (where Linux is below 2 percent and will be schrinking in x86 land with the x86 tablets getting more common). On the server side it will only happen if Oracle changes the Solaris/x86 licence to "come and get it". Sadly that will not happen...

0
4
kbb
WTF?

Why can't I sign my own stuff?

Why should Microsoft, or any company, have the keys to the kingdom here? Why wasn't this stuff designed so that me, the actual owner and user of the hardware, can perform some process to install my own master certificate (or whatever) so I can sign whatever bootloader I want? If I want to leave Microsoft with that power then I can. If I want to do it myself then I can.

6
0
Silver badge

Re: Why can't I sign my own stuff?

You may think that, I couldn’t possibly comment.

1
0
Anonymous Coward

Re: Why can't I sign my own stuff?

MS does not control what you can or cannot install. If you don't like the limitations of a pre-packaged solution, go get something different. If you do decide to buy a pre-packed solution, then that is your choice.

MS has done much more to ensure their Windows 8 system are more open than Google has done with their Chromebooks. Win8 devices are also more open than Apple ones, but I don't see you moaning about that.

MS is not the bad boy here, they are responsible corporate.

1
3
Anonymous Coward

Re: Why can't I sign my own stuff?

You can sign your own bootloaders and you can install your own keys into your machine's UEFI.

0
0

Re: Why can't I sign my own stuff?

welcome back, Mr Urquhart. (Who's that American guy stealing your lines, by the way?)

0
0
Silver badge

a thought occurs..

most people who use Linux are running servers. Or quite advanced desktops.

Most noddy users are abandoning desktops in favour of slabs.

Ergo Linux is a force in the pc motherboard arena. So any manufacturer who can ONLY boot windows is going to lose business.

And how long before a reprogrammed BIOS is available as a download to allows booting from anything?

To put it simply., MS is a waning force on desktops, a spent force on servers and only in laptops - which are waning in favour of slabs - is it still de facto.

Just as I wont buy stuff that doesn't work with linux, because I want to use linux, so I wouldn't buy a motherboard that wouldn't boot linux.

Linux is RESPECTABLE. Linux has market clout. You cant ignore linux and hope it will go away.

5
0
Anonymous Coward

Re: a thought occurs..

"Linux is RESPECTABLE. Linux has market clout."

Ah-ha-ha-ha-ha-ha-ha-ha-ha-ha-ha! You funny.

Linux is nowhere on the desktop. It just doesn't exist.

Even if we include the not-Linux Linux Android, you barely break 4%.

To put it simply, Linux is an experiment that has crashed and burned hard. It's expensive to implement, hard to maintain, requires massive retraining and the working application to be re-written from the ground up. It's of no interest to any decision makers, just hobbyists.

0
16
Bronze badge
WTF?

Re: a thought occurs..

@AC 08:56

This isn't about the desktop (which is being abandoned in favour of slabs), it's about the severs (which do actually use motherboards) - and that is where *nix dominates (particularly in remote servers).

Linux has anything but failed.

5
2
Anonymous Coward

Re: a thought occurs..

"Ah-ha-ha-ha-ha-ha-ha-ha-ha-ha-ha! You funny."

Ah-ha-ha-ha-ha-ha-ha-ha-ha-ha-ha! You RICHTO/TheVogon

By hobbyists I assume you mean Google, Amazon, etc, Boeing, lots of pharma, academics, CERN. and more and more. Oh and Munich !

2
0
Anonymous Coward

Re: a thought occurs..

Munich? Yeah, and we all know the massive over-spend their dalliance has caused. There's a reason the other departments switch back after seeing how much Linux failed.

0
1
Anonymous Coward

Re: a thought occurs..

"Munich? Yeah, and we all know the massive over-spend their dalliance has caused."

<RICHTO_mode>

Actually it's a FACT that the actual change to Linux actually saved a huge amount of actual money. Actually MS said it didn't but who'd actually believe them and they didn't actually offer any actual proof.

</RICHTO_mode>

0
0
Bronze badge

Re: a thought occurs..

@John Robson: "This isn't about the desktop (which is being abandoned in favour of slabs), it's about the severs (which do actually use motherboards) - and that is where *nix dominates (particularly in remote servers)."

Except that's just not reality. Linux has mostly carved it's share of the server market by eating away at proprietary *nix flavours such as Solaris, AIX, HP UX etc. The market share for Windows Server has also come from proprietary *nix vendors too and is increasing, not decreasing.

0
2
Anonymous Coward

Want to run Leenawks?

Then buy from a Leenawks vendor.

If isn't the responsibility of a Windows PCvendor if you want to run some cobbled together, amateur OS on your computers.

If you put tires on your car that were made by your pal ion a shed and the handling went all to hell; is that Ford's responsibility? No.

Same deal here.

Oh wait, what's that you say? There are no Leenawks vendors? Well maybe there's a very good reason for that.

1
16
Silver badge
FAIL

Re: Want to run Leenawks?

That is the saddest shit for a long time. Go away.

7
0
Anonymous Coward

Re: Want to run Leenawks?

The truth hurts.

0
5
Anonymous Coward

Re: Want to run Leenawks?

"If you put tires on your car that were made by your pal ion a shed and the handling went all to hell; is that Ford's responsibility? No."

If you couldn't put tyres on your car because Ford wouldn't let you, is that Ford's fault?. Yes.

There. Fixed it for you.

0
0
Anonymous Coward

Re: Want to run Leenawks?

"If you couldn't put tyres on your car because Ford wouldn't let you, is that Ford's fault?. Yes."

And where is MS stopping you installing what you like on your Windows 8 unit? Oh, they're not. Analogy fail.

Don't let the facts get in the way.

1
2
Bronze badge
FAIL

Re: Want to run Leenawks?

If you put tires on your car that were made by your pal ion a shed and the handling went all to hell; is that Ford's responsibility? No.

If you wanted to use the same brand of free tyres that were used by most of the major operators of fleets of commercial vehicles all over the world, but you couldn't fit them because Ford kept the keys for the wheel nuts; would that be Ford's responsibility.

Well, yes. I think it would.

2
1
Anonymous Coward

Re: Want to run Leenawks?

Even if they tires weren't free, even if they were made by a big name brand; if they are the wrong tire your handling will go all to hell. This is *NOT* the fault of Ford! It's your fault for not following the specs.

Luckily though that isn't the case and MS has even gone as far as *forcing* OEMs to keep the system open. Just don't expect them to support you cottage industry OS. They didn't pre-install it for a reason.

1
3
IT Angle

Not sure what UEFI is actually for...and why Windows is preinstalled

When I buy a new car, I have the choice between petrol, diesel and hybrid engines, and nobody is forcing me to buy the fuel from this or that oil company.

When I buy a new laptop, I usually have the choice between a 13, 15 or 17inch screen and between a 320GB or a 2TB disk. But Windows comes preinstalled, and I have to pay for it, although I don't want it.

Once Windows has booted up, I'm reminded incessantly that my laptop is suddenly very much at risk unless I pay for the full license of this pre-installed anti-malware software. Except I don't want that particular anti-malware software and my firewall is on my router already. I am also reminded to take out this Small Business Advantage (whatever that is), that online backup services (dunno what is backed up to where), and pay for the full MS Office license.

Depending on the browser I use I am reminded to use Google or Bing as my default search engine.

I then try to relax a bit by browsing on Youtube, where I am bombarded with advertisements for beer, some must have video game, and the latest bloke flick. During those videos suddenly half the screen is replaced with an advertisement rectangle because YouTube has warmly found out that I'm looking for love and I should join Mature Dating, because Russian women are waiting for me already.

Wow....this really beats any diesel engine in a car....

1
1
Bronze badge

Re: Not sure what UEFI is actually for...and why Windows is preinstalled

If you are forced to buy Windows - you are shopping at the wrong place!

Yes, the big PC manufacturers deliver their boxes with Windows pre-installed. Because 90+ percent of the end-users want it that way. That is what you find in the big outlets and in the online shops. Simply to keep the choices resonably few (online) or the variety of systems on stock resonably small (brick&mortar). Add in that in some EU countries computers sold to end users must have a OS installed and Windows is the best choice. And for OEMs Windows is cheap!

If you want something different - pick a company that caters to business customers and PHONE! them. Dell, Lenovo, HP have all been willing to deliver "bare bone" units without an operating system (and 20-50€ less) in the past. Since many companies have volume licences this is essential.

As for the rest:

+ You can unistall software on Windows. It is easy

+ There are free AV programs that can for end/home users do the job just fine (Win8 has one included)

+ You can actually use stuff like GIMP or Outdated Office on Windows. It works just fine if you can live with the limits

1
2
IT Angle

Re: Not sure what UEFI is actually for...and why Windows is preinstalled

Thanks, mmeier, but don't get me wrong, I try not to buy the PC in one piece. For the last PC (which became a server) I bought the components and slapped Debian on it, only to replace the disks, then add memory, then replace processor and motherboard, then SSD disks are faster, and RAID6 is a good thing, and KVM virtualization is really cool, and I always wanted to have my own webmail server....

It's different with laptops, you can't really buy them in components, unless you pretend that you have a broken model and go on eBay to get spare parts, etc.

You have more freedom in burning new firmware on your router (dd-wrt) than in replacing the BIOS on your motherboard.

2
0
Anonymous Coward

Re: Not sure what UEFI is actually for...and why Windows is preinstalled

@Dare To Think: Why are you complaining about it then?

0
0
IT Angle

Re: Not sure what UEFI is actually for...and why Windows is preinstalled

I'm complaining about Windows being preinstalled on laptops and UEFI on motherboards, even if you buy the motherboard separately, as a component....I think ASRock, ASUSTeK, Gigabyte and MSI started in 2011 with that.

0
0
Facepalm

"Intertwined with an operating system"

Sheesh, that sounds painful. Almost as bad as interleaving with the internet, which I read somewhere once.

(OK, it was here)

0
0

You don't *have* to get Windows

...if you don't want to. Novatech, at least, will flog you laptops with no OS installed. I've no idea how cool / solid / shiny the Novatech laptops are, just pointing out there's at least one supplier available.

http://www.novatech.co.uk/laptop/

0
0
Bronze badge

Re: You don't *have* to get Windows

Dell and Lenovo also deliver notebooks without an OS installed if you order by phone. It is just their online shop that does not. Since we have a volume license and prebuild images my employer orders them blank. My guess is HP and Fujitsu will do the same. Only companies that do not or not primarily cater to companies might not offer the option.

If you buy in a store the unit must come with a OS thanks to the EU and that is what reliably works on all x86 hardware and is demanded by Joe Average- Windows

0
3
Anonymous Coward

Re: You don't *have* to get Windows

"If you buy in a store the unit must come with a OS thanks to the EU " - what specific piece of EU law requires a laptop/notebook to be sold with a Microsoft operating system installed?

0
0

Page:

This topic is closed for new posts.