A senior Red Hat engineer has lashed back at Microsoft's attempt to downplay concerns that upcoming secure boot features will make it impossible to install Linux on Windows 8 certified systems. Unified Extensible Firmware Interface (UEFI) specifications are designed to offer faster boot times and improved security over current …
So, how do I???
Update the BIOS?
Don't you need to do silly things like boot from something like a floppy, or USB device?
I believe that the BIOS problem was solved before by "clean room" stuff, and I suspect that it will be done again!
The new MS strategy ?
I'm almost tempted to think that MS knows how well their new Win8 is going to be received by the major public (the desktop users); which I don't think is going to be all that positive.
What was the first thing /many/ people did when they got themselves a Vista PC? Either re-installing XP on it themselves, getting one with allowed them to install XP or (as I have experienced a few times): calling a friend to help 'm out getting XP back onto it.
One has to wonder... Maybe this is MS answer to all that; simply trying to disallow people to pull something like that off so that they have no choice but to stick to one of their more modern OS's ?
That's what this reminds me of. It makes me think back to the old Blue Playstations, or perhaps more accurately the black Yaroze boxes. They were just PS1 Playstations, but came with a simple dev kit (and a little extra hardware inside) that allowed hobbyists to program them. You could upload your finished programs and other people with Yaroze could grab them and run them.
You see the parallel? In order to do Linux dev (or any unsigned OS dev for that matter) you'd need to buy into the 'Yaroze'-equivalent PC. The hobbyist's PC. Everyday bods buying a computer would just end up with the basic grey box.
Maybe somebody can flesh out where that would drive the market, but it strikes me that anyone wanting to deviate from the mainstream at all would leave themselves at the mercy of the hardware manufacturers, and their altruism regarding releasing boards for unsigned code. As I understand it, Yaroze actually cost Sony money. But what they did get is a whole new generation of bedroom coders already experienced with the Playstation dev tools - that's a good investment. It scares me to think that Microsoft could create a world where a programmer's first experience of writing an operating system is when they start to work for Microsoft and finally get to recompile Windows and sign it with the MS key...
Linux is a pile of cack anyway. Microsoft is doing everyone a favour by preventing it being installed.
Secure is a good thing
If tinkerers want to run unsigned boot loaders then they can go out of their way to find the hardware to do it. Simple.
What older versions of Windows?
There seems to be a lot of moaning on here about a complete non issue as far as older versions of Windows are concerned.
The only versions of Windows that support UEFI boot are Windows Vista SP1 x64 and newer. No 32 bit editions of any Windows version support UEFI.
So the only old versions of Windows a user could install are Vista and Windows 7, and I can't imagine why anyone would install Vista rather than Windows 7.
If you are the sort of person who installs your own O/S, then you are probably the sort of person who buys their own motherboard, so buy one that will let you turn the feature off. Not many aftermarket boards will ship with this feature unable to be turned off if they want to sell in any volume.
The Dell's and HP's of this world cater to a mass market of people who are unlikely replace their O/S or install a dual boot system. Microsoft are not insisting that this feature not be allowed to be disabled, only that it is turned on when the PC ships to get the Windows 8 Certified Logo. It's not Microsoft's fault if the OEM don't allow it to be turned off.
If Apple did this it would be a good thing, a great security feature, another reason why Apple are miles better than Microsoft etc.... but because its Microsoft it must be evil.
I'm constantly amazed by the stupid comments from Microsoft haters who will find any reason to vilify the company, even without understanding what they are talking about.
Server OSes are available as well... Also, many corporates may have moved on to Vista and be quite happy with it - becuase they set it up properly and they have the correct drivers.
This is frightening -
- for Microsoft. Anti-trust lawsuits, anyone?
Of course, get a PC with Windows-8 basic chilfren's Edition, and run Ubuntu in a Virtual Machine. Simples, 'till Microsoft gt wise and forbid installing VM's....
Enable it by default to block rootkits for the PC World crowd, allow it to be turned off for the advanced users who want to install other OS's. Pretty simple really, and an approach the OEM's will no doubt take to appease both MS and more savvy consumers.
I see this as a good move against the army of rootkit induced bots living on grannys laptops.
Damned either way
Until Windows Vista came out, everyone complained continually and vociferously about how insecure Windows computers were. Apple used the security of Macs as one of their main selling points and sites like this gleefully poked fun at MS whenever a major security hole was found. Now Linux fanbois are saying MS should not implement security features because they actually quite like the fact that Windows computers are less secure than Apple ones.
As a model for business PCs, the closed box approach is fine. It's a waste of money to add RAM to out-of-warranty PCs in this environment especially now that MS have finally gotten off the hardware upgrade requirement cycle for their OS (just as I predicted they would have to when Vista came out). As for laptops - well, what percentage of home laptop users ever upgrade them anyway? I'd say a very small percentage, and those who have done in the past had to because they moved from XP to Vista / W7. The move from Vista/W7 to W8 will not need a RAM upgrade because MS now designed OSes to make best use of the hardware available, rather than expecting businesses to go out and buy new computers specifically to use new OS. As for installing an old MS OS on a new computer - you ever heard of Virtualisation? Seriously, who wants to run XP as their main OS on a quad core PC with 4Gb RAM?
I am a libertarian at heart, and I really do hope there will be enough of a market for up-gradable mobos to keep the geeks happy. However, to expect MS to base the design of their OSes around the desires of a tiny fraction of the consumer base is stupid. Widely used open Linux was only ever a fantasy and Linux users should count themselves lucky that they've been allowed to free-ride on the back of MS, Intel innovation etc over the last decade. The real future for Linux is in custom made hardware a la Chrome / Samsung laptops. Apple's hardware is designed for Apple OS, MS hardware is designed for MS OS and so why should Linux be any different?
Watashi, I understand your post was meant to provoke reaction and yet you made some good points. I will take the liberty to ignore those.
Here is where you are mistaken:
* assumption that huge majority of x86 PCs is running Windows. On desktops - agree. On servers - branded or beige boxes, no matter - it's Linux.
* assumption that Linux fans want Windows to stay insecure. That's just silly, one point only - without vulnerable Windows boxes Internet would be nicer place for everyone and everyone Linux users included would receive less spam
* assumption that UEFI secure boot would exclude Linux from desktops - why would it, if the feature can be disabled (as demonstrated on screenshoot)?
* assumption that only geeks care about Linux on comodity PCs - ask Dell and HP how many of X64 servers they sold are being used under Linux
Secure booting from UEFI is a good thing, from a security perspective. The ONLY problem with it is that they haven't mandated that a user with physical access must be able to install a non-signed OS bootloader if they so choose. I don't see how it's anyone's problem but GPL fanatics that their philosophy prevents them having a signed bootloader. They don't get to spoil the PC for everyone else just because of their bizarre views, any more that PETA should be able to prevent me enjoying a nice steak.
As for people who continue to make jokes about winows being insecure, and linux being perfect, perhaps you could explain the kernel.org and apache.org outages?
Our interrest in mind ? Microsoft ?
You got to be kidding.Microsoft only have their shareholders interrest in mind.Not you.
They do what they do to generate revenue.XP was good , still runs .. but by killing it MS makes money. By locking you in , they make money. It's not about you , it's not about the user ,it's about the bucks. So dont give them holy and clean intentions.
"There are many rootkits and malware that run at the time of startup, so this step would be good for security."
They still think linux is viral. no matter what they new release they give.
Sure it will be up to the vendors just like what os to ship is up to them - wink, wink,
Does this really surprise anybody that microsoft is doing this? They haven't changed and apparently DOJ or NO DOJ they never will change.
microsoft is above the law - period end of story. welcome to the 21st century.
The keys come with the car.
The answer is pretty simple.
Demand that any non-military hardware purchased using the Unified Extensible Firmware Interface must have the documented key with it.
The problem lies with contacting Unified Extensible Firmware Interface Organization. You don't get to vote.
Contact them or their members by any means demanding the keys.
I think I could survive typing them in.
I give it about 6 months until someone cracks the encryption they use to store the keys and they will be readily available on pastebin, Both Sony and MS have similar secure boot systems on their consoles to stop unauthorised code being executed and look how secure they are.