back to article Shuttleworth: Why Windows 8 made us ditch GPL Linux loader

Ubuntu daddy Mark Shuttleworth has defended Canonical’s decision to play ball with Microsoft's Windows 8 security policy that could stop “unauthorised” Linux builds from booting on new PCs and tablets. Manufacturers must enable a feature called Secure Boot in their products' UEFI firmware in order to be officially labelled …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Bummer!

    1. Anonymous Coward
      Anonymous Coward

      Will UEFI open up a chip moding market for PC motherboards?

      1. bjr

        On x86 systems the BIOS will allow you to disable secure boot so you will still be able to install distros without a signing key, so there is no need for a modified BIOS. On ARM systems there won't be a disable switch. However there is only one Microsoft tablet and dozens of Android tablets so it's really not an issue. If you want to put a standard Linux distro on a tablet just avoid the Surface, it's likely to be pretty feeble compared to Android tablets anyway.

        1. GitMeMyShootinIrons

          "it's likely to be pretty feeble compared to Android tablets anyway."

          And where's your evidence to suggest that? The published spec for surface is so thin it's easier to describe a Higgs-Boson. It could be better than all Android tablets, but hobbled by an obscene price. No-one knows. So jumping to assumptions based on simply a pro-Droid/anti-Microsoft bias is both wrong and a bit childish.

    2. This post has been deleted by its author

    3. eulampios

      another spelling

      Bummer? I always spelled it "Bal(l)mer"

  2. LarsG
    Facepalm

    And

    And slowly all the doors begin to close and the keyI in the lock begins to turn.......

    1. Anonymous Coward
      Anonymous Coward

      But

      Most (all?) Android bootloaders are signed, and everyone seems to call that system "open".

      Why is it that when Microsoft does it, it becomes closed?

      1. Anonymous Coward
        Unhappy

        Re: But

        Because android runs on devices that have never been really open to start with - hardly anyone installs a different OS on a smartphone.

        PCs however have ALWAYS been open - the precident is set , and now MS in some feeble attempt to bolster its hopeless record on security is trying to lock down the boot process which frankly hasn't been much of a vector for malware since PCs booted off floppy disks almost 20 years ago but -purely coincidentaly I'm sure - does make it a lot easier for MS to head off the competition from other OS's being installed.

        1. Anonymous Coward
          Anonymous Coward

          Re: But

          Because android runs on devices that have never been really open to start with - hardly anyone installs a different OS on a smartphone.

          Well of course no one installs a different OS on Android hardware, the signed bootloaders suck and many hardware drivers are binary. I'd love to run NetBSD on current smartphones, but alas I can't, so I have to make do with my trusty old Neo Freerunner. Hey IBM at least was honest and even documented the PC BIOS source code.

          Boot process isn't a vector for malware? Are you joking? It's been responsible for some of the largest botnets recently like TDL and Sinowal. Go read about bootkits before going around spreading nonsense.

          1. Anonymous Coward
            WTF?

            Re: But

            "Boot process isn't a vector for malware? Are you joking? It's been responsible for some of the largest botnets recently like TDL and Sinowal."

            Get a clue. How many viruses and malware initially install via the boot process compared to other methods? None. They have to get onto the PC first via the usual methods before it can install itself into the MBR , it doesn't appear on a clean install! All secure boot will do is prevent a previously working OS booting once this happens which will SERIOUSLY piss off users as yesterday they had a working PC, today they don't. PC + botnet client is better than no PC at all.

            1. Anonymous Coward
              Anonymous Coward

              Re: But

              Boltar, are you seriously defending that botnet-infested computers be allowed on the open Internet?

              I really hope you're not in charge of running anything serious. That kind of attitude is downright criminal.

              Plus I'm sure there'll be some bootable antivirus or recovery system that users can go to. Are you familiar with the concept of recovery partitions?

              1. Anonymous Coward
                Facepalm

                Re: But

                "Boltar, are you seriously defending that botnet-infested computers be allowed on the open Internet?"

                I'd rather they weren't but thats better than someone suddenly finding they have a brick instead of a PC. There are other approaches such as constantly putting up reminder windows or rebooting every 10 minutes.

                "I really hope you're not in charge of running anything serious. That kind of attitude is downright criminal."

                Don't be an ass. Botnets are already out there.

                "Plus I'm sure there'll be some bootable antivirus or recovery system that users can go to. Are you familiar with the concept of recovery partitions?"

                Are you familiar with the concept of the master boot record? It seems not.

                1. This post has been deleted by its author

              2. wayward4now
                Linux

                Re: But

                I think that his point was that viruses generally enter via the OS. Windows is unsecure as hell. There are even TV ads for Anti-Virus services all over the place. I haven't seen one aimed at Linux users. So, if Windows wasn't such a piece of crap, security-wise, to the point that a new machine has several anti-virus apps installed from the get-go, restricting the boot to some key scheme is pure merchandising. FUD. But watch every public entity start placing purchase orders for this SECURE version of Windows. Pull my other finger.

            2. Anonymous Coward
              Anonymous Coward

              Re: But

              ... As I found out very recently, through the uPnP interface, there can be some quite unexpected 'attack vectors' in the hardware/pre-/early-boot phase of startup.

              I got a replacement battery for my laptop. The battery had an embedded uPNP 'accelerator' which installed Lowjacker into the BIOS.

              Lowjacker is a 'legitimate' software component that enables hardware tracking (for a Fee, of course...) IMHO, it exhibits a lot of VERY undesirable features: key logging, camera control, read/write disc access prior to boot. It seems to be quite OS agnostic, too: registry access on windows, effective root access on linux and (pc) BSD and does not announce and/or ask for permission.

              How this cam to pass, I found out subsequently, is that the 'official' *replacement* battery manufacturer had done a deal with the laptop manufacturer - The battery manufacturer had also done a deal with the tracking software vendor. So, as much as it pains me to admit, maybe its not such a bad thing to have signed execution at the non-abstraction layer(s).

              My big concern, though, is that whilst PC manufacturers have been put into this regime by M$ (coupled with their usual total disregard for purchasers/users), given the very significant decline in the market share for new machines (reported elsewhere here on El Reg) and the "octo-disaster" they have unleashed on themselves as much as us, what happens if they cease to be a market player? (I know there would be LOTS of other issues if this were to happen, but...) I'm thinking about the Consumer market users - What happens to their 'technology investment'?

              1. Ken Hagan Gold badge

                Re: Lowjacker

                All that from a replacement battery? That's scary.

                Of course, in our brave new world I'm sure our "official" vendor won't have any trouble getting this malware signed by the relevant authorities, so Microsoft's secure boot sequence won't actually help.

                1. Yet Another Anonymous coward Silver badge

                  Re: Lowjacker

                  Not for the official trojan in the official battery - afterall there isn't much you can do to prevent the makers of the keyboard introducing a key logger!

                  But it does stop another virus infecting the battery in such a way that it gets to run at boot before any windows.OS anti-virus protection. And coincidentally this also protects Linux - if the battery replaced the bios code that is talking to the keyboard before Grub boots there isn't much your virus proof Linux can do about it.

                2. vagabondo

                  Re: Lowjacker

                  It's "LoJack for Laptops" from www.absolute.com

            3. RICHTO
              Flame

              Re: But

              It really isnt. An infected PC being barred from the internet is highly desirable.

            4. kb
              WTF?

              Re: But

              It doesn't have a single thing to do with malware folks....its piracy. go to any torrent site and you'll find "Win 7 all versions preactivated" that uses a bootloader hack that makes Win 7 even easier to pirate than XP, it even greys out and unchecks the one Windows update that could disable it so it even gets full Windows Updates.

              While i would have preferred to see MSFT lower prices to fight piracy, as they did with the $100 family pack before the release of Win 7, in the end its their OS and if they want to get the OEMs to put out secureboot so those home basic machines won't be running ultimate without being obviously pirate that is their business. I'm sure of course in the end the pirates will figure a way around this, they always do but if anyone thinks MSFT is going to all this trouble for the extremely low number of boot bugs I have some magic beans you might be interested in, its all about making piracy of Windows harder.

            5. This post has been deleted by its author

        2. Gordon Fecyk
          Go

          Bootable USB is the new Floppy

          the boot process [...] frankly hasn't been much of a vector for malware since PCs booted off floppy disks almost 20 years ago

          It's pretty easy to make a bootable USB device these days, even using what's bullt into Windows 7. And someone fool enough to forget to change the boot order back after installing from one of these would be vulnerable.

          Because of various Linux distros and other homebrew systems, motherboard makers are not going to abandon BIOS or unsigned UEFI boot. This just says they won't be Windows 8-certified. I see a board maker shipping two different versions of the same board, differing only in firmware.

          1. Anonymous Coward
            Anonymous Coward

            Re: Bootable USB is the new Floppy

            Umm....

            I suspect motherboard makers will have a good range of Windows 8/Signed Linux UEFI versions of motherboards and then a small, expensive, selection of others allowing unsigned boot...

            1. AdamWill

              Re: Bootable USB is the new Floppy

              You can suspect all you want, but that won't be the case. The Windows 8 certification requirements explicitly require that it be possible for the user to disable Secure Boot. *All* Windows 8 certified systems will allow unsigned boot.

          2. Anonymous Coward
            Anonymous Coward

            Re: Bootable USB is the new Floppy

            Gordon Fecyk wrote:

            I see a board maker shipping two different versions of the same board, differing only in firmware

            And the unsigned version will cost more of course

        3. David Simpson 1
          FAIL

          Re: But

          This whole article is talking about ARM systems NOT PCs - RTFA

          1. tom dial Silver badge

            Re: But

            I don't think so. My understanding is that PCs (x86) are the ones at issue here. An ARM based thingy with W8 certification won't boot anything MS doesn't sign. Fedora got a key from Verisign, signed using the MS key, so Fedora might be a possibility on ARM, depending on the hardware manufacturer. Canonical created its own key, which probably won't be on any W8 certified ARM device, and since Secure Boot can't be disabled on those, I don't expect Ubuntu to be installable on them.

            Grub2 is for PCs. MS requires that Secure Boot can be disabled on those, so any Linux can be installed. The real issue is a usability one. If the appropriate keys are on the hardware/firmware, the candidate Linux user won't have to do any scary stuff like installing keys or changing EFI security settings.

            For my hardware, however, the FSF proposal seems the right one: I should be able to produce and install my own platform key and, after that, maintain my own software key store. Without that the hardware is not really fully mine and is more or less deficient from its design.

            1. AdamWill

              Re: But

              Your understanding is incorrect. Secure Boot will be implemented on both x86 and ARM UEFI-based, Windows 8-certified systems. The difference is that the requirements for each are different. The requirements for x86 systems state that the user *must* be able to disable Secure Boot and/or (I'm not clear whether it's 'and' or 'or') enrol their own keys. By contrast, the Windows RT (ARM) certification requirements state that the user must *not* be able to disable Secure Boot. There's a big difference between x86 and ARM, but not the one you think.

              All the Fedora and Ubuntu discussion is in relation to the x86 platform, not ARM. We (Fedora) have stated that we won't provide a Microsoft/Verisign-signed ARM build because we don't agree with the ARM certification requirements (and also because there'll be lots of non-Windows ARM hardware, so we don't really envisage it being such an issue as on x86).

          2. JEDIDIAH
            Linux

            Re: But

            ARM is just another microprocessor like PPC or 68k or Sparc or Alpha.

            ARM doesn't mean Tivo.

          3. Yet Another Anonymous coward Silver badge

            Re: But

            >This whole article is talking about ARM systems NOT PCs - RTFA

            No you RTFA. On ARM there is no choice - the signing process only allows a single key. The HW maker decided if they want that to be a Windows key and so allow Win8 or a user key to allow you to run what you want. But the decision is made at build time by the maker. You could try calling Foxconn and askign for your key to be built into a single tablet ....

            On the PC you can have mutliple keys but the OS has to be signed by one of them. So you can buy a key from Microsoft or you can use your own. But if you use your own you can't tell anyone the secret - which the GPLv3 may require you to do.

          4. AdamWill

            Re: But

            The article is a bit confusing, really. It hauls in ARM in the last paragraph; the earlier bits of the article which quote Fedora, Ubuntu, FSF, SFLC et al don't explicitly mention it at all, and having been involved in a lot of those debates, it's broadly been x86 that's been at issue, not ARM. AFAIK all the public statements from Ubuntu have focused on x86, not ARM.

            The situation on ARM - Windows RT - is very straightforward; all RT OEM devices will have Secure Boot enabled with a Microsoft key, and you won't be able to disable it or enrol your own keys. They'll be exactly as locked down as all iPhones and iPads and most Android phones/tablets.

        4. Sean Timarco Baggaley
          FAIL

          @boltar:

          "PCs however have ALWAYS been open "

          No. No they haven't. Seriously, would it kill you to do some research before posting your reply?

          IBM copyrighted their original PC BIOS. It took a few years for Compaq to create a complete clean room reverse-engineered version of it for their own clones, and other companies followed their lead. THAT was how the closed IBM PC platform was forced open. This was never IBM's original plan for the PC.

          Prior to that reverse-engineered BIOS, there were a bunch of "nearly-compatible" PCs from the likes of Apricot and others which could run most PC software, but were never 100% compatible due to hardware specifications and BIOS differences.

          In fact, almost every personal computer—from the PC right down to the Atari ST, Commodore Amiga and even the humble ZX Spectrum—was designed to be "closed", not "open". Such "closed" systems were the norm, not the exception back then.

          Linux (and other operating systems) running on PCs has always been an aberration. As the industry moves away from the traditional PC form-factors, the GNU / Linux community is going to be facing an awful lot more of this sort of thing. Once you get into the "design the whole widget" mentality, the arguments for making your platform open fall by the wayside. Even Android is effectively closed.

          Demanding that for-profit corporations with vested interests in closed platforms accede to your demands for openness is futile. It just opens them up to greater support costs, which is a cost most would rather avoid. A better target for the GNU and FOSS communities' efforts would be in designing their own, open, secure platforms built around their open software. It's not that difficult as most of the components would stay the same.

          1. JEDIDIAH
            Linux

            Re: @boltar:

            You're the idiot talking straight out of your nether regions.

            ALL of those systems allowed for full control of the hardware and for you to boot any OS of your choosing. You are trying to conflate the ownership of the BIOS code with a regime that prevents the end user from running any OS you like.

            There have always been alternate operating systems. The field for PC based operating systems used to be actually rather competitive. There have also been complete or partial replacements for the system software in systems like the Amiga or Atari ST.

            The first Linux user I ever encountered ran it on a Falcon.

            You're either stupid or a shameless liar.

            1. This post has been deleted by its author

          2. ricegf
            Linux

            Re: @boltar:

            I've been around since well before the first home computers were built in the 1970s. I actually built an 8080-based PC (of course I built a processor from SSI, too, but the 8080 was a bit faster ;-). I worked with two fussbudget original IBM PCs in 1982, one of which wouldn't boot until you dropped the keyboard from 3 feet off the table, then you had to find and snap back on the keys that went flying - this was NOT an "IBM quality machine" to say the least! I lusted after the Amiga, played with an Atari ST, enjoyed MacOS 1.0 and the much improved 2.0, and finally grudgingly adopted DOS and then Windows, and finally (oh the bliss!) discovered Linux.

            Having lived through the entire personal computer revolution, I can say with the fullest confidence that you are talking utter and complete nonsense.

            While the first paper describing the concept of a digital signature was presented in 1976, it was purely theoretical. The first commercially available digital signature system was introduced to the market in 1989, many years after Apple, Atari, Commodore, IBM, and a thousand midget start-ups created the home computer boom, the home computer bust, and the establishment of the de facto IBM Personal Computer standard.

            Each and every one of these computers would boot anything you put on its front switches, paper tape, cassette tape, stringy floppy, 8" floppy, 5 1/4" floppy, 3.5" floppy, ZIP drive, optical media, or USB flash drive. (See, I don't need to do the research - I have my own memory of every one of them! Would you like to see my copy of CP/M on 8" floppy? Still got it. Binary code for a 256 byte football game I wrote? Still got it. But I digress...)

            Since the ability to require digital signatures followed the IBM PC by about 7 years, I think we can be confident it hasn't "always" been the case that personal computers were limited to the vendor's "approved OS", nor is anyone demanding a "change" to keep systems open.

            By the way, I wrote an operating system of my own for my beloved Atari 800, after reading "De Re Atari" which documented every bit of the interface. It was pretty primitive, but dude, it was NOT digitally signed! :-D

          3. Richard Plinston

            Re: @boltar:

            > In fact, almost every personal computer—from the PC right down to the Atari ST, Commodore Amiga and even the humble ZX Spectrum—was designed to be "closed", not "open". Such "closed" systems were the norm, not the exception back then.

            The original PC, the Altair was open. Most small computers (by manufacturer/model) in the late 70 were completely open, many were S100 based or similar with fully published specs. Many ran CP/M but several other OSes were available, some were CP/M clones others completely different.

            I don't know what definition you have invented for 'open' and 'closed' but you are quite wrong by any means.

            The IBM PC was also completely open. It was fully specified. Anyone could build, for example, add-on boards or implement an OS for it. In fact IBM sold 3 different OSes: PC-DOS, CP/M-86 and UCSD.

            It happened that IBM did not want their BIOS stolen by other manufacturers, but that does not make it 'closed', actually they could licence it.

            Many non-IBM-PCs ran MS-DOS and most software (as well as other OSes), the limitation was not so much the BIOS but the video cards. MS-DOS was very poor at screen display, BIOS wasn't much better, much PC software did direct writes to the CGA or Hercules cards (note how open because Hercules could make plug in graphics cards). Many non-IBMs had much better graphics, but not CGA compatible.

            1. wayward4now
              Linux

              Re: @boltar:

              No one has mentioned the original Apple ][. I mean the one with Integer Basic in rom. Not only was the source code for Integer and Floating Point (Apple Soft) Basic included, the source code for the mini-assembler was too. PLUS all of the pins for the slots and motherboard details and logic diagrams included in the original Red and Blue books. Jobs got rid of all that openess toot-sweet. The Woz was about Open Source before anyone invented the term. That little machine was a dream. I loved mine, and hated Apple when they invited us original investor/owners to take a hike. I spit every time Jobs name comes up, and I've long since run out of spit.

              Oh yeah, sometime later a little company named "IBM" introduced a computer that you could open up and plug little cards into slots, and that started the consumer PC revolution. The Woz had it right.

        5. RICHTO
          Flame

          Re: But

          Have you looked on Secunia.org in the last ten years? MS has a much better record on security than say Linux or OS-X.

          1. jbuk1
            FAIL

            Re: But

            That's hardly apples for apples.

            When you say Linux I presume you mean the entire eco-system compared to when you say Microsoft and you actually just mean Windows vulns.

            Finding bugs is also a positive side effect of open source software, not a negative.

      2. PaulR79

        Re: But

        All are signed and locked, some manufacturers now allow you to unlock them for free. Encrypting them as well is what started a lot of people rising up against it since prior to that it was just a case of finding an exploit. It still isn't ideal unless you own a Nexus device but it shows that enough of a backlash can make them think about stupid choices. Will it affect Microshaft? I doubt it but I'm pretty confident that a way to install what you want on the ARM tablets will be found.

    2. Anonymous Coward
      Anonymous Coward

      Re: And

      And it's all thanks to Stallman and his GPL3.

      1. This post has been deleted by its author

  3. Benjamin 4

    And how many viri in modern times actually act in this manner?

    1. Suricou Raven

      None. I've read of bootloader rootkits being produced by researchers as proof of concept, but I haven't heard of one actually being used for a real hack, ever. There were viruses once that used the technique to infect floppy disks, but those died out with the floppy.

      1. Rick Giles
        Headmaster

        Proper terminonlogy

        "...used for a real hack..."

        It should be crack, not hack. Crackers break in to systems. Hackers make systems do new, clever things that the designers never considered. Get it straight.

        I will for give you as you are probably like the other 90% of the population and believe everything the mass media spoon feeds you.

        1. Anonymous Coward
          Anonymous Coward

          Re: Proper terminonlogy

          Whether malicious or not, your still modifying the system to do something other than intended. I used to be like you trying to correct people, but when 90% of the security community doesn't distinguish between the two, there's little point in trying to blame media for the issue.

      2. tom dial Silver badge
        Stop

        A "boot sector infector" was, by any reasonable understanding, a primitive example of a bootloader rootkit. We had these way back in the late years of the 20th century, although mostly MS-DOS target had no security.

    2. Anonymous Coward
      Anonymous Coward

      Quite a few - particularly nasty and stealthy

      Of notice: Mbroot (behind the famous Torpig/Sinowal botnet) and more recently Popureb, behind the TDL4 botnet.

      1. Christian Berger

        Re: Quite a few - particularly nasty and stealthy

        I wonder what kind of privileges do you need to install such a piece of malware? Couldn't you, in any that case just modify your system while it runs then?

        1. Anonymous Coward
          Anonymous Coward

          Re: Quite a few - particularly nasty and stealthy

          What kind of privileges? The usual administrator, of course. If you have privileges to partition the disk you can install a boot virus.

          I'm not sure what you mean by the second question. Do boot viruses change the system while it runs? Yes. Some malware even installs their own hardware hypervisor and run the OS on top of that - see Blue Pill.

  4. Mike Judge
    Thumb Up

    Fixed it for ya.

    " It’s part of an emerging Redmond policy to lock-down Windows 8 ARM tablets to head off people installing Android on a Windows 8RT tablet"

  5. Anonymous Coward
    Anonymous Coward

    I think it's time we let EU decide

    Isn't this when we get the EU to tell Microsoft "Sorry, you can't lock out competition like that", and explain financially why this is a bad thing for microsoft? I hear they need more money to save Italy and Spain. ;)

    1. Anonymous Coward
      Anonymous Coward

      Re: I think it's time we let EU decide

      Time for another big fine from the European Community now I think.

    2. Suricou Raven

      Re: I think it's time we let EU decide

      Good idea. And when the legal case finishes in about ten years, Microsoft will face another billion-dollar fine. But by then they will have destroyed all competition and indirectly made tens of billions, so for them it'll be a net win.

    3. Yet Another Anonymous coward Silver badge

      Re: I think it's time we let EU decide

      And Microsoft says "Monopoly ? What monopoly ? We are the poor oppressed new entrants into a market dominated by Apple - you might want to go and look at Apple's open policies first"

    4. BrownishMonstr

      Re: I think it's time we let EU decide

      Agree with the above post. There ain't no way they would sue Microsoft, their market share is pretty low so it's not gonna affect anyone or lock out competition.

      Too lazy to write in a new post: They're only doing this on their ARM devices. Oh and considering they're gonna be making their own tablet, I doubt they want another OS making their device slow and crappy. If that happens then it would look bad on them. Let's not mention that 8 will it slow and crappy.

  6. Ole Juul
    Thumb Down

    Windows 8 compatible

    One more thing to look out for.

    1. tirk
      Thumb Down

      Re: Windows 8 compatible

      Interesting that secure boot is a requirement to get this logo, but a touch screen (which you actually do need to make Metro useable) isn't. Now what should we conclude from this? Either a/ MS care deeply about the security of their users or b/ MS care deeply about the security of their revenue stream?

      1. BrownishMonstr

        Re: Windows 8 compatible

        That's like saying current gen consoles should have only worked with HD TVs when they came out. Touch Screen Monitors/TVs aren't that common yet and I'm sure the peeps would cry if they did. Oh, and Metro is usable with a mouse. That, or I'm a genius.

  7. Anonymous Coward
    Anonymous Coward

    UEFI is okay, it's just the "secure boot" part of it. EFI is in all Macs and boots anything you like.

    1. Greg J Preece

      "EFI is in all Macs and boots anything you like."

      Er, no. Mac's bastardised version of EFI is in all Macs, and boots whatever you like so long as you buy it chocolates first, and know all the magic hexes required. Three reboots to get rEFIt installed is pretty easy, but on my 2011 MacBook the booting process is:

      1. Hold down the option key to select rEFIt from the options under the Mac boot menu. This - *somehow* - gives the non-Mac operating system correct access to power control and screen brightness.

      2. Select Linux or Windows from rEFIt. This doesn't boot Windows or Linux - it boots GRUB2.

      3. Select Linux or Windows from GRUB2. Now they boot.

      Bit of a faff, wouldn't you say? And don't even get me started on setting up the machine that way in the first place. The partition editor in OSX is a fecking joke.

      1. Anonymous Coward
        Anonymous Coward

        rEFIt @Greg Preece

        That's just one way of doing it. Maybe the most flexible and graphical.

        However if you dislike having so many steps just set GRUB with native EFI as your only bootloader or use the Apple boot loader method.

        Read this for details.

    2. David Simpson 1
      FAIL

      Nope - without using GRUB you need to use Bootcamp to install Windows from within OS X - That's offically locked down.

      1. JEDIDIAH
        Linux

        Trying to fail...

        All I've ever done is boot the MacOS installer disk to reset the boot options and partition types and just go happily on my way. Having a PC style boot menu and config screen would be nice but isn't strictly necessary.

        It's a little bothersome but you don't have to actually 'crack" anything.

  8. Captain TickTock
    Devil

    Singed by Microsoft

    Dance with the Devil, and you gonna get burned ;-)

  9. Anonymous Coward
    Anonymous Coward

    Any hardware that implements it...

    ...isn't going to be bought by me.

  10. banjomike
    Thumb Up

    ANOTHER great reason to ignore Windows 8

    I hope Windows 9 is better.

    1. Dave 126 Silver badge

      Re: ANOTHER great reason to ignore Windows 8

      I don't see why they couldn't just make it 'Windows 7 Tablet PC Edition', as they did with XP.

      1. adnim

        Re: ANOTHER great reason to ignore Windows 8

        "I don't see why they couldn't just make it 'Windows 7 Tablet PC Edition', as they did with XP."

        'cos they want windows 7 desktop users to think it is an upgrade from windows 7 for desktop PC's and hence buy it. With such a name as you suggest, it would only appeal to Windows tablet PC owners, all 6 of them. ;-)

      2. Goat Jam
        FAIL

        Re: ANOTHER great reason to ignore Windows 8

        "I don't see why they couldn't just make it 'Windows 7 Tablet PC Edition', as they did with XP."

        Yes, because that was such a massive marketplace success, wasn't it.

  11. A J Stiles

    Boot Loader Locking

    How in the name of all that's sane and wholesome is locking down the boot loader not blatant anti-competitive behaviour? If some people are denied keys for perfectly legitimate software, that the gatekeepers are abusing their position. If, on the other hand, anybody can get a signed boot loader key, then that includes malware authors -- and so boot loader locking isn't fit for purpose.

    This wants to be brought to the attention of The Relevant Authorities as soon as possible. I will start by writing to my MP and my MEP. Has anyone any better suggestions?

    This is precisely the sort of situation that GPL3 was intended to prevent. Releasing a boot loader under GPL3 in such a régime would require you either to release the signing keys, or to offer a signing service at no cost.

    1. Anonymous Coward
      Anonymous Coward

      Re: Boot Loader Locking

      There is nothing to stop you going into the UEFI and turning off secure boot. MS have only said that it can't be turned off for ARM devices.

      1. Tom 7

        Re: Boot Loader Locking

        Of course the last thing MS would want is for someone to install linux on an arm machine that's had windows on it and discover linux knocks it into a cocked hat - and also runs a full blown Libre Office while MS can only manage a cut down version of Office.

        Who would want a full blown computer system on an ARM device for free when you can have a cut down version for about 50% on the price??

      2. Tom 35

        Re: Boot Loader Locking

        But they also don't say they have to provide the option to turn it off... nudge, nudge, wink, wink.

        You think low end HP/DELL/Acer... type boxes will include an off switch? Just something they have to support. Like they have for options to turn on hardware virtualization they will just skip it.

        1. Anonymous Coward
          Anonymous Coward

          Re: Boot Loader Locking

          @Tom - Yes, I do think that the low end boxes will have the ability to switch it off, this is the recommendation of the UEFI manufacturers who make the UEFI code for the system manufacturers. Suggesting anything else, until there is evidence, is veering into conspiracy theories.

        2. Ken Hagan Gold badge

          Re: something they have to support

          Er, no. It most certainly won't be something they have to support. Most of these big brands drop you like a ticking bomb if you even ask for the original installation media for the OS you've bought. Messing about in the BIOS is going to put you so far outside "support" that you'll need a telescope to find your way home. It always has done.

        3. AdamWill

          Re: Boot Loader Locking

          Yes, they do. The x86 certification requirements explicitly require that it be possible to disable Secure Boot.

          This is public information. Direct quotation: "Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv."

          http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256

          1. Anonymous Coward
            Anonymous Coward

            Re: Boot Loader Locking

            Isn't this a change from their earlier stance ?

            I'm reasonably sure that MS originally were going to leave this up to the board/bios manufacturers. Because this would cost more to implement, it was thought that most wouldn't, and this is what caused all the fury initially.

      3. Sloppy Crapmonster
        WTF?

        Re: Boot Loader Locking

        "There is nothing to stop you going into the UEFI and turning off secure boot. MS have only said that it can't be turned off for ARM devices."

        There is nothing to stop you going into the UEFI and turning off secure boot. MS have only said you can't go into the UEFI and turn off secure boot.

      4. tom dial Silver badge

        Re: Boot Loader Locking

        There are two issues here. For ARM, secure boot can't be turned off. Now, I might like a Surface - it is an interesting piece of hardware - but if I don't have the freedom to install a different OS, I don't fully own it.

        For x86, I might want to secure boot my own OS. There actually are some possible advantages to secure boot. Just turning it off disables a feature which, if I bought the hardware, I feel I should be entitled to use.

        1. AdamWill

          Re: Boot Loader Locking

          For x86, the certification requirements also require that the user be able to enrol their own keys. See the links I posted in several other replies.

          For ARM, yep, you just have to treat Windows RT hardware like an iPhone or most Android phones; don't assume you'll easily be able to deploy anything but the stock OS. If that's not what you want, buy something else.

    2. Peter Gathercole Silver badge
      Meh

      Re: Boot Loader Locking

      Yes, but Microsoft will play on the security side of what this does, pointing out the exposure that all systems without it will have, and also how sophisticated exploit writers are becoming, and how little ordinary users understand about managing their systems (lots of stats about people who install firewalls or UAC and then ignore it).

      Their view is tha the colateral damage to other OSs (which aren't really important anyway in MS's view) is just unfortunate, and will only affect commodity systems, as specialist systems will be run by specialists who will not be using the type of hardware they are suggesting.

      Quite honestly, it's only been a matter of time before this happened. Ross Anderson had it right all along.

      It is a problem, but one that we will get around, either by ignoring Windows 8 on tablets or related devices, or finding some way to break it. I favour making sure that hardware vendors are not peanalised for selling systems that do not have Windows 8 on them (by legislation, if necessary), and then letting the market sort itself out. Discounts to vendors for *ONLY* installing Windows on their procucts should be illegal, and would eliminate this problem immediately.

    3. AdamWill

      Re: Boot Loader Locking

      "How in the name of all that's sane and wholesome is locking down the boot loader not blatant anti-competitive behaviour?"

      It's quite simple, really. The Secure Boot specifications don't say 'Microsoft is the only entity allowed to implement Secure Boot'. The Microsoft Windows 8 certification requirements don't say 'you cannot include anyone else's Secure Boot implementation'.

      I'm not a lawyer, but I find it very hard to see how you could successfully characterize anything MS has done in relation to Secure Boot as anti-competitive to a standard that would satisfy a court of law. Secure Boot is a properly negotiated industry standard which does not in any way favour any vendor. All it does is define a mechanism by which the firmware can enforce signing requirements on executed code. It says nothing about who should do the signing.

      Microsoft's certification requirements basically tell the OEM (I'm paraphrasing): 'You must include Microsoft's signing key in the firmware'. That's it. They don't say 'you cannot include any other key'. What Microsoft requires doesn't stop anyone _else_ setting up as a signing authority. An OEM could ship Microsoft's key _and_ any number of other keys from other authorities and still be perfectly in line with Microsoft's certification requirements. So what's the anti-competitive behaviour on Microsoft's part? You'd have a hard job arguing to a court of law that it's Microsoft's fault that no-one else is willing to act as a public signing authority. Microsoft isn't doing anything to stop them.

      There is one nasty technical wrinkle to do with firmware loading which makes multi-key setups rather more difficult to do in practice, but I suspect it'd be very difficult to convince a court of law that's intentional anti-competitive behaviour on Microsoft's part rather than a routine by-the-numbers screw-up by a standards setting body. It's not like that doesn't happen every damn week.

      Beyond all that, as a concession to objections to the Secure Boot requirements, Microsoft put it in the certification requirements that it must be possible to disable Secure Boot. Now in practice we (Fedora, Ubuntu etc) worry that most people aren't going to want to go into the firmware configuration interface and flip a switch just to install Linux, but the fact that they _can_ would carry a lot of weight with a court of law.

      So, I don't think (though I'm not a lawyer, and this is not legal advice) anyone would stand a whelk's chance in a supernova bringing a case against Microsoft under anti-competition law in the EU or anywhere else over Secure Boot. There just isn't a strong enough case there.

      Add to that, I don't actually think that there *is* an evil Microsoft anti-competitive plot in the Secure Boot requirements. Sorry, I know that's dull and makes me an evil stooge, but really, people, think for a bit. This is not 1998. There is no traditional desktop operating system war any more. It ended at least five years ago. Microsoft won, a very Pyrrhic victory. The traditional desktop computer operating system market is now a boring, mature dead-end like mainframes or SQL. It's going to be around for decades but it's not going to change much or in any exciting ways. There will be boring desktop computers in boring companies for years for exactly the same reason there are still thirty year-old databases in the same boring companies, but they're not going to go making huge radical changes to the configuration - because they're _legacy systems_. They stick around because they do the job already and no-one wants to spend the time and money to change them, so why change them to another OS? It's just not going to happen. There will be a very gradual dwindling of Windows usage over time but it won't be via mass conversions to Linux or any other conventional desktop operating system. (Related to this, I predict that Windows 7 will be the next Windows 98 and Windows XP; big enterprises are certainly not going to shell out zillions for an 'upgrade' to Windows 8 which will only cause them unnecessary pain. Microsoft will be stuck maintaining Windows 7 for decades, because it needs the support contracts, but it won't be a growing sexy business and will just contribute to the whole dead weight effect that's been keeping Microsoft in a holding pattern for a decade.)

      Microsoft isn't fighting Linux any more, it hasn't been for years. It doesn't care about us (or any other alternative x86 desktop operating system) any more. Secure Boot is actually quite a lot about boot security, probably a small amount about anti-piracy (most Windows 7 piracy revolves around bootloader exploits), and not at all about squelching alternative desktop operating systems. Microsoft doesn't _need_ to do that any more. Even Canonical isn't talking about the great desktop wars any more, it's talking about Ubuntu on cellphones and TVs and In The Cloud. Wake up and smell the damn coffee, it's a new world out there, and Windows Versus Linux is not a big part of it any more. As far as Secure Boot inconveniences other desktop operating systems, that is a symptom not of a grand evil anti-competitive conspiracy on Microsoft's part, but unwilful negligence. They just don't really care. Elephants don't care about ants, they just tread on them.

    4. Number6

      Re: Boot Loader Locking

      I'd say that if Microsoft want to produce their own hardware (or pay someone else to do it and stick an MS logo on the outside) then they're perfectly free to ask for secure boot, in the same way that Apple operate a closed shop.

      However, I would consider it to be anti-competitive to then turn around and insist that all hardware made by a manufacturer has to be similarly encumbered 'or else'. They could always ask for an API call in the BIOS to see if secure boot is enabled and so refuse to run Windows 8 on the hardware if it isn't.

      1. Anonymous Coward
        Anonymous Coward

        Re: Boot Loader Locking

        @Number 6 - Secure Boot is only available on UEFI systems, Windows 8 will still function with secure boot switched off on UEFI, or with its absence on legacy BIOS systems. What Secure Boot does is, if it's on, prevents the system booting from non-signed bootloaders. You can't have the bootloader question the UEFI to find out if Secure Boot is on or off, because it's already started to execute code by then and this would mean game over from a preventing the execution of un-authorised code point of view.

        Add to that a massive elephant in the room which seems to have been overlooked by almost everyone: If MS somehow prevent Secure Boot from being switched off, the biggest losers will be MS. This will halt sales of Win7 and XP licences to corporate environments who need new hardware but use OSes for a long time. These are MS' main customers and MS don't like to annoy them.

  12. Anonymous Coward
    Anonymous Coward

    The FSF sees the mechanism as a threat to users' freedoms and takes the position that user-generated keys and a GPL v3 boot loader is the best combination.

    I'm far from being a Free Software nutter but UEFI Secure Boot is a sham, and the FSF playing along is a shame. Talk about protecting freedom...

    The only "best" combination is to have a way to disable Secure Boot, and to refuse buying hardware that is helplessly locked down.

    1. ScottME
      WTF?

      I'll definitely be looking to buy only hardware that has an option to disable secure boot. I require to be able to run whatever software I choose on hardware that I've bought. Perhaps they could put a flashing red light on during the boot process to warn me that I'm booting unsigned or self-signed code, so long as I can ignore it I'd be happy.

      1. Christian Berger

        Yes, or your firmware stores a hash of the last bootloader and if you try to boot one where the hash doesn't fit, it'll alert you and you need to press a combination of buttons to go ahead.

        1. Anonymous Coward
          Thumb Up

          "...it'll alert you and you need to press a combination of buttons to go ahead."

          That's actually quite a cool idea.

          1. Richard 12 Silver badge
            Facepalm

            @Skelband

            And also the one that everybody outside of Microsoft has thought of, suggested, and yet UEFI rejected the idea for no reason whatsoever.

            Which is rather odd, don't you think?

            Especially as the 'security' aspect of this supposed feature would be better served by a "Woah, your boot sector and/or UEFI firmware just changed. Did you mean to do that?" warning.

            For bonus points, adding a signed Flash copy of what should be there that the UEFI could use instead or copy back to the drive.

            Or you could instead put in a system that deliberately locks out other suppliers and hobbyists, and bricks the machine if a virus did ever infect the MBR or UEFI. Yeah, let's do that.

  13. flying_walrus
    Paris Hilton

    FSF vs SFLC

    i find it quite telling that the FSF can't agree with it's own lawyers about what GPL v3 means!

    Paris because, well, paris.

    1. AdamWill

      Re: FSF vs SFLC

      The SFLC is not 'FSF's own lawyers'. FSF has its own lawyers. SFLC is an independent organization.

  14. Anonymous Coward
    Anonymous Coward

    MS Dirty Tricks Again

    I certainly won't be buying any hardware that doesn't allow me to turn off (in)secure boot. As far as MS is concerned this has nothing to do with security, it's purposes are to lock out the competition, DRM and antipiracy.

    MS, you can fool all the people some of the time, and some of the people all the time, but you cannot fool all the people all the time.

    I call it insecure boot as it is presenting hackers with a wonderful target to get under the OS. Expect exploits of a very nasty nature.

    1. Anonymous Coward
      Anonymous Coward

      Re: MS Dirty Tricks Again

      It did not take long for the PS3 keys or the Blue Ray keys to get leaked/cracked did it? How much quicker will it be when something like this effects more than just a TV set or a Games console?

      1. Tom 35

        Re: MS Dirty Tricks Again

        Yes it will be cracked in 5 minutes. But it will still be effective for Joe average.

        While you can jailbreak your iphone or install a custom ROM on your Android phone the number of people who do is small.

        If Mom buys a laptop with Win8 on it and hates it, she can't install Win7 on it, forget Linux.

        1. Anonymous Coward
          Anonymous Coward

          Re: MS Dirty Tricks Again

          @Tom 35 - Your last line is exactly why MS won't be trying to make manufacturers prevent secure boot being switched off. If you can't install a previous version of Windows on a new PC, none of the corporate environments will be able to revert to their chosen version of Windows, MS will never allow this to happen.

          1. Tom 35

            Re: MS Dirty Tricks Again

            @ AC

            I said Joe user / Mom. Some cheap ass Acer from Bestbuy or a Dell Inspiron.

            Sure a business class computer is more likely to have a switch (just like Hardware virtualization controls in the BIOS today) but I will not be at all surprised to see consumer level computers with no off switch for secure boot.

            1. Ken Hagan Gold badge

              Re: MS Dirty Tricks Again

              Your distinction between "cheap" computers and "business class" does not chime with my experience. Your Fortune 500 suits might all be buying branded boxes but the vast majority of businesses use beige boxes from whoever shows up cheapest on eBuyer or the like.

        2. Richard 12 Silver badge
          Mushroom

          Re: MS Dirty Tricks Again

          No, it'll be completely ineffective for Joe Average, because once the keys are leaked or discovered, there will be a massive spate of signed virus and trojan infections.

          Cleaning that mess up will take years, probably making Melissa and DNSChanger look trivial by comparison.

          1. Ken Hagan Gold badge

            Re: spate of signed infections

            Nah, it'll be easy. Just revoke the keys and wait for everyone's BIOS to pick them up off the internet.

            Oh, wait...

    2. Fatman
      FAIL

      Re: MS Dirty Tricks Again

      I bet they have had this in the planning stages for a couple of years; waiting for the DOJ "watch period" to expire.

      Now, as you have succinctly put it, "Back To The Dirty Tricks Again".

      Most people have not realized what this may do the the eventual secondary resale market for used computers. Consider this possibility - a specific machine can not boot ANYTHING but the originally installed O/S, not even an upgrade to a newer version of Windows.

      PC, and tablets become LIMITED LIFESPAN THROWAWAY DEVICES - JUST LIKE CELL PHONES.

      After contemplating that one, see who benefits most??

      M$ dear hardware partners.

      You just bought a brick, just like the throwaway bricks called cell phones.

      BOHICA: (Bend Over Here It Comes Again!!)

      FAIL - because there is no other appropriate choice.

    3. Anonymous Coward
      Happy

      Re: MS Dirty Tricks Again

      Oh my fucking Cliche`, Cliche`, Clichet'.

      I will be happy when another land mine Microsoft lays, gets the customer waltz.

      I don't support ungay activites such as hacking and all that - nor malware because that is very very ungay.

      But I do support the idea of legitimate users hacking Microsofts bullshit to get their lives lived with the minimum of idiotic impediments.

      $10 to the first person who can disable or break MS's boot loader blocking.

    4. RICHTO
      Windows

      Re: MS Dirty Tricks Again

      Linux is hardly competion to Microsoft though - less that 1% market share versus over 90%

  15. TRT Silver badge
    Windows

    Well anyway...

    thank you for flagging that up. That's probably saved me a centimetre of hairline and 16 hours of work when I can't get MemTestGold or an ERP disc or my Win7install bootable USB stick working on a new machine someone's bought.

  16. Mr Temporary Handle
    WTF?

    I rather doubt the SFLC told him any such thing but we'll probably never know for sure as the SFLC are not about to admit that one of their 'clients' lied about the advice he was given. It being privileged information etc.

    What it looks like is another example of the "Not-Invented-Here" mentality which seems to have infected Canonical over the past couple of years. The alleged 'concern' over their signing key is simply a convenient excuse. One he's grabbed with both hands.

    Unity instead of Gnome/KDE, Upstart instead of Sysvinit/Systemd and now the Intel bootloader instead of Grub2. What's next I wonder?

    Hopefully this nonsense won't affect us too much as we build all our own systems and only use a customised Xubuntu build for desktop machines.

    If it does then we're buggered because we don't buy enough hardware to be able to exert any influence over our suppliers.

  17. Tom7
    Paris Hilton

    Um.

    Follow the logic with me here. If Ubuntu signed a GRUB2 loader and it got distributed, then, under the terms of the GRUB2 license, the signing key would also have to be distributed.

    So. Microsoft is signing a GRUB2 loader and Fedora is going to distribute it. So, under the terms of the GRUB2 license...

    Microsoft's signing key would have to be distributed? Or have I missed something here?

    Paris, because she misses most things.

    1. Mr Temporary Handle

      Re: Um.

      That is certainly what Mark Shuttleworth would have you believe but it simply isn't true.

      The very fact that Microsoft have agreed to provide a signing service for Fedora should go a long way to convincing you that he's lying.

      We all know how obssessive Microsoft are when it comes to protecting themselves. There is no way in hell they would risk having to release their signing keys. Or anything else for that matter :)

      1. Anonymous Coward
        Mushroom

        Re: Um.

        But the signed bootloader is actually being provided via a service from Verisign, so I'm sure that MS simply say that it isn't their key, they merely accept it on their hardware...

    2. tom dial Silver badge

      Re: Um.

      Canonical are required to provide the source code for their signed object module. If a someone else distributes it in a device context that requires the signed code to be verified, the someone else, not Canonical, is required to provide both the source code and the installation information needed to install a possibly modified version of the compiled object. The someone else could satisfy their GPL v3 obligation by providing to the user the capability to sign and install code compiled from source. The only circumstance in which Canonical's private key would be required is if the Canonical public key in the target device could not be replaced by the user. In that case, the "someone else" would be out of compliance with the GPL and might be compelled to stop distributing the product. Canonical would not have a GPL problem, any more than Fedora will have a problem with the object modules they sign using the key they obtained from Verisign. Microsoft's signing key is not at issue in this context because they do not knowingly provide source code for their programs.

  18. Anonymous Coward
    Anonymous Coward

    pah

    Ye gods, how many thousands of pages of irrelevant conspiracy theorist tosh and gallons of freetard spittle have been wasted on this topic? There will only be about 3 people in the world who will even want to load a new os on a winRT tablet..... If it matters to you that much buy a frikkin android tablet

    1. Anonymous Coward
      Anonymous Coward

      Re: pah

      Is the plan not to include this in desktop machines too? The bootloading changes have been pushed for all windows supporting machines, not just the ones with "tab" at the front. :(

    2. Anonymous Coward
      Anonymous Coward

      Re: pah

      "The rules are relaxed for Intel x86-powered systems and user-generated signing keys are allowed on this platform. On ARM systems, however, customised keys are forbidden and only a limited set of keys are recognised. It’s part of an emerging Redmond policy to lock-down Windows 8 ARM tablets to head off crashes, bugs and hacks."

      My mistake, I thought both would include the same exemptions or not. I can understand ARM being locked down. It's their tablet. I've no wishes for more walled gardens on desktops though.

      1. fnj

        Re: pah

        Do you have any idea how silly it is to be carrying on a conversation under the name "Anonymous Coward"?

      2. tom dial Silver badge

        Re: pah

        ARM is not "their" (i. e., Microsoft's) tablet. The first W8 tablet was announced a few weeks ago by either Acer or Asus (I don't remember which).

        And the W8 certification requirement for ARM-based equipment is that secure boot may not be disabled. I am not clear whether it allows installation of alternative product keys on W8 certified hardware, but guess probably not. For x86, the corresponding requirement is that disabling secure boot must be allowed, but there is no requirement I am aware of that it be possible to install keys to enable secure boot of other operating systems.

        Secure boot is not an intrinsically bad thing, but Microsoft's W8 certification requirement appear to have a substantial anticompetition component in addition to possibly questionable security benefits.

    3. Dave 126 Silver badge

      Re: pah

      What's the word from hardware manufacturers- how many have said Secure Boot can't be turned off in BIOS?

      1. AdamWill

        Re: pah

        None. I'm going to keep saying this until everyone in the world reads it, if necessary: the Windows 8 x86 certification requirements specifically require that the user be able to disable Secure Boot.

        "Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv."

        http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256

    4. Rick Giles
      Linux

      Re: pah

      "There will only be about 3 people in the world who will even want to load a new os on a winRT table..."

      And that will be the 3/4's fo the people that bought them then.

  19. Why Not?

    I give it a month

    One month then M$'s keys will be in the public domain. I think the hackers of all flavours will find it just too tempting.

    Have they thought of what will happen when their keys are broken and the hardware is rendered useless.

    Bill's boys will need deep pockets.

    Why not put a switch / jumper on the hardware that enables / disables.

    1. frank ly

      Re: I give it a month

      "... switch/jumper on the hardware ..."

      An excellent idea. Requires physical access to the hardware and a person who knows what they are doing. i.e. the sort of people who would want to install various flavours of another OS.

      However: why would manufacturers do this if they can take the easy way out and do what Microsoft tell them to do?

      1. AdamWill

        Re: I give it a month

        What Microsoft tells them to do is that they must include a firmware configuration option to disable Secure Boot.

        "Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv."

        http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256

    2. Anonymous Coward
      Unhappy

      Re: I give it a month

      "Why not put a switch / jumper on the hardware that enables / disables."

      Can you imagine the fun and games entailed in getting to that on a laptop? They'd make sure to design it so you had to take the entire machine apart.

      1. Law
        Go

        Re: I give it a month

        I doubt it. They already give you easy access to RAM/HDD spaces... they'd just stick the switch behind the battery or under the keyboard like they always do. May not be a jumper though, maybe some sort of switch.

    3. Anonymous Coward
      Anonymous Coward

      Re: I give it a month

      Maybe they've sorted out a key revocation and renewal system? They're not stupid. The problem with DVDs/BluRay, etc etc. is that the keys are physically installed on the disks and can't be changed. There is nothing to stop computers keys being updated and stored in static ram.

      1. Jordan Davenport

        Re: I give it a month

        "There is nothing to stop computers keys being updated and stored in static ram."

        Except for physical installation media. But that's probably why Microsoft is pushing people to download Windows 8 from their online store instead of purchasing it in a brick and mortar shop.

        Furthermore, updating from a leaked key to a fresh key would require installing the new public key from a potentially compromised system, which might allow anyone to install a "trusted" public key even for malware, unless Microsoft plans on forcing users to boot into the UEFI config to add the new key manually.

        1. Anonymous Coward
          Anonymous Coward

          Re: I give it a month

          @Jordan - some sort of recovery disk/USB stick would seem in order then.

          1. Richard 12 Silver badge
            FAIL

            Re: I give it a month

            How do you get the new key on there? How do you revoke the old ones?

            What happens when the 'master' key used to do the above is leaked or discovered?

            If you accept that you need a revocation mechanism because individual keys might get exposed and thus need revoking, you must also accept that all keys could suffer that same fate.

            The 'master' key is clearly the biggest prize...

    4. Fatman
      Holmes

      Re: Why not put a switch / jumper on the hardware that enables / disables.

      That could be easily accomplished by the use of a 3 contact Berg stick and a DIP jumper in line with the write enable lead to the flash chip.

      If you get a MB mfgr that is SO CHEAP that those few tenths of a cent of additional cost "hurt the bottom line"; then simply design the circuit with a "cut away trace", or a "bridge point" to allow the write enable line to be toggled.

      IOW - no fucking "big deal" for a MB mfgr that gives a shit about their customers, and isn't licking Ballmer's boots, currying favor.

  20. AndrueC Silver badge
    Joke

    efilinux?

    Ouch. I mis-read that at first as 'effin Linux'.

  21. Eponymous Cowherd
    Linux

    Excuse

    "The idea excuse is to block viruses from tampering with the boot process and injecting themselves into a system before they can be detected"

    There, that fixed that for you.

  22. Anonymous Coward
    Anonymous Coward

    Does ANYONE use GPL 3?

    Anecdotal I know but I've yet to meet anyone in real life who doesn't think GPL 3 is best avoided. Any good examples where its proved successful?

    1. fnj

      Re: Does ANYONE use GPL 3?

      "Today [2009], as announced by Google open-source programs office manager Chris DiBona, the number of open-source projects licensed under GPLv3 is at least 56,000." My beard is not long enough yet to make this a proper hyperlink http://news.cnet.com/8301-13505_3-10294452-16.html

      1. Jason Terando
        Meh

        Re: Does ANYONE use GPL 3?

        56,000? That's an impressive stat. Name 20 of them that more than 100 people use.

  23. Anonymous Coward
    FAIL

    open tablets

    Why all the gnashing of teeth about Microsoft preventing WinRT tablets from running alternative systems? As far as I understand it, it's only a requirement to have this lockdown in order to get the Win logo on the device. They can sell the same device without the Win logo and without this lockdown to anyone who might want to stick another OS on it? If someone wants to put Linux on it, surely they're not going to be dissuaded from doing that because the device is missing a Windows logo??????

    If we're worried about restrictive practices in the tablet business, why aren't we focusing on the market leader, Apple, which has taken legal and technical measures to stop you running either iOS (or OSX) on non-Apple hardware?

    1. fnj

      Re: open tablets

      Or why can't they just screw the stupid Windows 8 logo and put a label "This device can run both Windows 8 and other operating systems". Someone should start a distinctive free logo that says that.

      1. Fatman

        Re: Someone should start a distinctive free logo that says that.

        What I would like the FTC to do it to require a distinct label on any consumer device that restricts the consumer's ability to re-place the manufacturer supplied software with software of the user's own choosing.

        I suggest that for devices that are LOCKED DOWN, the logo include high stone (looking walls) and an iron gate (aka "jail bars"). Colloquially known as a WALLED GARDEN. (get sinister with this http: //scorechicago.files.wordpress.com/2008/08/walled-garden.jpg)

        For devices that allow the user to replace installed software, the logo should include a 'meadow view' that includes the clear sky. (try starting here http: //www.eddiebyrne.com/wordpress/site/images/SteamboatSprings_HotSprings_HighMeadow.jpg)

        Oh, and BTW, the logo for the locked down device must be 3 times the width, and 3 times the height of the minimum size specified for the 'open device', and have a bright red border around it.

    2. Ken Hagan Gold badge

      Re: open tablets

      "If someone wants to put Linux on it, surely they're not going to be dissuaded from doing that because the device is missing a Windows logo??????"

      You've got that the wrong way round. If someone wants to run the Windows it came with, they might well want to see the logo. Particularly if there is a competing device sitting next to it in the shop that has the logo. Therefore, at least as far as the manufacturer is concerned, the device needs to have the logo.

      Perhaps the FSF (or Google, if they are feeling non-evil today, or merely antagonistic to Microsoft) should start a "logo program" and make *insecure* boot a requirement. That would mean that hand-held devices could not have both logos.

      1. AdamWill

        Re: open tablets

        "You've got that the wrong way round. If someone wants to run the Windows it came with, they might well want to see the logo."

        That's only a secondary reason. The real power of the certification requirements is that you have to meet them in order to buy OEM Windows licenses from Microsoft at a substantial discount. If you don't meet the requirements Microsoft won't sell you bulk OEM licenses for your hardware; the only way you can pre-load Windows would be to buy a bunch of licenses at retail, which obviously costs way more. So in practice, as an OEM you have to comply with the requirements if you want to pre-load Windows, or else your costs will go through the roof compared with your competitors.

  24. Adrian Midgley 1
    Thumb Down

    Microsoft. Consistent

    In some entities consistency is a virtue.

  25. John 78

    Sounds like a stich up

    I can't see why the firmware can't just display a warning, saying the OS is not signed with an option to boot or not.

    1. Robert Sneddon

      Re: Sounds like a stich up

      Part-way through the installation process, a marching band comes high-stepping down the corridor into your cubicle playing "Don't click that malware button!" at 130dB accompanied by fireworks and strobe lights, and you click "yes I want to be anally raped by baboons on WebTV pay-per-view" anyway because that's what you do, clicky the linky.

      Ninety-nine times out of a hundred Joe Soap will clicky the linky no matter how much warning you give them. I may be underestimating the ratio a bit, though.

  26. tom dial Silver badge
    Linux

    Secure Boot and Grub2

    I assume Mr. Shuttleworth refers to conditions in GPL 3, para. 6 ("Conveying Non-Source Forms") which requires, in part, that "installation information" be conveyed with covered object code in cases where the object code is part of a "user product." In such cases, source code and installation information must be provided, and for secure boot that could be read so as to possibly require including the private signing key corresponding to the public key installed in the product.

    I believe this interpretation is incorrect with the remotely possible exception of such user products as Canonical might develop and offer. I have not heard of such products, either present or planned, and the Ubuntu GNU/Linux distribution itself does not appear to be a user product as defined in the paragraph. Otherwise, it is incumbent on the manufacturer of the product (not Canonical) to provide the required source code and installation information. Nothing requires the manufacturer to install Canonical's public key in the product, but if they do, they probably can comply with the GPL (V3) only by providing the source with information about how to create, install, and use user-generated keys. It is hard to imagine that they could compel Canonical to help them out of *their* GPL v3 violation. (This is the example Mr. Shuttleworth's gave in answer to my question.)

    Alternatively, a manufacturer could generate and use their own keys to sign the software. If they do so, they can comply with the GPL by providing their signing key (not likely) or (again) by providing the purchaser a means to generate and install keys and sign software. The user then could install Canonical's public key to enable update of Canonical's distributed software. Canonical's private key would be unnecessary.

    It might be good to have laws that exempt all private keys from disclosure, but I don't see the security and police establishments buying into that.

  27. Anonymous Coward
    Anonymous Coward

    You can probably thank Intel for all of this? makes you wonder why people want their lovely CPUs in phones, it will only make hack-ability ever harder still?

  28. AdamWill

    Clarifications: please understand the *actual* Microsoft Secure Boot requirements

    tl;dr summary: Please be accurate about the Microsoft Secure Boot requirements. For Windows 8 on x86 hardware, Microsoft *explicitly requires* that the user be able to disable Secure Boot, and enrol their own signing keys in the firmware. For Windows RT on ARM hardware, Microsoft explicitly requires that the user *not* be able to disable Secure Boot or enrol their own keys. Please, for the sake of accurate debate, understand the requirements and keep them in mind.

    All of this has been stated umpteen times, but apparently dozens of people still don't understand, so let's say it again. I've also written this almost identically in several direct replies. Sorry, Reg, but it's eminently clear that lots of people just aren't getting the message, so the only way to do it is to go around bashing it into their skulls forcibly.

    Secure Boot is a neutral part of the UEFI specification. It says nothing about specific implementations. Let's just get that out of the way as the starting point - Secure Boot _per se_ is just a standardized mechanism to allow code executed from the system firmware to be signed and verified against a list of keys stored in the firmware.

    Microsoft runs hardware certification schemes for OEMs. To say your system is certified for Windows and to get good terms from Microsoft to pre-load Windows on your system, you have to comply with the certification requirements. (Otherwise you'd just have to buy all your copies at retail, which in practice, no-one wants to do). So we can simplify and say that pretty much any system sold at retail with Windows pre-loaded must comply with Microsoft's certification requirements. This is Microsoft's lever in this case: the Windows certification requirements. They are public: you can read the entire thing in yawn-inducing detail here - http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256

    Here are the relevant Secure Boot requirements, verbatim (order reversed because one is much shorter and simpler than the other):

    "18. Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. A Windows Server may also disable Secure Boot remotely using a strongly authenticated (preferably public-key based) out-of-band management connection, such as to a baseboard management controller or service processor. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure Boot must not be possible on ARM systems.

    17. Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:

    1. It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.

    2. If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system is operating in Setup Mode with SecureBoot turned off.

    3. The firmware setup shall indicate if Secure Boot is turned on, and if it is operated in Standard or Custom Mode. The firmware setup must provide an option to return from Custom to Standard Mode which restores the factory defaults.On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enabled."

    In other words, exactly as stated in the tl;dr summary, for Windows 8 on x86, the system *must* allow the user to disable Secure Boot. A manufacturer *cannot* ship a system where you can't disable Secure Boot and comply with the Microsoft requirements.

    For Windows RT on ARM things are much more restrictive; such systems truly will be locked down and it will be more difficult to load alternative OSes. Of course, this is much the same as almost all existing ARM cellphones and tablets. It's also worth noting that Microsoft is in no kind of dominant/monopoly position in the ARM device market; there will be far more *non*-Windows RT devices than Windows RT devices.

    1. tom dial Silver badge
      Thumb Up

      Re: Clarifications: please understand the *actual* Microsoft Secure Boot requirements

      Thank you for the reference and clear summary of the facts, which might bring some clarity to the discussion.

  29. Madboater
    Facepalm

    "Cleaning up someone else's 'screw up'"

    That would be Microsoft Screw up in building the worlds most used PC OS that will run any old software without permission.

  30. JeffyPooh
    Pint

    I'm beginning to actively hate Ubuntu

    The twerps overwrote my PCs MBR with their defective initial 10.0 release. Major fail. I've still not forgiven them.

    Every time you boot it, there's 2700 updates available. Need to be an IT weenie to sort through the meaningless names to figure out what should be updated.

    Amateur hour.

    PS: No, I'm not interested in solutions. I'm just grumbling. ;-)

    1. AdamWill

      Re: I'm beginning to actively hate Ubuntu

      FWIW, having dealt with all manner of bootloader issues in validation for several Fedora releases, I am firmly of the opinion that it is literally impossible for an operating system installer / updater to correctly handle all possible BIOS/MBR bootloader configurations.

      The whole BIOS / MBR system for handling boot is a horrible design, fundamentally wrong in so many ways. Funnily enough, one of the few really good things about UEFI is that it has a much saner system for handling multiple boot configuration.

      So please have sympathy for OS developers in trying to handle BIOS-based boot. It's an impossibly difficult job...

    2. Gnomalarta
      FAIL

      Re: I'm beginning to actively hate Ubuntu

      Sorry about the MBR problem, never seen it on my various XP dual booting laptops over the past couple of years.

      You are not just grumbling you are also spreading FUD in regards to updates. Give me a system that keeps my OS AND software up to date over the Windows model any day.

      Your 'amateurs' remark would be quite funny if it were not for the fact that Windows is developed by people paid to it.

      1. h4rm0ny

        Re: I'm beginning to actively hate Ubuntu

        "Give me a system that keeps my OS AND software up to date over the Windows model any day."

        Like the Metro apps in the MS Marketplace on Win8?

        1. RICHTO
          Holmes

          Re: I'm beginning to actively hate Ubuntu

          Or like Windows Update does already?

    3. RICHTO

      Re: I'm beginning to actively hate Ubuntu

      Just be glad you dont use SUSE 10 then - over 3500 security vulnerabilities, or OS-X with over 1,600....

      To put that in perspective, Windows 7 has about 200, and even Windows XP only has about 450....

      1. AdamWill
        FAIL

        Re: I'm beginning to actively hate Ubuntu

        You can't judge anything by counting advisories. For only two factors, Linux distributions include far more components than bare Windows, and different companies have different policies for issuing advisories. You're using a completely crappy metric.

        1. RICHTO
          Mushroom

          Re: I'm beginning to actively hate Ubuntu

          They both have a Full DVD worth of code.

          Anyway, the same is true if you look at a 'cut down' version of Linux to match Windows features - far more vulnerabilities, with more critical ones, and a longer average fix time.

          Ditto browsers - IE9 has a much better security record since launch than Firefox, Chrome or Safari.

          The only reason Linux isnt hacked more than it already is is because of the 1% market share. As we have seen with Macs - that have only marginally better security than Linux - it takes at least a 5% market share before hackers even bother.

          Where Linux is actually used - for instance web hosting - you are many time more likely to be hacked if you run Linux than Windows, even adjusting for market share: http://www.zone-h.org/news/id/4737

    4. Anonymous Coward
      Anonymous Coward

      Re: I'm beginning to actively hate Ubuntu

      Why are you still trying to use a virgin two year old release ?

      You do know that there has been another LTS (5 years this time) release this year ?

  31. Mikey
    Facepalm

    All I can hear...

    ... is a load of freetards moaning about some restrictions in some hardware they probably wouldn't even buy in the first place. I mean, come on... would you lot REALLY buy a W8 tablet JUST to put linux on there? Would it even be worth it? Christ, you lot moan about MicroSoft enough as is without comitting the irony of buying something with their software on, even if it's to make some kind of hipster point about changing the OS.

    Let's face it, does anyone really buy up-to-date machines to run linux? I was under the impression that it works best on older hardware anyway. You know, the kind without all the shite you lot are moaning about? Do yourselves and the rest of the FOSS community a favour, and cease with the whining. Maybe even go develop some alternative open-sauce hadware that can run everything you want, all for free. Maybe an arduino or something. But please, stop with the dribbly diatribe about things that in all likelyhood will not, and never affect you while you're on the open-everything bandwagon. It's old, it's been said a million times, and has accomplished precisely sod-all.

    Yes, I use window. I'm a gamer, and I like my stuff to work without endless faffing. Yes, I've tried linux and found it too faffy. No, I don't care what you might wish to tell me about it. And please see the other comments about how the goddamned bootloader thing isn't mandatory. You lot seem to miss that quite often.

    Right, it's 01:02, and I'm tired. Cue the inevitable downvotes from those who realise I've had a go at their evangelistic OS viewpoint, and goodnight!

    1. Cameron Colley

      Re: All I can hear...

      Nice trolling. I bet those folks at CERN only use old hardware to run their faffy OS.

      Of course, that laptop you bought 5 years ago is still new hardware, isn't it? Hardware never ages, people never update their hardware, ever. People never give away hardware to friends and family to get them on the internet, then install Linux because it's better supported than the four-versions-behind-current Windows version that came on it. Nope, you're right, Linux will only ever be run on hardware made before 08/07/2012 and that hardware will, magically, always be just behind state-of-the-art for the rest of its life.

      So, that cleared up you ill-informed diatribe, didn't it?

  32. Andus McCoatover

    Read this, and immediately needed a nice cup of tea and a little lie down...

    Can we amend (amend implies correction after realisation of error) the GPL to have an equivalent of the US Second Amendment? This whole idea of Secure Boot, batteries modifying the BIOS, etc, is simply the thin end of the wedge. STOP, OK???

    You can determine how I run my OS when you prise it out of my cold, dead hands.

    Enough is enough.

  33. mike acker

    UEFI

    this is a critical move and a very good one. if we can design a mechanism that can verify the initial load of the o/s then the o/s should be able to check itself as it finishes loading.

    the danger remains in the attacker possibly being able to flash the bios or somehow modify the firmware used in the initial process. attackers have always preferred to inject their un-authorized programming into the system at the lowest level

    of course if the O/S is secure -- and it receives a BIOS update signed by the OEM -- then it would be expected that it would be safe to accept the update. but if the O/S were compromised, uuuugh

    all of which goes back to the note that security is like a balloon: 1 pin-prick and POP! it's gone.

    1. AdamWill

      Re: UEFI

      Firmware updates on Secure Boot-enabled systems have to be signed, I believe.

  34. jonfr
    Alert

    Windows 8

    I am never going to use Windows 8. No reason to do so. I am also not going to use Windows 9 or Windows 10. But that does not give Microsoft the right to tell me what I can and can't boot on my own computer.

    This is getting out of hand. This is our hardware that we buy for our money. They might have designed the Os and "licensed" it to us. But it does not give them right to control what we boot on our own hardware.

    1. RICHTO
      Mushroom

      Re: Windows 8

      No it doesn't - But Microsoft are not telling you anything about what you can or can't boot. They are making specific BIOS requirements only on hardware companies that want Windows certification, which is perfectly reasonable.

      If you don't like the implications, then you have the choice not to buy anything that's WIndows certified.

      Most people are happy to get a secure boot process and the extra malware protection it brings, and 99% of them don't care about Linux.

      The only thing Joe Public will likely care about is that it will probably be MUCH harder to install a warez version of Windows.

      1. Richard Plinston

        Re: Windows 8

        > The only thing Joe Public will likely care about is that it will probably be MUCH harder to install a warez version of Windows.

        What they will really care about is that it will be much harder to install their purchased legitimate copy of Windows XP or Windows 7 that they prefer the UI of.

        MS's business plan is to make Metro "the most familiar user interface" so that they demand it on their tablets and phones. They won't get that with downgrades to what people want.

        1. RICHTO
          Mushroom

          Re: Windows 8

          No it wont - You just turn off secure boot - or more than likely at least for Windows 7, Microsoft will release signed boot loaders.

          You are forgetting about xBox too!

          Consumers will come running to the better mouse trap, Microsoft wont have to push them. And likely secure boot will make the security gap between microsoft OSs and those with inherently much higher vulnerability counts like Linux and OS-X even bigger.

          If you look at a market for instance where Linux is actually used like Web hosting, you are many times more likely to be hacked running Linux than Windows:

          http://www.zone-h.org/news/id/4737

          And this is primarily because Linux has an order of magnitude more vulnerabilities than Windows. See Secunia.org

        2. Goat Jam
          FAIL

          Re: Windows 8

          "What they will really care about is that it will be much harder to install their purchased legitimate copy of Windows XP or Windows 7 that they prefer the UI of."

          If you are trying to install XP on your ARM tablet then you have bigger things to worry about than finding a hax0red signing key, I can assure you.

          1. Richard Plinston

            Re: Windows 8

            > If you are trying to install XP on your ARM tablet

            Given the title 'Windows 8' I wonder why you are so confused that you conflate this 'ARM'.

            Clue: On ARM the OS is called Windows RT, not Windows 8.

            1. tom dial Silver badge

              Re: Windows 8

              Pedantically correct. However, an issue here is one's control of the hardware one bought with one's own money. Microsoft grudgingly requires that on Windows-certified kit you be able to disable secure boot on x86 type, but on ARM type requires that you cannot. The distinction between Windows 6 (for Intel-like) and Windows RT (for ARM) is secondary. Most readers of this comment thread will have understood that with reminding.

  35. Ramazan

    He joined the gang

    and received its secret mark of The Beast. Fuck you, The Space Tourist Hardly Worth of a Shuttle.

  36. Herby

    Then you have other problems...

    Will they "support" this signing stuff two years from now? Will you need to sign with another key when motherboard vendors do a change? But I want to upgrade to the "next" version, and this motherboard only supports "this" version. Sorry, you need to get another hunk for hardware. Sound implausible? Not really!

    An Example of such stupidness:

    I had to work on a nice 2Wire DSL modem/WiFi/Router to change its credentials to access the DSL line proper. The unit was "locked up" needing a password. Not to worry, there is a "I forgot" button that (eventually) gets you to a page that says "use the 20 digit number displayed below and call support they will get you a temporary password". The problem is that the vendor (2Wire) and the DSL provider (who the vendor had pawned off all (and I mean ALL) support had lots all knowledge of the (I assume) simple program that translates the 20 digit number to a temporary password. So, the solution was to buy a new box to replace a perfectly good one that I lacked a password for.

    Could this happen for signing and motherboard vendors? I don't know, but we will be at the mercy of a SINGLE vendor for all of this mess, and things could change on Steve Ballmer's whim. This is NOT good!

  37. Magnus_Pym

    2 questions

    1. Can I boot a broken Windows 8 machine up from a linux based fix disk/stick.

    2. Can I dual boot into XP for some crappy third party application that the accounts dept 'must have' but the third party (bank, cough) hasn't updated.

This topic is closed for new posts.

Other stories you might like