Not the same thing.
There is nothing to stop you (in principle) from installing a different OS than intended on these systems.
The difference in this is case one's kernel must be signed, and the signing key recognised by the BIOS.
Computer scientists warn that proposed changes in firmware specifications may make it impossible to run “unauthorised” operating systems such as Linux and FreeBSD on PCs. Proposed changes to the Unified Extensible Firmware Interface (UEFI) firmware specifications would mean PCs would only boot from a digitally signed image …
Then, it should be a NATIONAL/GLOBAL mandate, not one from mshaft.
If it is about letting governments have backdoor, escrowed keys, then it should NOT BE ms that is the gatekeeper of those keys.
Stallman et al need to REALLY quit wasting time ranting about Android and kick it into full gear on this EFI/TC chip. Government COULD demand that all mass-maket or commercial/retail consumer computers capable of loading an OS must have a TC-type of BIOS regime, but then, it MUST be an OS agnostic system, not one that helps a piss-ant, ape-jumping company get rid of competitors.
Goddamn microsoft. JUST when I was gradually letting down my hair and easing up on anti-ms ranting, you STIR UP THIS SHIT AGAIN! I hate feeling filled with venom and vitriol, but goddammit, if i had the magic red nuke button, I'd kneecap that company, maybe up to the sternum.
All this benevolent kernel involvement was probably to get on working committees to get legit, timely, deep insight and constant data stream on how the Linux kernel development and deployment works JUST so ms and its root-sucking, jack-ass consortium of fools can support ms in coopting the boot/bios industry to the exclusion of all others, save for Apple.
Now, more than ever, foreign governments need to put a morningstar into ms' ass. In the name of national security, no government should let ms get away with this shit because it means likely only ONE country will have preview or full access to the global escrow.
This IS SCARY, and inFURIATING.
I still have a suspicion that ms has found ways to infiltrate and fuck up the distros distribution for the most popular distros such as Mandriva, PCLOS, Ubuntu and others. I for the past year have had increasing failure rates of installing PCLOS from magazine pressed/distributed discs than ever. It is maddening to have no clue, and no matter how thin or how fat an install, no matter which kernels, I have very little stability. I have no idea why ioslaves are rampantly failing for me. On FRESH installs, i'm talking about. It's so painful it drives paranoia a lot easier than questionable hardware. Each release of the kernels and update of KDE just brings me more and more frustration. I'm at the point where I feel I'd rather PAY $100 or $200 for someone to install it for me and provide me recovery disks and USB devices. But, i sure as hell will have them do it in a near-cleanroom setting, not from their own media and facility and have an opportunity to jack in some backdoor kit. I may inadvertently install a roge rpm, but it'll be MY error.
OTOH, I sometimes wonder whether the distros themselves may be making things randomly painful by over-providing, or on behalf of hardware dealers who wish they could be part of the build process. In either case, I want LINUX as the host OS, and any windows as a virtualized, sequestered, QUARANTINED GUEST! Not the other way around. It's my CHOICE and my RIGHT, and ms should be fracking happy they at LEAST get a legit sales via a legit consumer purchase out of me since my desired apps don't run well in wine or not at all in Linux.
If this was offered as an option at point of sale. I can see some benefit in corporate security terms in preventing a PC from booting from an "alien" OS eg off CD.
On the other hand if implemented across the board (no pun intended) it could well make homemade tools and recovery discs useless as well as dual boot systems.
But it would still boot off a signed CD (e.g. Windows).
If you don't want anything unauthorised booting it, turn off the boot from CD (floppy, usb, etc. etc.) options.
Even better, don't have a CD drive; lots of attack vectors suddenly disappear, and you don't want admin people walking around with CDs anyway; store them all on an admin only share.
It would *force* a company into a piecemeal upgrade of their systems.
No mid-to-large company wants to do that - they want to keep everybody on the previous version until they can shift everybody onto the new one.
This future is one where a company buying a new computer can *only* run the new OS on it. Your PC died and you need a new one, and it needs to run your legacy apps? Sorry, but MS says you can't do that.
You need those legacy apps to do your job? Oh, what a shame.
This would kill the Microsoft Windows PC, as no corporate could afford to accept it.
Businesses buy Windows PC's for end users. Consumers buy Windows PC's (and sometimes Apple's products)
Where exactly do you think the huge drop in sales is going to come from that would alter what manufacturers do? Do you honestly think that the tiny minority that run something other than Windows or Apple's OS, are going to influence manufacturers in any way whatsoever?
There are a variety of reasons why this initiative may fail dismally, and thankfully not make it to market, but a drop in sales isn't one of them.
"Where exactly do you think the huge drop in sales is going to come from that would alter what manufacturers do? Do you honestly think that the tiny minority that run something other than Windows or Apple's OS, are going to influence manufacturers in any way whatsoever?"
Um, do you have any idea how often the typical Linux user is asked for hardware purchase recommendations by non Linux users ? As far as I'm concerned, if hardware doesn't run Linux, by being closed, this means it's probably undocumented and barely tested, and we have no way of knowing how crap it really is. So it's likely to have problems being upgraded to the next version of ProprietaryNClosed OS, for which even the next forced patch level may very well break it.
Anyone who had to tell people to throw away cheap Winmodem crap once the software which worked on Windows N didn't work with Win N+1, and the manufacturer had lost interest in maintaining the drivers will know all about this.
Is only PART of the after-effect. For even daring to take part in such heinous acts they need to suffer severe legal retribution, plain, swift, simple, and enduring so they learn to not cozy up so much to a company that behaves like a tyrant yet donates to charitable causes to soften its rough edges.
Would ms and its chairpeople donate if the company's public image were not so under siege?
So, they finally feel bold enough to pull the trigger on Trusted Platform Computing? With the proliferation of tablets, cheap computers (Raspberry Pi), and phones?
Microsoft really thinks they are big enough to tell the PC makers "Hey, we want you to jump on this grenade to save us. Don't worry about the inevitable anti-trust suits, don't worry about having to keep your servers and your personal computer lines separate because servers need to run Linux, don't worry about anything but protecting Microsoft. GO!"
Wrong, GNU's Not Unix, but this is just blah blah and has nothing to do with what I'm saying here. Oracle (and Java probably too) aren't supported on FreeBSD, OpenBSD, NetBSD, fooBSD and barBSD while they are on RHEL, SLES, HP-UX, Solaris, AIX and even on Tru64 and this is what matters for server. If you are OK with limited box, then you may go with SheevaPlug and happily live together ever after. Most customers aren't and they want Linux
Ramazan, you are typical of the sort of fanboi I was referring to.
Have you looked at the top netcraft servers? Generally at least 4 out of 10 run FreeBSD. In the latest survey, there were more Freebsd than linux! http://news.netcraft.com/archives/2011/09/05/most-reliable-hosting-company-sites-in-august-2011.html
I also know MANY MANY enterprise servers that run FreeBSD, NetBSD, OpenBSD, etc.
netcraft themselves, yahoo, ISC, etc
Unfortunately, many of my customers are gradually switching to Linux, because a lor of the so called "unix" experts are only used to the many non-standard linuxisms with respect to unix (or unix like) implementations.
Why, isn't that smart? You buy a second-hand computer (not now, but say a tech generation or three after this gets put in practice) but no new copies of windows will run on it because the keys are "too old". And any alternative won't run at all. I can see why they like this idea. And now is a pretty good time to go for it, now that everybody knows that good handling of keys is essential and my aren't they proactive and Stuff. Only they're screwing you big time, like your computer is a game console. Only you didn't get the discount on the hardware. Way to productize your customers, micros~1.
I can't believe people didn't see this one. Even if they lose money on this now what it offers, in the future, is the ability to charge the hardware makers more in return for more sales.
Oooh IT downturn you say, we've got a new shiny shiny, but to use it you need to pay $X for each motherboard for your license to the key, so make them nice n pricey the sheep wont notice they'll just have to pay for a whole new system if they want it. They're used to that now...
Oh n dont forget as part of they key license, your only allowed to manufacture Y number of boards for those other OS's (erm non conforming boards)
Our only hope against this IS government intervention against the M$ monopoly. That has always worked in the past.... Ohhh.
It's a crying shame, but somehow I'm sure there will always be a market in motherboards that aren't crippled in this way.
Such a move would also create a new market in high quality firmware cracking tools just as there are already high quality Microsoft cracking tools. 'High Quality' means that they work and are not malicious, which is ironic because the copy protection mechanisms that they remove often do not work (self evidently) and are malicious (you're basically being spied on).
Inevitably though such firmware lockout schemes will make it into the millions of low quality computers that Dell and Acer must be selling at cost price these days. All Microsoft has to do is offer them another couple of dollars off Windows and the temptation to screw their customers would be overpowering as usual.
There is probably a market for this kind of thing in set top boxes and the like, when manufacturer's want to sell their hardware as a loss leader, and don't want some "scum" "bag" installing a proper OS on it and using it as a cheap PC. The Xbox will probably have this new firmware in it. But then the Xbox also breaks 5 times a day so there you have it.
The Great Jobs and his closed system goodness started all this and I hope the ifundies are proud of themselves for perpetuating it until it reached this epitome of ridiculousness.
If this isnt stopped then Microsoft have everyone by the curlies.
1. Assuming the ARM incompatibility re current windows apps is true - whole new app & systems will have to be upgraded, at once. Costs of which will kill small companies stone dead. Not to mention the lost business all such fundamental upgrades always bring.
2. Even if there *is* a way of bypassing it companies wont use it because of fear of being sued for using jailbroke software stacks. Think im a pessimist? Just look at the legal battles over curly corners happening right now.
3. Every single update will most likely break the jailbreaks that worked before. Another reason non MS will be killed in the commercial appspace. Companies just cant stop for 36 hours every time MS brings out an update.
This is the point the various monopoly commissions need to step in and kill this stone dead - if they dont its going to make the credit crunch look like a fender bender. Companies will fall left right and centre, destroyed by the very IT they rely on.
There is something even worse to contemplate. Lets assume, for example, Nokia drops WinPhone and keeps with Symbian and MeeGo. How hard would it be to introduce a bios level incompatibility? Ditto Android & even iOS. Syncing therefore impossible - or maybe modify Exchange to not talk to anything Linux based... And call it a bug, that we just cannot seem to fix...
If that happens there are two possibilities. Firstly, we all bend over and take it up the tuchus. Secondly - Microsoft single handedly make the desktop/laptop extinct. Whichever happens people and companies will suffer during the intermediate period and ultimately we all will as a result.
This is an extremely dangerous possibility and an entirely plausible one. And people wonder why I hate iFundies and the Steve they rode in on...
This has all the hallmarks of not just Microsoft but the whole "content" industry, whose efforts to ensure a secure copy-protected delivery chain at every stage from disc (or network) to screen have been so helpful to PC and TV users and content consumers in recent years. Not.
Apple make what are essentially unencumbered PCs -- which can be loaded with any OS you like. For the time being at least.
A Mac is just a perfectly standard Intel PC with the addition of a hardware EFI bootloader interface ... that's not a problem. You can run Linux, Windows or BSD Unix without a hitch either as a primary or secondary OS, as several comments have already mentioned.
What is being proposed here is that your hardware would be unable to run anything but the copy of Windows it came supplied with and NOTHING ELSE.
That's simply not the same thing, nor is it even remotely legal.
The whole thing smells of desperation on the part of MS.
The only benefit is to stop malware infecting your boot-up. As soon as the boot executables are nobbled, their signatures will change and the UEFI firmware will reject them. If the machine will only start securely signed bootloaders, it's therefore game over for the trojan trying to gain control of your PC during initialisation.
Unfortunately, there's no way (as it stands) to tell the difference between an unsigned malware-infected bootloader and an unsigned bootloader for Linux.
...there have already been cited instances of signed malware (indeed, malware signed with keys too ubiquitous to revoke--Realtek makes most of the mobo sound chips on the market; bye-bye sound?). What's to say some malware group enlists or worms a mole into Microsoft such that they can get at Microsoft's private keys? Or employ GPU-augmented botnets to find weaknesses in the signing algorithms? Either way, the end result would be a SIGNED malware bootloader. THEN what?
Won't work. Ever.
Just like the DVD scrambling didn't work, and ditto for Blu-ray, PS3, HDCP, printer-ink cartridges, iOS, etc... People will break / leak / work around the keys.
There are already virii that tamper with the BIOS. There are already Virii that get around only signed software installs / drivers, etc.
What it will (possibly) do is make it harder for people to install any OS they want. Apple might be happy because machines won't run Mac OS X (without even more effort).
Windows / OEMs may change the keys from one generation of Windows to the next or between OEMs, etc. No putting new windows on old H/W; you have to buy new H/W. No putting that HP OEM Windows on a home-build or Dell box.
Maybe even stop people putting old Windows on new HW. Enforced upgrade cycles are good for everyone (except the customers).
Instead of assuring only windows will be allowed to boot, why not lock up the boot sector with a switch that has to set. For the consumer who in smart enough to install a new operating system, setting that switch will be no real big deal. Unless this switch is set, it will be impossible to modify the boot record. Just a thought