back to article Microsoft dragging its feet on Linux Secure Boot fix

The Linux Foundation's promised workaround that will allow Linux to boot on Windows 8 PCs has yet to clear Microsoft's code certification process, although the exact reason for the hold-up remains unclear. As The Reg reported previously, the Secure Boot feature of the Unified Extensible Firmware Interface (UEFI) found on …

COMMENTS

This topic is closed for new posts.

Page:

Megaphone

Re: Windows 8

You can't disable secure boot on all systems.

1
1
Anonymous Coward

Re: Windows 8

"You can't disable secure boot on all systems."

Then buy a system where you can disable it. (Isn't that supposed to be a requirement for Win 8 certification or something, funnily enough?) I imagine the resulting loss of sales will encourage manufacturers to reconsider their stance, and the continued sales will encourage those who allow people the choice.

4
2
Happy

Re: Windows 8

Funnily enough that's almost exactly what I did with my new Asus N56vm. Except it was originally Windows 7 with UEFI.

Now it's Ubuntu 12.10 with a Windows 7 in VirtualBox if I need it (which is not very often)

0
0
Silver badge

Re: Windows 8

"You can't disable secure boot on all systems."

Specifically, you can disable it on all x86 platforms (i.e. PCs). You can't on ARM devices that come with WindowsRT installed.

2
0
Mushroom

Re: Windows 8

"I imagine the resulting loss of sales will encourage manufacturers to reconsider their stance"

I think, in the manufacturers' reality we are light years away from reconsideration. The manufacturers need the volumes Windows brings and even more so as the margins they get from the Win-hardware are minuscule. There just isn't any remarkable alternative/channel to offer the volumes, that an OEM could abandon Win8-label/OEM-contract for sustainable revenue. And that is the position Microsoft takes full advantage of and has nursed it well for taking it over the PC business as witnessed here.

The episode put simply; this is the end of an open PC era. There are now only Apple and Windows computers available easily. This is a take-over of PC brand as an open platform as people, especially techs, are used to think about it. And as this is a tech forum, there are and will be hugely Microsoft-fans among techs, who don't give a s* for alternatives, what should also make a point to a tech to think about.

I just think that playing with Microsoft and Apple for "their" hardware to be useful with alternatives is just worthless when thinking in scales. The options like cracking the Secure Boot or playing the games Microsoft sets just don't work in scales. Something big needs to happen and I can't see any of that big yet, but this Microsoft's move will certainly raise needs for the big to happen and that is good.

The big needs to take a feasible piece away from Microsof's OEM stranglehold ie. Microsoft needs to set up its own hardware and channels like Apple does. And that I find Microsoft's disadvantage. They really need to maintain the general attitude toward Windows as an open platform, at least more open than Apple. Now a buyer has alternative brands to choose hardware to run Windows and now that is more than enough for many. But the game isn't over.

The big could come from Google, since I find that Microsoft's position and history of actions does warrant Google for actions here. But what I can tell, it seems that Google has only toyed with something like Google-terminals for its services and Google may be pleased with and set to Android. And I, at least, am not interested in yet another game console alike.

Another approach may come, or may not as this is pure speculation about the big, from the change of the ISA platform as what goes as PC platform in future. The change may open the game better for ARM and for other specifications/chips and for game setters. Intel may not like this much and warrants its actions to maintain the open PC platform as we are used to know it.

UEFI Secure Boot and Microsoft's position over the signature key are definately a hallmark in PC business as open technical platform and as an platform to make business free from players like Microsoft.

This is just my interpretations. I may be wrong and do not warrant for any correctness and/or suitability to others mindset, get it as "as-is" as usual in software licenses.

1
0
Silver badge
Go

Re: Windows 8

Here is what is going to happen when I buy UEFI computer.

Or try and buy a computer without Windows 8 to start with.

Or what will work for the technically able of us:

Buy a server system which is offered for sale without an OS and stuff it full of RAM.

Disable secure boot and install Linux or *BSD of choice

Run virtual machines in it.

0
0
Silver badge

Re: Windows 8

"There are now only Apple and Windows computers available easily."

There is absolutely nothing preventing you from starting a business selling PCs with a Linux distribution pre-installed. Or indeed with no OS installed. Secure Boot hasn't changed that in the slightest.

1
1
Megaphone

how to disable this secure boot

that's all I would like to know. I don't care anymore what operating system or logo is on my computer. Just let me not be hassled please. I don't care about the user interface either....Microsoft are a dinosaur and besides windows and midtown madness...I really don't care for their software.

I'm ready for the commodore 64 with the SID chip.

2
0
Silver badge

Re: how to disable this secure boot

"how to disable this secure boot that's all I would like to know"

When you power up the computer, press the key to enter set up. Typically <F1>. Then mouse or cursor to the option saying: "Secure Boot: Enabled" and toggle it to "Disabled" or "Off". Exit and let the computer start up. It's much like changing the boot device in BIOS.

3
0

Re: how to disable this secure boot

And if the user can do it, any malware that gets into kernel mode can do it.

1
0
Silver badge

Re: how to disable this secure boot

"And if the user can do it, any malware that gets into kernel mode can do it."

No. Because kernel mode doesn't have access to change the UEFI settings. The user does it by going into UEFI on power-up, just like they would go into BIOS and changing a setting. Just because the OS says something can be done, does not mean that the firmware will agree.

1
1
Anonymous Coward

@Blue Philly Maraj - Re: how to disable this secure boot

It's not how you do it that matters, it's IF you will be allowed to do it.

0
0
Silver badge
Big Brother

And I have this habit of assembling my own computer

The last time I bought a complete desktop PC, it was a very early Tandy MS-DOS machine. Ever since, I have been assembling the things from parts, maybe saving a few quid on the cost, and knowing I can replace anything. My previous machine ran XP, and eventually became too old as standards changed--PATA replaced by SATA for instance. I have this uncomfortable feeling that Windows 7 is the last in the chain, still the familiar UI and handling modern features such as 64-bit software and multiple processor cores. And the networking drivers are a lot better than in XP.

How is UEFI going to affect that?

As for dealing with Microsoft, sup with a long spoon. I pretty much only have Internet Explorer on my system to connect to Microsoft's web sites. It doesn't really surprise me that the Linus Foundation is having problems, and some of it could well be down to their way of using Windows.

I can think of quite a few software outfits, from Microsoft down, and including a few Linux distros, which have the "my way, or the highway" attitude. It works if you have the sort of monopoly Apple and Microsoft have. When it's the hardware+software combined, as Apple do, the end result can be worth it. But it does have a cost, for all of us.

In the end, we're all different, and there cannot be a single universal solution. But that is what Microsoft are trying to be.

1
1
Silver badge

Re: And I have this habit of assembling my own computer

"How is UEFI going to affect that?"

It wont. Also, by UEFI, I presume you mean Secure Boot which is actually only a smallish part of UEFI. You can just turn Secure Boot off. Unless you are building your own ARM devices.

2
0
Anonymous Coward

FFS

Just get your PC from Novatech without an O/S and install your own. Bypass all this M$ nonsense

3
0
Anonymous Coward

"Linux Foundation must first obtain a binary executable of the pre-bootloader that has been properly signed using a Microsoft-supplied key"

They call this progress, take me back to my old 8bit Amstrad.

1
0

This post has been deleted by a moderator

Anonymous Coward

Re: I Told You So!

@Edon - That's because you are anti Microsoft and you don't know what you're talking about.

Like many OS zelots (and I include pro-Windows types as well) you give the OS that you "support" a bad name by being so knee-jerkily, conspiracy theory, know nothingly over the top in your comments about "the enemy".

1
1

This post has been deleted by a moderator

This post has been deleted by a moderator

Silver badge
Flame

Summary of the "problems"

So reading the article the show stoppers are:

(1) The signing process requires uploading from a Windows machine. Perhaps galling if you want to avoid having one in your house for reasons of principle, but from a practical point of view I find it ridiculous that the people in charge of getting Linux code signed should hold this up as a difficulty. XP, Vista and Win7 machines are ten a penny. If it's for a good cause, I have one that they can have.

(2) They have had to create an account with Microsoft. This is so stupid an objection that they should be ashamed to raise it.

(3) The signing Terms and Condiitions are incompatible with GPLv3. Well so is a good portion of most Linux distributions Linus Torvalds and most of the top Linux Developers are against licensing Linux under GPLv3 and for some of the same reasons MS can't allow it under their Terms and Conditions. GPLv3 has some major blocks when it comes to patents and DRM. This as an objection is both unreasonable and it is unnecessary as most (all?) GNU/Linux distributions are actually under GPLv2.

(4) The signing process hasn't worke and they're still waiting for MS support to get back to them. We're missing some details here. Did it fail because the people uploading are unfamiliar with the process and did something wrong? Or is it buggy software? And how long have they been waiting? Did they file this three months ago or was it last week?

Of these listed objections, only the last one may or may not be valid depending on the details. One thing I am confident of, is that if it turns out Bottomly was doing something wrong, we wont see headlines on it or scores of posts here angrily blaming him or lack of a signed Linux bootloader (even though it would have turned out he was culpable rather than MS).

2
7
Anonymous Coward

Re: Summary of the "problems"

Quite. E.g. "there was no way for Bottomley to submit the Linux Foundation's pre-bootloader without loading up Windows 7 in a virtual machine". Or using one of over a billion machines in the world that have Windows installed.

1
3

Re: Summary of the "problems"

I completely agree.

From the article "As near as Bottomley can tell, there's a problem with the key he has been trying to use to sign the software, but the most he's heard from Microsoft has been, "Don't use that file that is incorrectly signed. I will get back to you.""

So either there is a problem with the key that he has been issued with, or that he is using it incorrectly. Either way it does not feel that this is evil at work.

1
1
Silver badge

I will give it until the new year before secure boot is blown wide open and microsoft keys are leaked by some Chinese hacking site, heck its taken less than a month for someone to bypass Windows 8 activation with the media centre download.

3
0
Black Helicopters

Don't like windows 8? Tough, you can't run anything else.

I think that Microsoft are doing this because they know how bad windows 8 is, and that a lot of people aren't going to like it, so are preventing people 'jumping ship' onto linux. I know that for a lot of people, vista was the big tipping point that made them try other things, such as ubuntu, and I know many of them that haven't looked back since.

3
1
Silver badge
Linux

Re: Don't like windows 8? Tough, you can't run anything else.

You are totally correct. Microsoft care more for their Hollywood chums than their customers. Vista was spyware and W8 will no doubt be the same.

http://www.zdnet.com/microsoft-patent-spies-on-consumers-to-enforce-drm-7000007102/

I will never use Microsoft products again.

2
1

Re: Don't like windows 8? Tough, you can't run anything else.

All the user has to do is to disable secure boot in the UEFI, and they can install whatever they want. I feel that if someone gets to the point that they are happy to replace their existing OS with completely different one, asking them to change 1 setting when the machine boots is not the end of the world.

1
1
Anonymous Coward

Re: Don't like windows 8? Tough, you can't run anything else.

That's all very well unless you want to dual-boot - if you disable Secure Boot then Windows 8 won't start.

Plus it's confusing for non-techies who want to try Linux - all the blurb online says "Just pop the CD in your drive and reboot". Having to describe how to disable Secure Boot in any of 500 different kinds of UEFI/BIOS setup screens is going to be more tricky.

7
0
Thumb Down

Re: Don't like windows 8? Tough, you can't run anything else.

FUD Windows 8 will quite happily start without Secure Boot, it just has to be enabled by default on an OEM machine.

1
3
Silver badge

Re:Re: Don't like windows 8? Tough, you can't run anything else.

So if you buy a machine with Win8 from an OEM it will NOT boot any other OS. So, if MS can get win8 installed on all new machines you will have to pay for Win8 and you wont be able to dual boot with it.

Not FUD - MS business plan.

4
1
Silver badge

Re: Don't like windows 8? Tough, you can't run anything else.

"That's all very well unless you want to dual-boot - if you disable Secure Boot then Windows 8 won't start."

Seems massively unlikely that is true. You can install Windows 8 on machines without Secure Boot, after all. Evidence please.

1
2
Silver badge

Re: Re:Don't like windows 8? Tough, you can't run anything else.

"So if you buy a machine with Win8 from an OEM it will NOT boot any other OS."

This is incorrect. Just go into UEFI and turn off Secure Boot. It's very easy, no different to swapping the default boot device.

1
2
Anonymous Coward

@AManCalledBob - Re: Don't like windows 8? Tough, you can't run anything else.

What gives you the confidence to assume all PC hardware manufacturers will allow you to disable secure boot ? Microsoft suggested them they can do it not that they must do it (after all they can't dictate to OEMs, can they?).

0
0
Silver badge

Re: @AManCalledBob - Don't like windows 8? Tough, you can't run anything else.

What gives you the confidence to assume all PC hardware manufacturers will allow you to disable secure boot ? Microsoft suggested them they can do it not that they must do it (after all they can't dictate to OEMs, can they?).

MS have specified that you have to be able to turn off Secure Boot if you want to advertise your PC as certified by them for Windows 8. That's a fairly powerful marketing draw. Besides which, what would OEMs have to gain by making their product less able than a competitors?

1
2
Anonymous Coward

This UEFI thing...

...why do I get the feeling it'll be a complete flop?

1
0
Silver badge
Facepalm

Re: This UEFI thing...

...why do I get the feeling it'll be a complete flop?

UEFI is a stupidly top-heavy spec that contains provisions for (for example) adaptor ROMs on expansion cards written in interpreted languages so that the code can run regardless of the CPU of the machine into which the card is installed. Almost nobody (outside Intel, where they worry about Itanic getting sidelined) has ever needed that in the past, and even now that ARM is becoming more significant in the desktop and server markets it will be needed by very few.

Unfortunately, though, the GUID partition table -- the format that's currently needed to enable a system bootable from a hard drive larger than 2.1TB -- is a part of UEFI, and no manufacturer has had the balls to implement support for GPT without the rest of UEFI. We need GPT, or something like it, but we arguably do not need (most of the rest of) UEFI. Secure Boot is actually one of the better bits, or could be, if it were used as intended to protect the user's interests rather than the OS vendors interests and those of media publishers.

I do agree that it's a little silly that my nice modern desktop still has to boot using a 16-bit BIOS before loading the 64-bit OS ... but while we're on the subject of aphorisms I have one of my own:

If it ain't broke, don't fix it!

3
0
Silver badge

If it ain't broke, don't fix it!

But its windows that's broken but MS don't know how to fix it so they're going to take the footballs home with them - everyone's football.

1
1
Silver badge

Re: This UEFI thing...

"This UEFI thing... why do I get the feeling it'll be a complete flop?"

Possibly because you don't understand the difference between UEFI and Secure Boot and aren't aware that pretty much all modern x86 motherboards are shipping with UEFI instead of BIOS and that this has already been the case for some time. I have a motherboard here I bought about a year ago. And it has UEFI. Quite possibly you are using it now as well.

1
1
Boffin

GPT

In passing, you don't need a UEFI BIOS to support disks >2Gb with Linux, provided you are happy with the plural. Once a linux kernel is up and running, it'll handle a disk with a GPT without any use of the system BIOS.

So boot off an SSD for a faster system. Or load your kernel from a USB memory stick if you want it cheap. Or off a CD (try root-kitting that!). Or even put that old 80Gb drive back to use.

0
0
Silver badge

Re: GPT

"In passing, you don't need a UEFI BIOS to support disks >2Gb with Linux, provided you are happy with the plural. Once a linux kernel is up and running, it'll handle a disk with a GPT without any use of the system BIOS."

That's actually the same as under Windows. It's the "up and running" part that UEFI solves. With either Linux or WIndows, you can't boot off a disk 2TB or larger (note, you wrote 2GB, this is incorrect). WIth UEFI, you can (under either).

1
1
Megaphone

Hmmm...

People often ask, is it Microsoft compatible. Maybe we should be asking if Microsoft is compatible with a real world that is cross-platform. Do they really make any effort to be compatible? Seems to me they MS up standards, not to improve them, simply as a barrier to compatibility. This latest debacle will problem end up in court as with so many others, the problem is court proceedings often take years and as Microsoft know well judgements come to late. If there were a legal equivalent of a red card Microsoft would have had it enough time to be looking at a lifetime ban from any kind of sport. Some will say, yes they play to win.... but they don't even play by the same set of rules as the rest! Still, their empire is crumbling.

6
0
Anonymous Coward

The right way is for distros to sign their own code with their own keys and let the user add the distro's keys! Anything else is a ducktape-and-string bodge job.

1
0
Anonymous Coward

Get an Apple Mac?

Special HW plus they don't get Viruses anyway so no need to get the UEFI thingy!!1111

0
0
Anonymous Coward

Re: Get an Apple Mac?

Apple Macs have been UEFI, not BIOS for a long time, not sure how long, but my G4 PPC (ancient in Mac terms) is UEFI.

1
0
Anonymous Coward

IE/ Proprietary Malware

I pretty much only have Internet Explorer on my system to connect to Microsoft's web sites.

Whereas I only have Internet Explorer to download another browser.

1
0
Thumb Down

Pretty sure its not malice

Having read the original blog post it appears that Microsoft have given Linux Foundation a signed binary, however accidentally signed it using their own identity rather than that of the Linux Foundation - whoops!

So the Linux Foundation are currently in the position where they could release (or leak) a working bootloader, but they have chosen not to because they don't want to piss Microsoft off - information completely missing from this article.

0
1
Black Helicopters

Re: Pretty sure its not malice

Hmmm. From a black-helicopterist perspective, that's the cost of employing someone incompetent on purpose, so you can't get hit with a monopolies lawsuit and made to fund a not insignificant part of the EU's deficit.

0
0

This post has been deleted by its author

OSC
Linux

From the archives

Want control of your next PC? Don't wait, complain now

http://www.opensourceconsortium.org/content/view/172/89/

1
0

This post has been deleted by a moderator

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2018