back to article Windows 8 hardware rules 'derail user-friendly Linux'

The question of whether Secure Boot technology in UEFI firmware could exclude Linux from PCs running Windows 8 has taken a fresh twist. Red Hat engineer Matthew Garrett, one of the first to flag up the Unified Extensible Firmware Interface issue, has blogged that Microsoft's rules for certified Windows 8 hardware do not make …

COMMENTS

This topic is closed for new posts.
  1. Doug Glass
    Go

    As advertised ...

    ... Linux is perfectly happy on old computers with low performance marks. I'll just keep using it on my old AMD 3200+XP dinosaurs and be perfectly happy as usual.

    1. John Robson Silver badge

      Except in ten years time when that fails and there is no longer any way to get anything other than Wondows 9 (because why would they upgrade after that?)

    2. frymaster

      Linux will work just fine on new stuff as well

      ...just that, IF YOU BUY A COMPUTER WITH WIN8 ON IT, you'll have to turn off the signed bootloader thingy.

      Talking about messing with the keys is a red herring; if you want to do signed linux, you were always going to have to install your own keys, and even if the UEFI spec doesn't specify how this is to be done, it ain't Microsoft's job.

      They key points is that MS have said that to get their shiny sticker on OEM PCs, they not only have to ship with a way to turn off these security features, but they have to be customisable. This will, in fact, make key-signed linux MORE likely than it would have been last week.

      As to the ARM stuff, in the abstract this is annoying. But in reality, I can't see the presence or absence of the ability to load linux onto win8 phones and tablets affecting me one way or the other.

      1. Anonymous Coward
        Anonymous Coward

        @frymaster - Actually we are not concerned

        about this thing affecting you, so why are you posting here ?

      2. John Robson Silver badge

        RPi

        That's all (Yes I know they don't care about win8 certification, but the system idea is right, and if the SoC manufacturers want to put Win8 on then you're screwed.

      3. rleigh
        FAIL

        "As to the ARM stuff, in the abstract this is annoying. But in reality, I can't see the presence or absence of the ability to load linux onto win8 phones and tablets affecting me one way or the other."

        ARM isn't restricted to "phones". There is also the matter of tablets, laptops, and potentially even desktops to consider. What about general purpose boards such as the Raspberry Pi, which are also ARM? It's a general CPU architecture, not a class of products. If the OEMs are forbidden to allow modification of the allowed keys, it will be impossible to boot anything except Microsoft-signed code on these systems, and that *is* certainly something that would affect people. It's a requirement for using the Windows logo on the hardware, which is a big commercial incentive to lock down the hardware, or else it has the appearance of not being approved for use with Windows, even when it's perfectly supported, which could have a commercial impact if it affects sales. Thus Microsoft achieves total lock-in on the platform.

      4. Paul Crawford Silver badge

        @frymaster

        You are seriously short sighted!

        "As to the ARM stuff, in the abstract this is annoying. But in reality, I can't see the presence or absence of the ability to load linux onto win8 phones and tablets affecting me one way or the other."

        What happens when nice laptops come out with win8 and long battery life from an ARM processor? Locked to MS-only and Linux must make do with the old Intel stuff.

        Furthermore, the MS requirement only *allow* non-MS signed x86 booting, they don't *require* it, and one can imagine that secretly they will pressure OEMs to not support it.

        It is high time that the EU or whatnot mandated all computer devices have a free way to disable secure boot should the user want to try another OS, or use a Linux-based recovery CD or similar. Most don't care, but it will eventually strangle any sense of freedom in computing in 5-10 years time.

        1. vincent himpe

          Linux must make do with the old Intel stuff...

          anyone for designing an open source cpu ? intel compatible ?

          with the effort being put into linux , this should be piece of cake right ?

          1. Mark 65 Silver badge

            I can see yet another EU court case in the offing for Microsoft - they just do not learn. Whilst any restrictions on the unlocking of Intel boards will be on the manufacturers head the ARM statement surely amounts to some form of trade restraint or competition blocking, yet again.

        2. Sean Baggaley 1
          FAIL

          You must be fucking joking.

          "It is high time that the EU or whatnot mandated all computer devices have a free way to disable secure boot should the user want to try another OS,"

          The original IBM PC—from whence all modern Windows boxes came—was NEVER intended to be an "open" platform. It was supposed to be a closed platform, just like Apple, Atari's computers, Commodore's, Acorn's, Sinclair's, and every other bloody computer around at the time.

          The only reason there's a "PC clone" (for that's all modern PCs are) market at all is because Compaq (and, later, other companies) reverse-engineered their own compatible BIOS ROMs using a clean-room process.and invented the "PC-compatible" market, but—again—HP, Compaq, Dell and their ilk have never, EVER, been remotely interested in letting you install anything other than the de-facto standard software bundle on these machines—i.e. MS-DOS, Windows, and its successors. (Dell were infamous for customising some of their hardware and drivers, so their PCs weren't really as "open" as many people claim.)

          These companies have tried to offer alternative software bundles, but every time they've run into the law of diminishing returns: the market for alternative OSes simply isn't big enough to justify the investments and support costs. Most people simply aren't aware that something called "Linux" even exists, let alone what it is. Hell, many people out there will blithely write "Microsoft Office" in the "What is your operating system?" field on a PC support site.

          Most people are *ignorant* of IT theory and practice. That doesn't make them "dumb", "stupid" or "brain-dead". It just means they don't share your interests.

          To this day, I still have no idea how Cricket works, or who won the FA Cup last time around. I find the whole concept of watching other people exercising and keeping fit utterly absurd and stupefyingly dull. But I don't go around demanding people stop doing it. Whatever floats your boat.

          But I _do_ get annoyed when people insist that their "freedom" trumps _mine_, and everyone else's.

          "Freedom" is a two-way street.

          It includes the _freedom_ to make *any* product *I* damned well choose, and design it how *I* want. I then get to manufacture it and sell it to the public. *I* carry ALL the risk, because, if I've misjudged the market, all the capital investment I'll have made will be lost and I'll be bankrupt. The *market* decides whether I get to be spectacularly rich, make a basic living, or lose my home and the shirt off my back. If you disagree with that, you, sir, are a hypocrite. End of story.

          If you want a computer that comes ready-built with Linux (or any other third-party OS), or onto which you can install same, the onus is on YOU to build such a machine, or find someone who is willing to build it for you. If you think your pet OS is so shit-hot, why don't you put YOUR money where your loud mouth is and build your _own_ range of PCs? Offer them to the public, and watch the money pour in! (I can think of a few ways you might be able to pull it off, but none involve following the traditional PC industry sales models. Hint: Red Hat.)

          Like it or not, you have no right to demand that _other companies_ sacrifice _their_ design freedoms to meet your petty demands.

          Get off your arse and build your own PCs. Nobody's stopping you. Not even Microsoft.

          1. Vic

            > It was supposed to be a closed platform,

            There was an awful lot of detail (including schematics) in the blue Tech Ref manuals for a closed platform...

            Vic.

            1. hazydave

              Indeed.

              Of course the original IBM PC was intended to be open. It was open in the sense that IBM published anything you would need to put your OS on the hardware. No, it wasn't intentionally cloneable... well, other than the fact that, unlike many other personal computers, every part of the IBM PC was off-the-shelf, TTL-Databook or Intel Catalog stuff.

          2. Richard 12 Silver badge
            WTF?

            @Sean Baggaley - You the "fucking" joker here.

            Microsoft appears to be abusing its monopoly status to try to hold onto to x86 market through deliberate stifling of any possible competition, and is further trying to leverage its x86 monopoly to create a monopoly on a whole new system architecture, namely ARM.

            That is illegal, and they've been prosecuted and found guilty of this several times before.

            Abusing a monopoly to stifle competition results in every single customer suffering - you end up with shitty products at very high prices, because the monopolist has no incentive whatsoever to improve and can jack up prices almost indefinitely.

            If it was a minority player suggesting these clauses, then it wouldn't matter.

            However, Microsoft are a practical monopoly for both desktop OS and desktop "office" applications, and these measures look very much like they are trying to leverage those monopolies to get more monopolies - which is illegal in the US, the EU and probably other places as well.

            1. Arctic fox
              Headmaster

              @Richard 12 With all respect this is not a rerun of the nineties.

              As far as the tablet market is concerned MS are entering into a market that already has two powerful well established players, one of whom has a *very* dominant position in that market. There is IMHO (whatever Microsoft's intentions/wishes) not a cat's chance in hell that they will be able to pull the same stunt in the ARM-based tab market that they managed twenty something years ago in the pc-market.

              1. DJ Smiley

                Oh no?

                Xbox. Orginal..

                Two big players, Sony and Nintendo.

                MS Came out of NO WHERE and blew them, and the world (gaming world) away. Of course there has been various issues form the very start, but they did exactly what you've described. They've got enough money to be able to do so, and they'll do it again easily too.

          3. Richard 12 Silver badge
            FAIL

            Incidentally, they are stopping me building my own PC

            Or at least making it a lot harder than it should be.

            When I last built my own PC, I didn't design, route and manufacture my own motherboard - I bought one from the likes of Asus/Gigabyte etc and it had a Windows Logo thingy on the box.

            By the ARM clause, if I was building my own ARM PC, then buying an ARM motherboard with a Windows Logo on it means I cannot install *anything at all* onto it except Windows 8.

            It also sounds like the converse would be true, meaningthat I cannot put Windows 8 onto ARM unless it's Logo'd.

            Even though it's my damn PC that I am building, Microsoft are taking away my choice of OS to put onto it.

            Equally, the x86 clause means that my new x86 motherboard won't let me install Linux (or even a retail Windows XP or Windows 7) on it until I mess about in an optional configuration tool.

            - If I'm unlucky, then that optional tool may not even exist and I might not find out until I try to use my new motherboard. Then I'm in the mess of trying to return it (and spreading the word not to get that particular one)

            It's abusive and unnecessary.

            I mean, how many boot-sector rootkits are common in the wild anyway? And what exactly is wrong with a simple warning "boot sector changed, did you install a new operating system?"

            - I don't think UEFI even gives you a way to roll back a nasty boot sector change anyway, so rootkits would just brick the computer on next boot. Not exactly a friendly response!

            - I wonder who your "average" user will blame if their PC suddenly refuses to boot with a UEFI "Unsigned kernel!" critical error.

            1. Anonymous Coward
              Anonymous Coward

              @Richard 12

              You're not going to be able to buy Windows 8 ARM and a logo'd motherboard it runs on separately at all- the same way you can't buy an Apple A5 motherboard and a DVD of iOS separately. (You want a hackable ARM machine with Linux, might I suggest the Raspberry Pi?)

              Non-Windows x86 gear will still be made. Strangely enough, Linux is actually used quite a lot in the real world.

          4. lambda_beta

            And you're the joke!

            You sir have no idea of IT history. MS, Apple etc. 'stole' from so many, and created an industry to make money - nothing more, nothing less. These companies have contributed nothing to the technology. Even the media created saint, Jobs, stole from Xerox Star to create Lisa. The biggest attribute that Apple has is repackaging. MS bought out so many companies to 'create' all their software (and I mean all), because they rode on the coattails of IBM.

            These companies are not sacrificing their software or design because they have none. They are out to make money by not allowing ANY competition.

            You are so clueless about these matters. Get off your arse and learn a little about technology.

      5. Richard Plinston Silver badge

        ARM not ony tablets

        ARM is not just for phones and tablets but may also be used in servers. This is advantageous as the server can have dozens or hundreds of CPUs which can be switched off when not needed. The power savings of ARM, plus switching off, would make this attractive for many types of server.

        However, buying Windows licences, on a per CPU basis, would make this uncompetitive, unless there was some way of making this compulsory.

        1. hewbass
          Coffee/keyboard

          Realistically though: making your ARM based server product Win8 certified is going to cost you more sales than you would earn (and even taking the same product and making a special version for Win8 certification only will cost more in inventory than you will gain in sales), so I don't see this as an issue.

      6. David 14

        ... its not just about a Win8 phone, but how about a tablet that you buy and then decide, hey, I want to run Android on it?

        Also, as the Win8 OS is moved to other hardware devices such as Thin PCs and maybe some home theatre devices, etc... which would more than likely be ARM based as well, they are locking out the Linux or other OS enthusiast from the hardware.

        This is the type of behaviour that has got them in trouble with various governments in the past! It seems that threats of anti-trust legislation is all that stops MS from doing such underhanded things!

    3. robin48gx
      Go

      GRUB

      Sounds like we need one key. To run a modified GRUB as the alternative OS that can then find other bootable images.

      This means that each distro won't have to obtain an expensive key from micros**t.

  2. Anonymous Coward
    Anonymous Coward

    Micros~1 wants to be Apple for a song

    Apple builds its own hardware and software, then tells you you can't just take different hardware and run their software on it, because their margin is in the hardware, not the software.

    Micros~1's margin is in the software and has always had world domination tendencies, so now trying to own the hardware, too, is not that much of a surprise. Minor detail: They don't actually own that hardware. That arguably makes it theft.

    If this particular scam isn't illegal, it should be. It might even be abuse of market power and thus monopolism or cartelism or whatever the legal term is. Mere promises here aren't good enough. There needs to be a strong incentive to not take away control from the owner of the hardware.

    The irony here is withering. The reason micros~1 got big in the first place is that IBM owned the platform but left all but the BIOS open enough for easy copying, reducing cloning to coming up with a functional IP-free replacement for that bit; Compaq was the first to do so. That enlarged the OS market for that platform, a cozy asset that IBM neglectfully gave away to micros~1. So now they're trying to not merely keep their position, but to shuffle away the keys to your owned hardware as well.

    Even if Joe Average User cannot be expected to understand this, he just might find later he couldn't afford to let it happen either.

    1. Anonymous Coward
      Anonymous Coward

      Micros~1 = funny

      1. John Sanders
        Devil

        From now on....

        I will never write Micros~1 again...

        I mean Micros~1... dammit!

        Micro~1... wow.

    2. Anonymous Coward
      Anonymous Coward

      Load of cr....

      So you vent your anger a microsoft for trying to control the hardware on wich windows run? your venting on the wrong company.... Apple is culprit for this practice.

      you don't want MS to mess with your bios? don't buy a computer with windows 8 pre-installed.... simple.... same goes for Apple, don't want grossly overprived hardware on top a freeBSD with a candy interface? don't buy Apple.

      your rant sink like rock......

      1. Anonymous Coward
        Anonymous Coward

        Hold on...

        *takes stick, turns it round and hands back*

        there you go!!!

        Now correct me if i am wrong, but does he not mention the fact that Apple do this??? What he then goes onto explain is that MS are now trying to do this.

        We all know and hate/love the fact that Apple do this, that is clearly evident in the number of posts for and against Apple's "walled garden" approach throughout a vast number of threads on here.

        your rant sinks like a rock...or is that sank like a rock?

  3. Jim 59

    Never

    The proposed system will never happen in any recognisable form. It's basically microsoft asking the industry to give it a second monopoly on desktops and servers. it will fail.

    1. Anonymous Coward
      Anonymous Coward

      No, it isn't.

      It is MS trying to break out of the situation they are in where industry standards and expectations are that windows will support almost everything it ever has done. That is why it is so bloated, that is why other OSs perform better.

      They tried to lock down the OS starting with vista so that 3rd parties found it harder to fuck up their code with dodgy drivers and software(which is the cause of most windows problems) only to have people scream and shout during beta testing that they couldn't install their legacy hardware or software because the manufacturers of that were too far behind, hence the speedy rewrite followed by years of problems caused by shoehorning legacy support into a system not designed for it.

      If MS were allowed to release software like Apple can then it would be a much better OS and locking software to your hardware will have virtually not effect on the majority of users. It's just a shame that the vocal minority always seems to win.

      1. Anonymous Coward
        Anonymous Coward

        @Micky 1 - You're totally off topic here

        It is not about Microsoft supporting something in Windows, it is about Microsoft preventing the replacement of Windows on generic hardware.

        Also :

        1 - Apple can do whatever they want with their software on their own hardware

        2 - Apple does not in any way prevent the installation of other OS on the hardware they produce.

        1. Zippy the Pinhead

          "2 - Apple does not in any way prevent the installation of other OS on the hardware they produce."

          Ummmm yes they do.. which is why you have to jailbreak their devices.

          1. Anonymous Coward
            Anonymous Coward

            Anyone trying to run Linux on an iDevice is doing so for the lulz

            or they would have bought an Android of comparable specs.

            1. Vic

              Re: Anyone trying to run Linux on an iDevice is doing so for the lulz

              Not *entirely*.

              I have an iMac G5 running Fedora. I installed that because OSX kept failing to boot.

              Eventually, I found that it is complaining about a fault code (from the PSU, I believe). Shaking it hard enough gets it to boot eventually - at which point it is perfectly stable. But Fedora was much easier to get going...

              Vic.

          2. toadwarrior

            not phones

            He's talking about computer. Osx devices are completely open for any OS. iOS devices aren't but the same can be said about many mobile devices.

      2. Ben Tasker Silver badge
        FAIL

        @Micky

        "It's just a shame that the vocal minority always seem to win"

        This is exactly what Monopoly legislation exists to ensure. MS have a monopoly on the desktop, therefore most if not all OEMs will bend to their every whim. Why on earth should they be permitted to extend that monopoly by making changes which will make it even harder to run something else?

        Microsoft are (AFAIK) perfectly at liberty to release a MS PC, with a version of Windows designed specifically for that hardware. Hell, they can even lock that version to their own hardware stack. _That_ would be doing what Apple do. Trying to knacker the PC market for anyone not wanting to run Windows is something entirely different.

        Oh and incidentally - why do you think that standards and expectations are the way they are? Could it be because Microsoft pursued that course? It's also got fuck all to do with whether or not we need UEFI. UEFI is about ensuring that only valid signed code can run at boot, RTFA and you'll see it's intended to stop rootkits etc. It has no bearing whatsoever on their support (or lack of) for legacy code.

        I initially assumed you were a shill, but looking at your post it seems you are instead very pro-MS but willing to discuss other topics. So I'll just call you misguided instead!

      3. Marshalltown
        Thumb Down

        @Micky1

        The cause of most of Microsoft's problems is Microsoft. They're arrogant, pushy, dictatorial and demanding. If you are an older PC computer user, then you contributed to their profit margin whether you used their software or not. They used to say, "Oooh, those 'pirates' are stealing our DOS operating system, we need the rest of the community to compensate us!" Consequently if you bought an MB or a CPU, M$ "taxed" you for it. Which, in turn, encouraged "piracy," since, why buy another copy from M$ when you had already PAID for one.

        1. Mectron

          Ok so your buyinng...

          a AMD CPU and ASUS MOBO..... AMD and ASUS are giving money (or used to) to microsoft......

          now let's the proof of that ridiculous and groundless acusation? buying a OEM computer with windows or dos on it IS NOT the same as buying the parts.... the later will NOT result in ANY MONEY been given to Microsoft UNLESS THE END USER BUY A COPY OF WINDOWS/DOS

      4. toadwarrior

        tough luck

        Sorry but MS created their monopoly largely through creating a dependency trough legacy support. That's the whole reason many people use their junk. You can't just turn that off and expect people to be happy.

    2. Anonymous Coward
      Anonymous Coward

      @Jim 59 - I'd rather say it is Microsoft

      forcing the hardware manufacturers to give up what's left of the control they had over their products. Looking at how enslaved by Microsoft computer OEMs are at this moment, I'm seriously worried. Don't take my word for it, just remember how hardware specs for the netbooks were castrated at Microsoft request (after successfully preventing the use of Linux), turning that class of computing devices into a joke.

      We all know what happens to those who forget history.

    3. frymaster

      Um, have you actually read this?

      I can't help feeling you haven't actually read the article.

      Microsoft are explicitly saying that OEMs won't get the shiny sticker unless both the orthodox way (no bootloader signing) and the new way (add your bootloader's keys to the firmware) of installing other operating systems are supported. What they are insisting on is that machines shipping win8 do things the new way by default.

      If it's the whole idea of signed bootloaders you're objecting to, the UEFI forum published that spec in April 2011, and no one complained either before or after.

      In terms of lockdown, the ARM stuff is much more restrictive (apart from the fact that MS only has a couple of percent market share so isn't a monopoly in any way)

  4. Robinson
    Facepalm

    FUD

    Standard Microsoft tactic... fear, uncertainty, doubt. I saw precisely the same thing happen over OpenGL in Vista (the FUD was that it wouldn't work or be supported). In the end, it'll work fine and it'll be easy to do.

    I'm not anti-Microsoft by the way - in fact I love Windows 7 and will almost certainly get Windows 8, but you know, I'm quite long in the tooth now and have seen it all before!

  5. Anonymous Coward
    Anonymous Coward

    Embrace, extend, extinguish

    Classic Microsoft.

    Only, I don't think it's going to work in the days of pervasive interspazz. We'll see.

    1. Irongut

      pervasive interspazz?

      Is that some kind of universal person of diminished mental capacity?

      Explains the popularity of Hollyoaks, X Factor, Facebook, etc, etc, etc.

      1. Monkey Bob
        Coat

        No it's an emo band from Stoke on Trent.

  6. Velv Silver badge
    FAIL

    Do you SERIOUSLY believe people install Linux because "it's easy". Anyone who chooses to install a new OS or reinstall an old OS does so with a little bit of knowledge, and entering the "BIOS" or "UEFI" setup is not a major technical series of steps that is going to stop them.

    I understand there are competition concerns about secure boot, but at least find a defensible argument, not something stupid like "linux is user friendly"

    1. Martin
      WTF?

      Yes - I install Linux because it's easy.

      I can take a disk, plug it in, boot it - and it works. Then, once it's up, I can mess around to my heart's content. It automatically sets up a dual-boot on a Windows box,. too.

      If I have to somehow mess about with BIOS settings (which might also stop my Windows working) then it's one extra bit I frankly don't want to have to do.

      Linux IS user friendly these days. Anyone with half a brain can install it.

      1. Anonymous Coward
        Anonymous Coward

        "Anyone with half a brain can install it."

        "Linux IS user friendly these days. Anyone with half a brain can install it."

        And only someone with half a brain would _want_ to install it.

        1. C-N
          Mushroom

          HO HO HO! You're killing me. Stop it! No really, that was just too funny. What are you? A comedian?

      2. Anonymous Coward
        Anonymous Coward

        oh well

        I dual boot to Linux on several of my computers. If uefi prevents me from dual booting to Microsoft, I will just get rid of my Microsoft product. No problem in that area.

        1. Anonymous Coward
          Anonymous Coward

          Re: oh well

          At that point M$ wont care because they will have already extracted the money for the product.

    2. janimal

      Actually yes

      both my (divorced) parents (both 70 years old) use linux for exactly that reason (moved from Ubuntu to Mint now though) because it is easy to install and use and if it seriously screws up (which has only happened to one of them once) I can get them to reinstall it themselves very simply.

      I suspect I will find it a lot harder to talk them through installing secure boot keys through the bios or whatever proprietary interface is provided with their own particular hardware.

    3. Ben Tasker Silver badge

      @Velv

      Missing the point there I think.

      To me it reads as "It'll make it harder to install Linux which may put them off" which is very different to saying people install linux _because_ it's User Friendly.

      Sadly, not everyone who does a (re)install does so with that little bit of knowledge. Some see how much it'll cost to get a techy to do it and then just chuck the install disc in themselves. Whether these types would actually be trying to install Linux is another thing, but it'd certainly put them off!

      Find someone not very techy you know, and try explaining the concept of Public and Private keys to them. But do it in the crappy language that OEM's will use (if they publish anything), they might understand it but they will probably also be happy to confirm that they'd go out of their way to avoid it if possible.

    4. Anonymous Coward
      Anonymous Coward

      Trolling? Not much!

      When's the last time you booted a runtime Linux distro off a CD? 2002? I think you'll find there are less steps installing a copy of Ubuntu or better still Linux Mint, than there are to installing Windows these days.

  7. Tom 7 Silver badge

    Embrace, Extend, Extinguish

    its going to do for the PC market what its done for the phone market.

    Just to make sure you cant run ARM cos it cant get its office software to work on it and if the boss starts using Libre Office on his green PC at home then theres no need for MS anymore...

    1. Ken Hagan Gold badge

      Re: what it's done for the phone market

      Ooo, let's hope so. Microsoft are almost totally out of the phone market.

  8. midcapwarrior

    fiddling around

    "meaning they must fiddle around by hand in the firmware settings" Though that was the primary reason anyone bothered with linux.

    1. Anonymous Coward
      Anonymous Coward

      @midcapwarrior - Your post shows

      you don't know much about firmware, OS and computers in general.

  9. E_Nigma
    Mushroom

    It's Not MS and It's Not About Desktop

    First an obligatory flame at the guys who always blame others for their own failure: Linux has existed for quite a while and still only holds 1% of the market, so what has been "dissuading people from bothering to install Linux" so far? Ah yes, Linux itself!

    Other than that, for ages PC users have been expected to be smart enough to pop into BIOS and toggle a single on/off setting if necessary if they wanted to use certain more advanced features (which is exactly how you'll disable this feature, as made perfectly clear in the requirements); and since forever have Linux geeks been smug about being smarter than those who don't know of anything better than MS, so where's the problem?!

    What MS is aiming at are handhelds. You can't disable the feature on them, making it harder to hack that sort of devices. Disagreeable in it's own way, but that's as far as this goes.

    1. crowley
      Thumb Down

      Dissuasion

      In my experience the dissuasion comes from addiction to the latest MS Office file formats - by which I mean the peer pressure to be compatible with an 'updated' product that has offered no advance to most people since the 1997 release.

      Some ancient flatbed scanner caused my uncle problems, which I resolved, and then he was fine with Office running under Wine for a time - until he needed some Excel embedded VBA scripting to work in a mandatory spreadsheet he was given to work with.

      But my Office free mum and girlfriend have been running Ubuntu for ages now, and I never get any hassle. It's my Windows running friend (who needs Office for school stuff) that is a constant pain in the arse. Neither are smug about using it.

      Oh, and do you really think ARM won't be used for desktop work as soon as MS port Office to it?

      1. Chemist

        "still only holds 1% of the market"

        That's 1% of a market where almost all computers have Windows installed from new without option and users either don't care or are told what they must use.

        That as many as 1% choose to install Linux is a MAJOR triumph in my book.

        1. James Hughes 1

          Bad numbers!

          It's closer to 5% on the desktop, over 60% servers, and over 90% supercomputers.

          But don't let the actual numbers get in the way!

          1. E_Nigma
            Flame

            Tell that to Globalstats

            They say Linux: 0.83%. But like you said, don't let the actual numbers get in the way of feeling good and smart.

          2. Charles Manning

            Still Bad Numbers

            Add up the desktops, servers and supercomputers and they are just a drop in the bucket.

            For the real huge Linux numbers, go to embedded: phones, routers, set top boxes, TVs,...

          3. DanW

            @James Hughes 1

            I'd love to see where you got the stats from...

            The stats I've seen agree with the supercomputers (top 500 is the definition I use here), but the other info I've seen comes nowhere close to the other numbers you recite.

        2. Vic

          > That's 1% of a market

          That 1% figure is complete nonsense.

          Even Ballmer's slides from 2009 show it as being much higher than that.

          Vic.

      2. E_Nigma
        Thumb Down

        Could be that they are not complaining, but you're still talking about people who are in that 1%. If all they are ever going to use are a select, small, closed (constant) set of applications, a browser a media player and OOO, Linux installs like a breeze and works just fine. Beyond that... it's not as rosy. Unnecessarily complicated, poorly documented...

        As for the "MS Office argument", it might hold true to some extent for work environment, but my home PC sees a .doc file once every blue moon, and even when someone sends one to me, Gmail will display it's contents just fine.

        And even in a business environment, yeah you use what the higher-ups give you, but I've actually seen way more Windows + OOO combinations in practice here than Linux machines, so the office suite is not really that much of an issue. Every civilized partner will send you a PDF and expect the same from you. (once in a while, someone does send you a file in an MS Office format, but it gets handled) And inside a company, it doesn't matter what you're using as long as everyone is using the same.

        So 99% of people don't use Linux because 99% of people don't want Linux.

        As for ARM on the desktop, it doesn't seem too far fetched at a glance, but then look at how well Atom CPUs have worked there. And they were cheap and used the same instruction set as "normal" PC CPUs and weren't more underpowered for the time than ARM CPUs will be and I even saw a few desktops with them in catalogs, but nobody wanted them.

        1. hewbass
          FAIL

          "so 99% of people don't use Linux because 99% of people don't want Linux” ...

          ... Is utter bollocks as you would well know if you had ever worked in office where people were exposed to anything other than Windows.

    2. Anonymous Coward
      Anonymous Coward

      @E_Nigma - That 1% you mention

      makes for tens of millions of users in case your brain can cope with that.

      1. E_Nigma
        Flame

        So?

        What are you trying to argue, that Linux is widely adopted? Assuming "tens of millions" estimate is correct, one hundred (or ninety nine, if you like) times tens of millions makes for... billions of people who don't give a rodent's behind about Linux. So cope with a number yourself, Anonymous Coward.

        Linux has it's own niche on the PC, it's undoubtedly there, but it's been there for ages with very little growth. So crying that some future external factor might make it hard for the market to adopt you, when that same market has had two decades to adopt you and said "no" to you every time is just shifting the blame for one's own market failure to someone else.

        1. Marshalltown
          Thumb Down

          Missed the train

          Almost everyone that use a computer and the internet uses Linux. They aren't aware of it because the results are transparent. You don''t care what your ISP's router runs as long as it works for you.

        2. eulampios

          relativity

          In 2007 the market shares of MS IIS and Igor Sysoev's nginx were 40% and 0.% respectively.

          Guess what are the figures now?

          netcraft.net

          If you and M$ are deriding that 1% (as you say) why not allowing to resell Windows OEM licenses.

    3. Peter Gathercole Silver badge

      ARM

      I don't think that all ARM devices would be thus locked; only those that are destined to run Windows 8.

      MS would have to use some marketing pressure (like providing a large discount on Windows 8 to the HW manufacturers if they promise to only include an MS key), but this probably will not matter, because there will be ARM devices that will be sold not running Windows 8. If MS attempt to stifle other OSs on generic devices, then I'm sure that Google would be quite happy to see them in court.

      E_Nigma: There are many reasons Linux is only at 1% of the market, and most of them revolve around MS making it difficult for a vendor to sell a system without Windows, and the fact that most people who buy PC's don't really care about the OS provided that they can do everything they want. A huge number of them (those that do not run games mostly) could cope with Linux quite happily, but are never given the chance. With things like Silverlight gaining traction, however, this is becoming a bit more difficult (blame MS again!)

      BTW. I would guess that your statement that "PC users have been expected to be smart enough to pop into BIOS and toggle a single on/off setting" is not quite as inclusive as you suggest. Finger in the air, I would suggest that less that 25% of all PC users even know what the BIOS is. Your statement may have been true 10 years ago, but I know lots and lots and lots of people who do not watch or care about what comes up on the screen before Windows presents them with either a login screen or desktop, and would not how to get in to the BIOS without someone telling them.

    4. Marshalltown
      Trollface

      Ignorance is no excuse

      What keeps people using Windows is inertia. "Users" buy a computer to use, not to play with. If it comes with a preinstalled OS that more or less works - like Windows - the hardware is more or less useable - like most PCs. So the user simply uses what they are saddled with when they acquired the hardware. Most of them had no clue about the additional costs they would encounter to make the hardware more than just barely able to turn on. Any Linux release is more useable upon default installation than Windows has EVER been. A Linux user can save literally 10s of thousands of dollars/pounds/francs over a couple decades using Linux for the standard tasks a computer is normally used for. If you use more technical software and know what you are doing the savings can be vastly greater. Look at R and GRASS or Quantum GIS for instance and compare them with the Windows based commercial equivalents (S-Plus, Arcgis or Idrisi for instance), or Office vs. MS Office.

    5. toadwarrior
      Thumb Down

      Linux hasn't failed

      Linux has succeed in just about every area where MS' monopoly hasn't locked people in. Phones, settop boxes, servers, etc.

      It hasn't grown terribly on the desktop because of MS' monpoly and the fact the desktop market as a whole is shrinking. Linux could have made good inroads on netbooks but MS bullied companies into making netbooks shit and to install windows on them. Now netbooks are dead.

      If MS could manage to secure their OS like any real OS then we wouldn't need to the secure boot. No matter how small you think the Linux market is we shouldn't be punished because MS can't secure their OS.

  10. Peter Gathercole Silver badge

    Signing keys

    It's interesting to think how this works. To me, it looks like the first executable run off media by UEFI must me signed with something that acts like a checksum and a cryptographic key in order to be executed. It must act like a checksum to prevent a previously signed piece of code from being subverted after-the-fact. The key or certificate must also be part of the executable.

    In the current Linux space, the affected component would be Grub. Once Grub was running, anything could be run as far as I can see.

    So surely, it is not the Linux kernel that needs to be signed, but Grub. This is a much easier thing to achieve. Grub is rarely re-compiled by normal users, so a canned, signed installation should be possible.

    1. crowley

      I think you've missed the point

      The binary release of grub won't be signed, unless the private key MS use (to sign their boot-loader to be verified by the public key they have PC makers install) is made available, which defeats the point, or MS start signing grub!

      Alternatively, the PC makers could have their own signing process, and both the MS bootloader and grub would need to be signed by each vendor, possibly for each model... or even each serial number!

      This'll be why there's mention of using the BIOS to enter another key, but I imagine that as MS are seeking control by proscribing against this option on ARM, they would promote the first scenario above to PC vendors.

      1. Peter Gathercole Silver badge

        I've not missed the point

        although it is possible that I did not make it clear enough. MS should not be the only software company allowed to provide keys to be installed in UEFI as part of anti-monopoly legislation.

        As long as there is one key in the UEFI to allow grub to be signed by a responsible company, then this is all that is needed, and this need key not be 'owned' by MS. Once you have a signed Grub, it is not necessary to sign all Linux kernels separately. So all it takes is for RedHat, Canonical, IBM or Google to apply for and hopefully be granted the right to add a key, provide the key to the HW manufacturers, and they would be able to provide a signed Grub image for the rest of the community. I'm sure that most HW vendors would consider adding a single non-MS key if it was provided by a reputable company - that is unless MS use their market power to dominate the HW manufacturers.

        As a matter of interest, there used to be a mechanism of booting other code using what was called a 'chain-loader' that would run from DOS (it's that old) and overlay DOS with another OS. I know that Windows is a different beast and is much more secure, and there would still be the 'Windows Tax' to pay, but this may be another way around this type of issue.

        I think that MS would be in for a serious anti-competitive lawsuit in the US if they prevented another software vendor from being able to have a key included in the UEFI. That would effectively mean that they would have a monopoly on all PCs sold, even if there was a way to add additional keys.

        1. crowley

          Ah, I see now...

          Then, the only thing I would modify would perhaps be to use chain of trust certificates instead of individual keys, so that new entrants to the market can also sign their code.

          That raises the problem of who the certificate authority would be. On the net, I remember seeing Thawte were signing all kind of shite, so it would have to be an organisation that would persist -without- signing stuff willy-nilly.

          Probably we need a UN body for this sort of thing.

          I've worked with a few secure embedded chips. We do a lot of board bring up.

          The one destined for a chip and pin device had a flash area that becomes irretrievable to the software under certain tamper conditions, and such protection could be triggered by the software itself too.

          Your updated chain-loader concept could probably work with such a facility, such that the main OS could render it's encrypted space on the hard-drive invulnerable to tampering when handing control over to another OS.

          Yes, though they can keep anti-trust cases running until the market changes!

        2. Anonymous Coward
          Anonymous Coward

          @Peter Gathercole - Although you seem to have a good understanding

          of the whole process, there still are things you need to consider.

          1 - You will never be able to patch or upgrade Grub boot loader unless you request all hardware manufacturers to re flash the motherboard firmware

          2 - Chain-loading means you have to rely on Microsoft good will which by far, isn't a wise thing to do

          3 - Microsoft currently has a monopoly on every PC sold because they sell Windows to OEMs who then pre-install it on the computers they sell. The price of Windows license is a powerful leverage Microsoft has allowing them to drive out of business any OEM no matter how big it is (look how they treated IBM when Win95 launched)

          1. Peter Gathercole Silver badge

            1 - A responsible company would patch it and re-sign it. Others could then include that in their repository.

            2 - Yes I agree. Because Windows is more secure than DOS, it is completely possible that they could lock it down in a manner that would prevent chain loaders from working.

            3 - Yes again, and this is what I was referring to when I said 'marketing pressure'. I am completely aware of the discount that MS could withdraw from manufacturers. I have commented on this in these forums in the past.

            1. Peter Gathercole Silver badge

              May last post was directed at AC@18/01/12 18:35

              See comment.

        3. John Sanders
          Big Brother

          It would be even cooler...

          If there is a fraking setting in the bios to disable secure booting altogether.

          I have never needed such a thing, and if Micros~1 wasn't a greedy 8 legged security walking disaster trying to get secure boot down everybody's throat, I would not need it either.

      2. Wyrdness

        So what if Microsoft offer something like Apple's Bootcamp in order to allow booting alternative operating systems? That would obviously not completely solve the problem but would go some way to alleviate it for the majority of Linux users.

        1. Goat Jam

          Microsoft offer something like Apple's Bootcamp?

          So, you are required to purchase MS OS in order to run Other OS?

          Sounds great. Not.

  11. William Boyle
    FAIL

    Boycott ALL Microsoft products! Let the hardware vendors know that if they allow this "initiative" (read attempt at monopoly) to go forward with their hardware, NO ONE will purchase any of their cruft! Because of their anti-consumer attitudes, Sony has lost 10's of thousands of $$ in sales to my family alone (or more, given the size of my family). None of us will purchase ANYTHING from Sony until they change their behaviors in a fundamental manner, that gives control back to the purchaser or their products, not the maker. FWIW, this includes CDs, DVDs, TVs, audio and video equipment (our family includes sound and video/animation professionals), not to mention games, PCs, and whatever else has a Sony trademark.

    1. Danny 14 Silver badge

      wut?

      yes because I would LOVE to see what would happen in the college I sysadmin in. GPOs are the lifeblood of most corporate networks.

    2. dogged
      Meh

      Good luck with that, Ché Guevara.

  12. Dave's Jubblies
    Mushroom

    Maybe it's me...

    But I can understand this to some degree...

    Yes, it will, to SOME extent, dissuade SOME users from running SOME variants of Linux.

    But how many real PC users run ANY version of Liinux, or any other OS other than the one it came with from dell, or pcworld?

    What this is, is another step towards making the machine more secure. If it's not done, and the machine gets infected via this method, then MS would be blamed, but by locking it down and closing another hole, MS are blamed...

    can't really win can they?

    Yes, of course I realise that it could also be construed as anti competitive, but it also can be construed as more secure too...

    1. crowley
      FAIL

      Tyranny

      "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety" - Benjamin Franklin

      And so you invite tyranny when in fact more than one organisation's secure boot keys could be placed in the BIOS - if MS aren't permitted to insist on only their own key...

      1. dogged
        FAIL

        Tyranny?

        Tyranny is locking a bootloader?

        And yet it's fine if you're Apple.

        Right. I see. Okay.

        1. Anonymous Coward
          Anonymous Coward

          @dogged - Apple does not lock their hardware

          Nothing prevents you or anyone from installing Windows on their hardware.

          You clearly don't seem to see.

        2. Anonymous Coward
          Anonymous Coward

          Re: Tyranny?

          Tyranny is having no choice about what you get to use, having to pay up every time the vendors come up with an excuse to send you a bill, struggling just to keep using the stuff you've already bought, trying workaround upon workaround to stop functionality being taken away from you, being told that some software or other is un-American or takes jobs away from your rich nation economy (even though that's a lie) and you therefore are not allowed to run it, having your Internet experience heavily filtered so that you don't get exposed to un-American values or content not supplied by a large corporation.

          And should this come to pass, people like you whose primary concern was "brighter shiny" will bear some of the blame, particularly if you made the effort to ridicule people with even the slightest awareness of what a problem this was going to be.

        3. Dana W
          FAIL

          Um, no.

          We have six Macs. Two run Linux, one of those runs our website. And they can run Windows if we actually wanted to.

          Where is Apple trying to lock out OSes?

          1. dogged

            @Dana W

            I was merely referring to the outrage over the possibility of bootlocked Windows-on-Arm. I have looked for the screaming over where you can unlock the iPad to install the linux distro of your choice on it but I can't seem to find any. Which shocks me. No, seriously, I'm shocked. It staggers belief that with all the locked Android installs out there and the utterly locked iPad - even jailbreaking the bloody ting won't let you install a different OS - that people are up in arms about a hypothetical situation regarding a set of hardware standards that haven't even been released.

            1. Anonymous Coward
              Anonymous Coward

              Very first result of a search for linux ipad returns a PC World story entitled:

              "Linux Now Runs on iPad; Tuxedo Optional"

              The story itself reveals that linux will now run on iPad, iPhone and iPod Touch.

          2. DanW

            @Dana W

            Interesting name, given mine :-)

            Anyway... Don't look at Macs, look at iPhones, iPods and iPads - actually a far larger percentage of Apple's revenue than Macs.

    2. hewbass
      IT Angle

      You obviously don't compute for a living then...

      Those of us who actually compute for a living (as opposed to using computers as glorified typewriters to send the occasional letter, or other so called office productivity) do it on Linux (used to be Unix, but times have moved on).

      Or did you really think that people designed the chips inside your computer/the aeroplanes you fly in/etc. using software that ran on Windows... ?

      1. Chemist

        "who actually compute for a living"

        Agreed, before I retired I had a Linux dual Xeon workstation with seriously expensive 3D graphics hardware and so did the ~~100 other computational chemists in the company. This was all backed by a Unix fileserver and several Linux compute farms of ~1024.

        1. Anonymous Coward
          Anonymous Coward

          Those who compute for a living

          Those who seriously compute for a living don't restrict themselves to a single OS and don't congratulate themselves on how smart they are, just because they use the right OS.

  13. Magnus_Pym

    It's all politics in the end.

    It's not Linux they care about. It's old versions of Windows. The fact that they can't get corporates off XP/Office2003 is a major fail for them. They need a way to force big users to upgrade Windows when they upgrade hardware.

    Also why should ARM machines be treated differently? Because they threaten the cozy WinTel relationship that why.

    1. dogged

      Agreed entirely

      linux does not threaten MS on the desktop at all, despite the ravings of too many commentards. Windows XP certainly does, though.

      MS don't care about linux on your desktop especially since you've normally paid the Windows Tax when you buy a PC anyway. Market share would tend to indicate that users don't care about linux on the desktop either and hey, it'll be cracked in about a day whatever happens anyway.

      No big deal.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Surely the problem is not now

        but in the near future, when you decide to re-purpose your old Win8 ARM-based tablet that has run out of steam, and to instead run Ubuntu 14.10 or whatever on it?

        However, due to everyone turning a blind eye to a decision taken in 2012 that means you cannot run any OS but a Microsoft OS on Win8 ARM tablets, all those perfectly good tablets in 2014/2015 will be headed for landfill instead of a useful second lifetime as a Linux tablet for yourself, one of your kids or an organisation that recycles kit for education or the third world.

        1. Anonymous Coward
          Anonymous Coward

          @Magnus and dogged

          Bollocks and if youd rtfa you'd know it.

          Ms want the option to turn of secure boot on non-ARM devices. Which means XP should run as long as it can cope with the new bios. Any corporate IT bod who cant figure out how to switch it off shouldnt have a job.

          Im sure there'll be plenty of info on how to turn it off available for home users.

          1. Richard Plinston Silver badge

            Which means XP should run ...

            XP will only run on new hardware if the drivers are available. Unsurprisingly, this becomes less likely.

            1. DanW

              XP won't run...

              Which is nothing to do with Secure Boot...

              XP needs a BIOS

              UEFI *replaces* the BIOS

              Vista was the first Microsoft OS that would boot on a UEFI system

              (Note: Apple's bootcamp and similar systems *emulate* a BIOS on UEFI hardware to allow booting of operating systems such as XP)

  14. Michael H.F. Wilkinson Silver badge

    The ARM exception is curious

    This is the domain where MS has least leverage, as the tablet market is dominated by iOS and Android. Windows is very much a latecomer. Whatever the quality of Windows 8 on these devices (I really do not know one way or the other), being late makes life harder when trying to penetrate a market. How many tablet makers, who seem happy to ship Android, would want to sell locked in Windows 8 Tablets? At the same time, how much harm would that do to people wanting to run Linux on their Tablet. Just pick any old Android tablet that does allow a Linux install.

    Regarding the rules for x86 kit, in that arena the new measures might raise eyebrows (Steely Neelie's would have been raised), precisely because Windows is dominant in that arena. In legal terms, it does not matter that only 1% of desktop is Linux, in fact quite the reverse: Because they own 90%+ of x86 desktop (forgive me for forgetting the exact OSX share), they can be accused of leveraging their monopoly in anti-competitive ways. Thus, they may have felt comfortable putting stronger restrictions on the ARM kit precisely because they do not dominate that domain.

    Just my 2 euro cents

    1. elsonroa

      The real reason for the ARM restrictions

      I suspect the real reason that Microsoft had to lay down the ARM implementation restrictions is just to get a common platform subset that they could realistically work with. There is a common misconception that all existing ARM SoC's are somehow interchangeable because they use the same processor core. Anyone who has tried to run up Linux on an ARM platform will tell you that this is definitely not the case - every vendor throws in a different bunch of proprietary peripherals. Add to that a random mix of open source and binary-blob drivers - most of which never make it anywhere near Linux mainline. In short, it's a god-awful mess. If Microsoft is able to define a common ARM platform that chip vendors have to conform to, I can't help thinking they will actually be doing ARM-Linux a favour here.

      1. crowley

        SoC's

        Yep, great summary of the sort of crap that keeps me in work!

        Not sure what locking out other code has to do with creating a subset though - different vendor's SoCs have the security aspects required to do this. If they wanted a subset, surely they'd look towards forging a WinTI or WinScale alliance? Not that that would help with off-chip peripherals that may or may not be mapped or run their IRQs through a CPLD depending on the board, etc.

        Actually, WTF are you picking on ARM in particular?! It's the embedded space in general that has that kind of diversity, and is why other architectures get into places x86 is too rigid for.

        1. elsonroa
          Thumb Up

          Re: SoC's

          I agree that non-ARM SoC's also suffer from a huge amount of vendor fragmentation as well. I was just trying to suggest that by specifying a rigid set of ARM platform requirements, Microsoft may actually help to reduce the fragmentation issue for ARM and make it more viable to produce a 'standard' ARM Linux distro. Just because the retail Windows 8 ARM devices are going to be nailed down doesn't mean that other people couldn't use the same chippery to produce Linux friendly boxes. Clouds, silver linings and all that...

      2. Anonymous Coward
        Anonymous Coward

        I'm sorry, but how could Microsoft possibly fix that situation? Proprietary driver blobs are precisely the market Windows caters to. Even when Microsoft has advocated "standards," they've alway been constructed in such a way that they are the only ones who can readily implement it.

  15. AndrueC Silver badge
    Joke

    God forbid that any aspect of operating a Linux based computer should ever be complicated or lacking a decent UI.

  16. uhuznaa

    Just wait and see

    It will be still about a year until Windows 8 is there. There will be a lot happening in this year and it's an open question if then anyone will be interested in buying into the next MS monopoly for lots of money.

    MS clearly is trying to control the hardware without actually having control over the hardware. In how far this will work is in no way clear. On the other hand, if Intel manages to offer low-power X86 compatible CPUs until then and MS can offer tablets that support all the legacy Windows crap out of the box... Business users will love that.

    And Linux? Well, the current situation on mobile hardware is as bad as it gets for Linux. Some standards controlled by MS might turn out to be better for Linux than no standards (and proprietary hardware) all over the place.

    And of course we will see the good old PC surviving for a long time. There's a huge legacy market and nobody will be willing to give that up any time soon.

  17. Spearchucker Jones
    WTF?

    Maybe I'm missing something...

    ...bit it strikes me that not a single comment here discusses the security benefits of UEFI.

    1. Anonymous Coward
      Anonymous Coward

      @Spearchucker

      Why bother discussing the advantages of a system, when you can whinge about MS instead?

      As I've said before and no doubt will keep saying, while being drowned out by FUD - It's not in MS' interest to prevent users from disabling this feature, because earlier versions of their OS won't install on new hardware. Installation of older software on new hardware is critical to MS' corporate customers. There is also the issue of being clearly anti-trust, and most of the board would be asked to consider their positions, were MS to have another anti-trust investigation.

      1. Anonymous Coward
        Anonymous Coward

        > It's not in MS' interest to prevent users from disabling this feature, because earlier versions of their OS won't install on new hardware

        They don’t want you installing an old version of their OS. They don’t get any money for it. They want you to buy their new version and install that.

        1. Anonymous Coward
          Anonymous Coward

          @AC 23:40

          They really do want people to install older OSes, because they need their corporate customers on side.

    2. Anonymous Coward
      Anonymous Coward

      That's because this isn't about EUFO, it's about how some people believe that it is impossible for anything that Microsoft proposes is, a priori, bad/evil. It's a religion for these people, facts don't actually play any role in the matter.

      The simple fact is that VMs provide an even easier way for people to "try out" Linux than Boot CDs do. So it' not the "trying out Linux" people that will be impacted, it's the "get rid of Windows because it'd from Microsoft and therefore evil (except for the gaming bits)" people. None of whom will have the slightest problem turning off UEFI.

      The bottom line is that Manufacturers only build hardware so that they can make money. Which means that they build hardware that there's a market for. There'll be a market for Win8 certified hardware. There'll be a smaller market for hardware that isn't Win8 certified, just as there's a small market for PII motherboards with a maximum 2 256MB RAM slots. There's nothing to stop a PC manufacturer building PCs with a PII and 512MB of RAM today, as long as they don't care about actually selling enough of them to cover their costs and make a profit. There's nothing to stop netbook manufacturers selling netbooks with Linux pre-installed, or even no OS installed at all, as long as they don't care about actually selling enough of them to cover their costs and make a profit.

      1. Richard Plinston Silver badge

        >There's nothing to stop netbook manufacturers selling netbooks

        > with Linux pre-installed

        It is likely that there is. If the manufacturer is any sort of Windows OEM then that sort of 'disloyalty' is likely to get them to lose their discount on Windows and their 'joint advertising incentives'. ie it will cost them $millions for their other products.

        They could do this originally with netbooks because the then current Vista could not run on the low powered Atoms. MS had to resuscitate XP for these and then they could again wave the 'disloyal' threat.

        Windows on ARM is exactly the same situation. Currently Widows OEMs can make/sell ARM Android/Linux machines because there is no Windows that can run on those, and no equivalent Intel/AMD cpu that can match the specs.

        When Windows 8 on ARM is shipped (or staggers out the door) then MS will be back in control. It probably doesn't worry MS whether the OEMs only make ARM machines with W8, or don't make any ARM machines at all, as long as they don't make ARM machines that could possibly run Android or Linux.

  18. Andrew Jones 2

    Apologies for being slightly technically behind here -

    Does this secure signing system apply to only operating systems on the hard disk - or does it apply to USB / CD / DVD systems too?

    eg - are the days of downloading a distro and running (NOT INSTALLING) it from CD going out of the window?

    1. John Brown (no body) Silver badge

      Good point.

      Hardware diagnostics boot DOS/FreeDOS/Linux etc from USB pendrive or CD. eg memtest86 and/or hard disk manufactures diagnostics etc. It's not always the case that the system will boot Windows correctly or remain stable long enough to run the diagnostics. After all, that's why we run the tests in the first place. It's not always obvious what the fault is until after you run the test. Personally, I don't trust windows versions of hardware diagnostics. MS like to "hide" the hardware behind APIs. How can I be sure the diag software is testing the hardware and not just reporting what some MS API says? From DOS or Linux I feel more confident the diags are banging the hardware directly.

    2. Anonymous Coward
      Anonymous Coward

      @Andrew Jones 2

      > Does this secure signing system apply to only operating systems on the hard disk - or

      > does it apply to USB / CD / DVD systems too?

      Surely the clue is in the name: "Secure BOOT"

      If the OS you are booting is not "secure" (signed with valid keys) then it ain't gonna boot.

      1. Anonymous Coward
        Anonymous Coward

        @A/C

        Rather than being condescending could I suggest you think the issue through? It's possible it won't apply to Read Only Media such as CD's etc. Why?

        If we ignore theories about locking competition out, the idea of Secure Boot is to prevent rootkits from loading before the OS. Given that a rootkit can't write itself into a boot image stored on a CD (plus I don't image there's gonna be a Win 8 Live CD!), there's actually very little point in restricting these types of media.

        Yes, you could boot from the CD and a rootkit could write itself to the boot image on disk, but when you tried to boot that image, guess what would happen - it would fail the check.

        That said, I doubt they'll go to the additional level of complication to distinguish between the two!

  19. Aaron Em

    All it took

    to dissuade me from installing Linux was a bit of experience in trying to install Linux. Mouse driver can't figure out how to adjust for a non-4:3-ratio display? No, thanks, I've got a living to earn and no longer have the time to spend discovering the Internet's wisdom on how to solve such problems -- and then working out how the Internet's wisdom is wrong and how to actually solve the problem.

    It really is worth a couple hundred bucks to have something that'll be there when you need it to be; with Windows as with Linux, you get exactly what you pay for. Think I'm full of it? Wait 'til you grow up and get a real job, and see if you don't agree with me.

    1. Chemist

      "Mouse driver can't figure out how to adjust for a non-4:3-ratio display?"

      Utter FUD !!!

      1. Steve Renouf
        Facepalm

        Maybe

        he's trying to use a 20yr old version of linux!

        1. Aaron Em

          Ubuntu's been around for 20 years?

          Last I heard, Ubuntu's supposed to be the idiot's version of Linux -- that is, one which can be installed and used productively by someone who has no clue at all, much less someone like myself who's been fucking around with Linux since Red Hat 6.5.

          Three times in three years on three different laptops (a Gateway, then an HP/Compaq, and now a Toshiba Satellite), I've downloaded the ISO of the latest Ubuntu version, burned it, and installed it dual-boot. Three times, I've ended up with a system where the X server works fine, but the mouse pointer moves further along the X axis for a given input than it does for the same input on the Y axis. Three times, I've been utterly unable to find any way to explain to the mouse driver that it's not working with a 4:3 display and needs to scale inputs accordingly. (Granted, that the mouse driver's at fault is an assumption of mine; I think it's fairly reasonable, though, given that all three times the X server correctly configured itself for the aspect ratio of the display I was using.)

          Blame Synaptics if you like, or assume I must be a moron despite the fact that my spelling and grammar are so much better than yours, or call me a liar -- FUD? Seriously? You'd rather assume Microsoft pays me under the table than that your precious virgin-birthed free-as-in-Che software might just work less than perfectly once in a while? -- whatever you want. But, at the same time, if Linux is so much closer to God, how is it that Windows never fucks up this fairly fundamental thing which Linux nevertheless cannot be trusted to get right?

          1. Miek
            Flame

            My guess would be that this is down to the hardware not correctly being identified which has happened to me on rather cheap inferior products; are you using a Dell?

            1. Aaron Em

              No I am not using a Dell

              I named the manufacturers in my previous post, if you're inclined to spend a little time reading.

              There's also the point, which will no doubt strike many here as risible but which is of considerable force nonetheless, that not everyone has the luxury of buying whichever machine is at the top of this month's list of acceptable hothouses in which Linux can be made to thrive -- for example, I'd never have bought an HP laptop in the first place, except that it was the only thing I could afford at the time.

              1. Miek
                Coat

                Of course I read your post and noted the models you mentioned, you simply seem to have missed the joke. I probably should have used the Troll icon to make things a little clearer for you.

                "There's also the point, which will no doubt strike many here as risible but which is of considerable force nonetheless, that not everyone has the luxury of buying whichever machine is at the top of this month's list of acceptable hothouses in which Linux can be made to thrive" -- I quite agree, although, do you just buy any 'ol piece of junk just because it is cheap? Do you read reviews?

                " I'd never have bought an HP laptop in the first place, except that it was the only thing I could afford at the time." -- HP laptops are usually more expensive than say an Asus or Acer, which usually play rather well with Ubuntu and are reasonable budget laptops.

                Hmmm, which icon should I use?

          2. Chemist

            "three years on three different laptops"

            I'm genuinely sorry you've had these problems (and of course we're not going to fix them here ) but I can only repeat that my experiences have been universally positive.

            Now I'm not an IT professional, although I've been around computers all my working life, and like many scientists need to program out of necessity. As well I build my personal machines and other hardware, so I'm not, perhaps, your average non-IT person either.

            I'd suggest using an OpenSuse live-CD so that you can see if your hardware is working before trying to install.

    2. Miek
      Linux

      I have a real job and I need Linux in order to do my job!

      Mouse drivers, pah! You big 'ol FUDdy-Duddy.

      The reason people cling to XP is that it generally does not run like a bag of crisps on their new hardware.

      1. BobChip
        Linux

        Interesting. I also have a job to do - several, in fact, - and I also use Linux to do them. Not because I have to, but because I choose to. I choose Linux because it is better, cheaper, stable, and far more reliable (than Windows). I realise of course that these do not play as valid reasons in the Microsoft camp, but they don't half look good on my balance sheet.

        1. AndrueC Silver badge
          Linux

          Gotta say that whilst it's better than it used to be I do agree that Linux is still some way short of the 'install then use' that Windows offers. I would happily offer to install Windows on any PC hardware. It's a background task so you can do it while watching the TV and all you'll have to do is fill in a few boxes and click Next. Half an hour later it'll be done and all your hardware fully supported.

          Linux..not so much. We have a dozen installations here and three of them still have problems. The one in the meeting room is a pain because it can't drive the graphics card properly (the screen flickers occasionally) and half the web sites we try to visit need plugins that we either can't find, can't work out which one is appropriate for our bloody distro or don't work.

          That's not to say I hate Linux - I don't. I like it as a server and it's fine as a desktop. I just maintain as per my earlier joke that Linux gurus whining about complex installation procedures is like a fisherman whining about salt spray in the face.

          1. AJ MacLeod

            I do Windows (and Linux) installs daily as part of my job, and IME getting correct drivers for every device on the machine is MUCH more work with Windows than with Linux.

            I have also seen several machines where Windows point-blank wouldn't install, using any workaround, until the drive had been partitioned and NTFS formatted - using Linux!

            Not to mention that a bare-bones Windows install is actually practically useless unless all you want is an unsafe and slightly handicapped platform to browse the web (bearing in mind that plugins such as Flash will need installed manually) whereas with the right Linux Distro it's ready to use straight away with a full set of applications.

            Regarding the original topic, it's a perfectly clear attempt by Microsoft to gain more control over other people's hardware; enforcing it on ARM first is just the pragmatic thin-end-of-the-wedge approach.

          2. Anonymous Coward
            Anonymous Coward

            Re: AndrueC

            > I would happily offer to install Windows on any PC hardware. It's a background task so you can do it while watching the TV

            You've got to be kidding!!

            I installed Windows 7 3 days ago. It took 5 hours. Five lots of patch installs after the initial install. Five reboots. The most annoying thing about it was it STOPPED ONE OF THE F@*$ING patch installations to ask a question about IE9!!!! You can not just leave it running because you don’t know when its going to stop installing and ask a question ffs.

            One the other hand I installed openSuSE 12.1 a couple of weeks ago. It took 50 minutes from start to finish, the patches were installed at the same time as the OS, and it didn't even need to reboot.

        2. vincent himpe

          can you enlighten me how you 'use' an operating system ?

          This is something i frequently read, here, and in other forums as well.

          I 'use' windows. I 'use' linux'. i 'use' this..

          No you don't. The APPLICATIONS you run use the operating system for device and file i/o, memory management and all the other 'twiddly bits' that are required to run a program.

          The reason for installing operating system xyz is because application abc requires it to run...

          Some applications exist for multiple operating systems because the makers went through the effort of cross compiling them. In the end nobody uses an operating system directly. So do you really care what is running ?

          Most people are prefectly happy if they can run programs to get some things done.

          Just like most people need a car to drive from a to b. I don't care whether the timing belt is user replacable... or if i can change the cylinder heads.

          I care if it has a decent stereo and navigation and if it behaves in a similar way to other cars i have previously driven. ( and It's got to have the steering wheel on the same side as all the other cars in the country of intended use, simply becaue of practicality)

          1. Anonymous Coward
            Anonymous Coward

            I use the OS. I program for it. I choose the applications based on the OS (not the OS based on the applications). I maintain it, repair it, and update it. The reason I install OS xyz is because I like it and if I have to use application def instead of abc because of my choice then so be it. Buts that is just my desktop.

            Servers are different. If I'm running a server I am definitely using the OS. I have to tweak all those little known OS settings to maximise the performance. I have to monitor the OS'es memory, disk and network usage to make sure nothing is going wrong. I have to check all those log messages that I can safely ignore, and never even see,on my desktop. I have to make sure the log files get backed up and/or trimmed. I have to ensure the OS settings are backed up and reproducible. Then there is the application.

            1. Ben Tasker Silver badge

              @Vincent

              Surely you mean no-one uses the kernel? The OS is a collection of programs allowing you to do things from adjusting config to creating filesystems.

              Sure very few people use the kernel directly (and you can be sure kernel devs do to some extent). But then it's no different to saying "I use Intel Processors". Unless you are sat doing everything in Assembler that must be equally fallacious in your view?

              1. Anonymous Coward
                Anonymous Coward

                If anyone uses the OS API calls then they are effectively "using" the OS. This applies to Win, OS X and Linux.

            2. vincent himpe

              OK. i see your point of view.

              It just strikes me as 'strange' that someone states : i will only use tools that have a red handle. I don't want any tools with blue or green handles , even if they get the job done better , faster and or cheaper. Only red tools for me... it's just ... i don't know... hard to grasp (from a pure functional perspective).

              I don't really care what my computer runs as OS. Most of the time i use a windows based machine because most of the software i use is only available for windows. Sometimes i use Linux hosted programs ( mostly on a redhat server through a VNC ) simply because those only run there ( Mentor , Cadence ). In the past i did the same with Sun / solaris or HPUX hosted software. An operating system is something that lets you manage your files and launch programs. Webbrowsers ? Opera , Chrome , Firefox all exist for any platform. Clock , notepad exist on any OS. GUI's are all very alike.

              I have an Android Tablet , an iPhone , a HPUX based logic analyser , a couple of windows computers , an ubuntu webserver , a windows Homeserver , multiple NAS boxes running a flavor of linux and even some esoteric machines running VxWorks. The Os doesn't bother me at all. All these devices do exactly what i expect them to do. If tomorrow there is a specific program that is IoS only that does a particular job that i just have a need for i may buy a mac. ( i will first check if that particular software exists for a machine / os i already have. just for economical reasons )

              I have written some books. My publisher requires images to be supplied in illustrator format. I tried inkscape.. works well 80% of the time. So why go through the hassle for the remining 20%. Illustrator options are iOS or Windos. I have a win box. Ok decision made -> Buy Illustrator on existing hardware -> move forward.

              I need to run Modelsim . That is originally a native unix app . Current licences are upgrades. Crossing to windows ports would be more expensive : solution : maintain unix based installations. Red Hat is the offical supported distro. It can run on others but you are on your own. Solution : get a redhat based machine from Hp or Dell ( pre-installed build ) , plunk modelsim on it , vnc into it. Done. Problems ? call maker of modelsim. ( if you are not on Red Hat : you are on your own... )

              I don't have time to mess around trying to hammer in a screw or make my own screwdriver. Find the best tool for the job , see what is the economical way to get it ( in terms of already available machines / os-es ) -> go on. If no match , get hardware / os -> move on.

              Anyway. that's my point of view. Nothing wrong with having a different one.

              1. Anonymous Coward
                Anonymous Coward

                @ vincent himpe

                "a windows Homeserver"

                SHAME on you. That's just plain daft.

    3. Chemist

      Just to expand that ...

      I've installed Linux on about 30 computers over the years since ~1995. Since ~2000 I've never had any problems with installation (usually Suse or OpenSuse but others as well).

      Presently I have a Lenovo Celeron laptop on which I'm writing this via a USB 3G dongle, an Asus netbook which also takes the dongle, a dual-core atom fileserver with Samsung laser printer, a single core AMD 64 with a 4:3 display and a dual-core AMD 64 with a 16:9 display, and a dual core Intel at our Swiss holiday home with another 16:9 display

      I don't think I could get more diverse than that lot.

      Not one problem even with the dongle.

      1. Miek
        Linux

        "Not one problem even with the dongle." -- seconded, other than signal strengths.

      2. Anonymous Coward
        Anonymous Coward

        @Chemist

        "I've installed Linux on about 30 computers over the years since ~1995. Since ~2000 I've never had any problems with installation"

        I install Linux quite a lot (I test software on Linux, UNIX and Windows), I use RHEL, Fedora, Centos and occasionally Mythbuntu at home. Until very recently the Red Hat derived OSes would crash dead during installation if you made certain changes to the filesystem layout during the installation. Sometimes I would need to re-start the install about four or five times. I have had this happen on AA1, VMware and Proliant hardware.

    4. Anonymous Coward
      Anonymous Coward

      @ Aaron Em

      Hi Aaron. You realise that you couldn't get a job in academia or computer science/research using Windows?

      I've got a real job, too, and believe me, nobody uses Windows.

      1. Miek
        Linux

        @ Craiggy

        Just to add to that Craiggy, I know for a fact that the whole of the Maths department at Oxford Uni are on Ubuntu too.

        1. Anonymous Coward
          Anonymous Coward

          Not only Maths

          Molecular biology (cancer research and molecular modeling) Physics and astrophysics, the HRC, etc ... ALL use some flavour of Linux or UNIX.

          TeX is still also the main means of writing scientific and academic papers.

    5. Boris the Cockroach Silver badge
      Linux

      Another FUD vote here

      I decided to have a play with oracle virtualbox the other day

      So out came a trusty Linux disc (Fedora 14 to be exact)

      Set the VM to boot from the DVD drive, click on a few options and let it go.

      20 minutes later I have a shiney, if basic, Fedora 14 VM to play with... and break.. and restore

      No drivers to find

      No complex CLI stuff to worry about.

      So I try the same with MY copy of windowsXP complete with legit key, and in order to use MY copy of WindowsXp on MY vm I have to let it authorise to M$ which means MY PC it came with will go onto a 30 day trial thing unless I let it authorise again.

      Strangly MY winxp pc is the same dual boot machine I use to play with virtualbox.....

      And M$ wonders why everyone blessed with 1/2 a brain uses Linux for game servers....

  20. Aaron Em
    Flame

    Oh and I would note

    that Linux is just the thing on a server -- on that side of things I wouldn't choose anything else, especially one of the overpriced travesties Microsoft calls a server OS. In fact I'd say that putting Windows on a server is exactly as foolish as putting Linux on a client machine -- each has its place, and neither works well outside it.

  21. Will Godfrey Silver badge
    Thumb Down

    @Aaron Em

    Ah! Another 'wait till you grow up' troll. I got news for you I woz all growd up a long, long time ago. As for earning a living, I'm doing quite nicely thank you. All of us on the engineering side of the company use GNU/Linux based systems for the reliability (doncha no). The office staff use Windows (got to be compatible with the customers). Guess which group get all the problems?

    1. Adze
      Joke

      "Guess which group get all the problems?"

      ...the ones with admin/root access? :D

      1. Will Godfrey Silver badge
        Happy

        @Adze

        Nice parry sir!

        If I was the boss I'd offer you the support job... but then again it looks like you've enough smarts to decline it!

        1. LaeMing Silver badge
          Linux

          Heh

          Have to use the Win at work. The number of hoops I had to jump through to get a second account because I sometimes need admin access to do config and installs, but coming from a real computing environment, have no desire to be logged in admin for day-to-day work...

  22. Eduard Coli
    Megaphone

    Suits

    Guess M$ is starting to feel cocky because they have not been sued in awhile, or is desperate.

    Anyone for a new class action suit barring the use of signing as anti-competitive and in violation of earlier agreements from the last time M$ was found to be a illegal monopoly?

  23. Anonymous Coward
    Linux

    Forbidden?

    I don't want to buy a machine that even uses the word.

    I wouldn't buy it even if it forbade Windows!

    1. Will Godfrey Silver badge
      Thumb Up

      @Thad

      This! In a nutshell.

  24. Pseu Donyme

    How about VMs?

    What effect will this have on running Windows 8 on a VM BTW? That is, do VM providers have to get a key from Microsoft (who would thereby be in a position to screw them)?

  25. Keep Refrigerated
    Linux

    Would it not be ironic, though...

    If this ultimately had a negative impact on Windows sales. Bare with me..

    Let's assume that currently most Lusers pay the Windows tax and buy popular hardware because it's open and supported; they also run multiple devices and recommend hardware to their friends and family - say an average of 5 Windows devices (wiped and Linux installed) per 2 Windows devices purchased by average consumer.

    If Microsoft go ahead with this, then I certainly intend to purchase only from vendors that pre-install Linux. If most other Lusers went the same way, and fled from mainstream locked-down consumer electronics, Microsoft might take a significant hit.

    Even with f+f recommendations (it's very easy to spread FUD about how locked down that Packard-Bell computer is they want to buy and how they should buy this cheaper option and purchase the Windows OS separately). I get asked a lot, I even get asked to buy hardware for people as it's all too technical for them.

    It might even bring some clarity to the statistics for a change. For years Microsoft has been able to claim the number of Windows licenses sold (excluding downgrades and wipes). We might get to see what the true figure is after you remove the number of Windows that are wiped and replaced by Linux - which I suspect is far higher than website visitor counts.

    === TL;DR ===

    By drawing a line in the sand, Microsoft could unintentionally cause a statistical surge in Linux popularity; as multi-PC Lusers flee and buy Linux pre-installed vendors. Thus revealing the hidden percentages of those who pay the Windows tax but wipe and install Linux.

    I have 4 devices with Linux installed for which Windows tax was paid. I'm not proud of that fact.

    1. Miek
      Linux

      "I have 4 devices with Linux installed for which Windows tax was paid. I'm not proud of that fact."

      Have you tried obtaining a refund for the unused software, I believe you are entitled to do so within a reasonable* amount of time.

      * Entirely based on the suppliers idea of reasonable.

      1. Keep Refrigerated

        @Miek

        Considering 2 of those devices were installed with Linux when I was just exploring and figuring it out - I wasn't aware of such consumer rights and all the issues surrounding technology at the time - far too long and receipts are lost.

        Regarding new devices, 1 is a work laptop and the other I suppose I just don't have the time or motivation, but if I was more of an activist I would. Instead, I've committed myself in future to seeking out tech that is not pre-tainted^Winstalled with Microsoft tat.

        1. Miek
          Linux

          "Instead, I've committed myself in future to seeking out tech that is not pre-tainted^Winstalled with Microsoft tat." -- Good plan and to be fair, I have never reclaimed my wasted money for Windows either.

  26. Eradicate all BB entrants

    Time for mass downvotes :D

    If you are dumb enough to buy the cheap plastic fetid crap that is an OEM pc then you deserve all the heart ache this will provide (which when seen in the wild will be the usual 'we got worked up about this?)

    'Waaah waaah waaah, we have to pay the MS tax on oem systems and now we cant install fruity wigglebat13 on it.'

    Bloody grow up and build the pc you want to install it on. And before you trot out 'users can't build their own, it's too hard' most component shops will do it for you for £50.

    Also laptops, cry about them and I will follow Jay and Silent Bobs example :D

    1. Jordan 1

      We all have to start somewhere. Not all of us were born in the days before generic whitebox PCs. I bet 99% of the people who use Linux now first tried it on a Dell, or an HP, or a Toshiba. This is about adding a barrier to entry. Lots of people might try Linux if all they have to do is put a CD in their computer and reboot. Not as many will try if they have to enter in a new signing key.

      Builidng your own computer (or paying someone about as much as an off-the-shelf computer would cost anyway, what with the cost of Windows to OEMs) won't stop you from having to enter the key. What motherboard manufacturer isn't going to want their motherboard to be certified for use with Windows?

  27. phen

    Obvious reason to block arm

    is subsidized tablets with app/media store. You can't grab that app store money if people can just go around changing their OS all willy nilly. I can imagine MS entering the tablet market at prices similar to the TouchPad's fire-sale if it meant sewing up the market, as long as they can recoup some of the losses from selling apps/games/media.

  28. Sly
    Meh

    Meh... this is why I build my own kit

    granted... the non-portable kit for the most part. Though when I do buy pre-built portable kit, I make sure it's been out for a while already, price has stabilized, I find a sale (hopefully), and it conforms to my current needs and potential future wants (which include the ability to do my bidding after the warranty is up... whether that's just me being able to fix it endlessly or install a different OS or really getting down and dirty and modifying the hardware to accept additional kit). Typically, it's not that hard to find something that fits my criteria. I have yet to buy an OEM system other than a laptop. I've always built my own desktops/towers/servers/etc. This always gives me the best options for price points and typically ends up being about the same price as an OEM system with much better upgradability since I don't have to deal with using OEM kit should something take a dump.

  29. zanto
    Pint

    what me worry?

    micros~1 will need to pay money to make arm based phones with windows sell. that is because no matter how good the hardware, sane people would never pay money for that thrash.

    and as far as laptops and desktops are concerned, those of us who want to will fiddle with the bios.

    on the other hand, anything that beefs up the utterly pathetic security of windows would be welcome. hopefully it would mean less reboots every day.

  30. toadwarrior
    Meh

    Not surprised about ARM systems

    Microsoft is desperate to get their foot in on the ARM market so of course they want to lock up their devices.

    What I find very hypocritical is MS doesn't sell their own hardware (aside from the xbox) and they made their name by systems being free and allowing people to install Windows on their hardware.

    I think MS is afraid that what worked for them will work for others. I certainly hope someone puts an end to this. I'll certainly be writing to politicians about this and I hope others do.

    1. Neil 7
      Go

      @toadwarrior

      I hope someone puts an end to it too however in the land of ARM, what works for others (Apple, Google) may this time around work for Microsoft, in which case they may just get away with locking alternative software out of what will most likely become "generic" ARM tablets.

      And since tablets are reckoned (by some analysts) to become the new PC, this decision could cause a huge, huge, *HUGE* problem a few more years down the road unless something is done about it *NOW*, preferably with a swift legal judgement to ensure there is no backsliding of any sort whatsoever in the future.

      Somehow I doubt the US government is likely to do anything that favours the technically literate consumer and that upsets Microsoft, but perhaps Steelie Neelie will come to the rescue. Unlocked UEFI Secure Boot in Europe with locked/crippled UEFI Secure Boot in the land of the free (USA) will cause absolute chaos (but good chaos!) and hopefully a major backlash against Microsoft.

  31. Anonymous Coward
    Anonymous Coward

    Could I just point out

    (because I work for one) that if you go to a Microsoft Registered Refurbisher you can still buy systems with Windows XP preinstalled. Some quite good ones too, due to the refresh cycle.

  32. Anonymous Coward
    Anonymous Coward

    war

    hackers in the world, declare war on Microsoft!

  33. Bob Bobson
    Trollface

    No doubt the linux kiddies will hold this tiny concern responsible for the fact that their hobby operating system continues to maintain a 1% market share, despite decades of promotion by thousands of shrill advocates.

    1. Chemist

      "hobby operating system "

      That's the 'hobby' system that's used for most supercomputers, a good proportion of servers, most scientific computing, and a good/great proportion of embedded systems & phones ?

    2. Miek
      Linux

      To be fair Bob, I don't give a flying F... about market share; I just want to use Linux and that's what this story is really about; locking 'Open Source Advocates' out of the hardware that they purchase.

      B.T.W not all Linux users are Kidddies, unlike the Windows Wizard Jockeys out there. Anyone can click "Next, Next, Next, Finish".

  34. Anonymous Coward
    Anonymous Coward

    Microsoft Authorised/Registered Refurbisher? Excellent.

    I thought the official term was Microsoft Authorised Refurbisher, but apparently both apply, I like the concept so much that I've personally done around a half dozen of these things for friends, relatives, neighbours, from companies like Morgan (ok, Bentham these days) and others, and strongly recommend the concept for folks whose needs are relatively lightweight.

    The refurb HPQ DC7100 small form factor desktops currently widely available start at well under £100 (for an under-specced system admittedly) but they're built like tanks and last forever. Add a bit of RAM and a DVD drive and it's good to go, with either XP or SuSe (other Linuxes are available; the usefulness of your desktop Linux may go down as well as up. Your job may be at risk if you fail to keep to the corporate line on the OS of choice for the desktop.)

  35. RetroTom
    WTF?

    Real laws..

    Hardware should be required to ship with a functional, free open source OS by default.

    Commercial operating systems (including Windows) should be an optional purchase, to be installed by the user. (Insert CD, install away, not hard)

    This should apply to Computers, Tablets, Phones etc.

    The bundling and shady deals need to stop. The majority of people don't even need Windows, but are forced to pay for it because there are no other realistic options..

    Clauses like the one Microsoft are trying to enforce on device manufacturers should be illegal.

  36. Alistair Silver badge
    Linux

    UEFI signed boot lockouts.

    I'm not certain I'm following all the arguments about this issue at this stage of the game. What I'm betting on is that all we'd have to have "keys" for would be lilo or grub/grub2

    Since UEFI will be calling the bootloader, NOT the kernel or initrd

    That said, since there's a parallel argument here about linux on the desktop.

    I have under my administration at this time ~1350 linux servers, mix of RHEL4 and RHEL5, Proliant and Xseries stuff.

    Other than two or three occasions when I've had to update the base initrd for my kickstarts based on hardware, in the last 5 years I've had 3 systems (of that 1350) that presented issues during installation ... all three had obscure hardware problems (one a bad midplane in a DL780G5, two identical cases of an IBM disk controller that had a bad firmware update performed by the previous owner, yes - -they were indeed recycled)

    On the server world, my build times are (7 to 14 hours of paper work to get the box racked and cabled, 45 minutes of kickstart/cfengine preconfig, 17 minutes to install) and 2 reboots later I have a production ready box.

    I've three linux systems at home, one, my firewall, slack is old old old pc with several nics. It was a 2 hour setup to get it running as the firewall. No issues, but then there's bugger all running on it. One, our eldest's current personal system -- total of 45 minutes to install and get it running, no issues no problems no hiccups. The last one, mine, has been:

    Slackware, Gentoo, FC 15, Ubuntu.

    Only the gentoo install presented issues, ever, and honestly - - the issues it presented I created by trying to be creative.

    Linux also happens to run on my work laptop, with a corporate approved image, and almost (all) the corporate required tools. I have a windows kvm image for the ONLY bit that doesn't run in linux, and am contributing to the effort to port that remaining tool to linux.

    I've converted several folks who are not (heavy) gamers to linux systems -- and very rarely get support calls. And I can provide support over the net with an ssh session.

    Linux is quite friendly -- most times I've been called to help someone out with a linux desktop issue, they've precipitated the problem by deciding they know more than the OS tools do.

    And just in case you wonder; our eldest is a heavy gamer. Wine has come a HELL of a long way in the last while. I would not recommend Linux + wine + windows games to a complete noob, but I will recommend it to someone who has a good idea about basic computing.

    And -- well -- excuse me -- I have to go back to my Deus Ex now.

    1. C 2
      Pint

      A gentleman and a scholar!

      That is all.

    2. Miek
      Linux

      Alistair, I would recommend Cedega for running games under Linux. It worked rather well, but I eventually bought a console for dedicated gaming and watching blu-rays. I rarely boot into XP anymore and when I do it takes an age before it stop making popping sounds a display irritating pop ups in the notification area.

    3. Vic

      > What I'm betting on is that all we'd have to have "keys" for would be lilo or grub/grub2

      Yes.

      Where are you going to get those keys? If they're publicly-available, then the whole system falls flat on its arse - the malware makers could sign their bootloader with those keys, and then the rootkit sails straight past the "protection"[1].

      Or the key could be unavailable - in which case, you need to get Microsoft to sign every build of grub you want to use. Remember that grub2 is GPLv3, so they won't do this[2].

      The whole system is a joke - it doesn't prevent rootkits, just bootloader vectors. Given the capabilities available in all commonly-used OSes these days, it should never be necessary. But implementing it will cause endless grief for anyone trying to use their own property in any fashion slightly removed from the One Microsoft Vision.

      Vic.

      [1] Once again, I am using the term quite wrongly.

      [2] Aside from Microsoft's well-known dislike for the GPL of any flavour, GPLv3 explicitly requires *all* source and build materials to be included in a source distribution - which MS, as the distributor of the binary, would have to ship on. That includes the signing key, without which the binary could nor be built...

  37. vincent himpe

    i interpret this as :

    Microsoft says : We have windows 8 for ARM. If you as a device maker want to install it : here is our criteria : this amount of ram , this graphics , this type of boot ( locked down secure boot )

    Sounds like a fair demand to me.

    The hardware maker can sell the tablet with win8 preinstalled. You as a user may not be able to modify it.

    At the same time nothing provents the same hardware maker of releasing the same hardware with the bios lock disabled and android or linux installed. Or even a blank device. Nothing prevents them doing that.

    Microsoft could push it furthere and simply not publicly sell Windows8 installation medium. Just like apple is not selling install disks. You can only get OsX by buying approved hardware that comes with it preinstalled. Microsoft is demanding exactly the same thing with win8 on ARM. Approved hardware. in this case : lock in place.

    That lock does NOT prevent you from installing some other system. Simply apply the signed key for your distro and off you go.

    Part of the issue is that tablets are seen as 'appliances'. Just like a tv is an appliance. ( this, by the way, is how apple categorises their products too. They are appliances ) . You'd be amazed on how many TV's, laser printers, settopboxes these days actually run a linux kernel. Any TV that can play netflix or blockbuster streams actually has a linux kernel on board. You have ZERO chance of modifying that one. You can't even demand that they disclose the system. The documentation of the TV includes the usual GPL and LGPL statements and they tell you what linux build they use ( most of the time this is MontaVista ). And that is where it stops. The custom code that was built on top is NOT available). Besides the core used there is typically a MIPS in combination with a custom graphics engine. You want to code for those chips ? Here's a few NDA's to sign first... and some fees to pay to various groups like HDMI and MPEG and others. Even before we let you use the precompiled libraries or disclose the API to those.

    So what is next ? you are going to demand that you can install android on your TV-set ? or Laserprinter ? Sorry, ain't gonna happen.

    Just my 2 cents...

    1. Neil 7

      @vincent himpe

      I would interpret this as being a case of "markerting dollars" being used to bend the arms of the hardware vendors.

      Any vendor can ship an ARM tablet with Windows 8, but if they want to put the "Designed for Windows 8" logo on their box (and thus, benefit from the Windows 8 marketing dollars) they *must* lock down the UEFI Secure Boot feature and disallow the booting of alternative software.

      If, however, the vendor ships the Windows 8 ARM tablet while also allowing Secure Boot to be disabled (or updated with new keys), that vendor can't have the "Designed for Windows 8" logo and they won't benefit from the Microsoft marketing dollars.

      Doesn't this all sound rather familiar?

      Assuming I'm correct, and I think I am, this is all down to the presence - or lack - of the Windows 8 logo on the box.

      It's obvious then that the Secure Boot lockdown on ARM is *NOT* being enforced for technical reasons, and is not being enforced to improve the security of the Windows 8 OS (it's not, for instance, required on PC's). The lockdown serves only to prevent the installation of alternative software - which is surely anti-competitive - and the Microsoft marketing dollars are the greasing of the wheels.

      1. vincent himpe

        agree

        want win8 logo on box : lock bios down.

        But NOTHING prevents you from also selling an unlocked version WITHOUT win8 logo on the box . you could even pre-load android. Same identical hardware. Just a matter of a different flash image ( one flash image has uefi bios + win8 , other image has non uefi bios and android.

        Electronically NOTHING changes. same board , same chips. just a matter of what is stored in the flash .

        The problem is going to be the law of diminshing returns. Do we really wan to go through the effort of creating a different flash image , print an alternat box / manual and push it on the shelves.. where it most likely will be collecting dust. There are already so many tablets out there...

    2. Vic

      Re: i interpret this as

      Your interpretation is wrong.

      What this is saying is that if one of the component manufacturers - e.g. Foxconn - wants the Win8 certification label on its box, it must implement this strategy that gives Microsoft complete control over ever bootloader that ever runs on that board.

      Now it is true that said manufacturer could build two options - one with the label, one without. But that's additional overhead for everyone, and there is always the probability that someone will accidentally end up with something he didn't want. So it's downside all the way, unless you're Microsoft.

      So what's the commensurate upside for punters? Well, there isn't one, really.

      Vic.

  38. C 2
    Trollface

    How long until this 'signing key'

    ... is stolen, hacked or whatever.

    Micros~1 security = joke.

    1. Anonymous Coward
      Anonymous Coward

      I'm just wondering what it would take for someone/some group to create the inevitable distributed computing project to reverse engineer the necessary Microsoft UEFI Secure Boot keys (I'd happily donate all my available cores 24x7).

      Once that project is successful - and given enough compute power there's little reason to suspect it won't be - the UEFI Secure Boot feature as far as Microsoft is concerned may as well not be enabled, it will be wide open (to abuse, and to Linux). Do Microsoft really want this to happen?

      Not sure if the keys, once determined, will be subject to some sort of DMCA-type legal action although by then it will all be too late. Far, far too late.

      I also assume Microsoft could issue each manufacturer with a unique signing key, restricting tablets to manufacturer specific versions and builds of Windows 8. Maybe manufacturers will accidentally "lose" the keys as they always seem to do, again rendering the whole "locked Secure Boot" exercise completely moot.

      1. Ben Tasker Silver badge

        @AC

        I was wondering about that last night, but can't quite work out an easy mechanism for cracking it. I may have been missing something, but I figure you'd need to sign a boot image with Key A, see if UEFI accepts it, move onto Key B etc.

        May well be missing something as I've been a tad sleep deprived of late. Seems like a lot of hassle, but doesn't mean it won't happen.

        1. Neil 7

          @Ben Tasker

          Brute force would be one method - I assume the Microsoft key installed in UEFI BIOS can be extracted one way or another, and once extracted a brute force attack would eventually yield the signing key. Having to try and boot a signed OS to see if it's got the right key wouldn't be very practical though!

          Of course brighter minds may find shortcuts to determining the signing key, particularly if Microsoft and/or the UEFI designers used the same security geniuses as Sony... let's hope so - great for lols plus saving a lot of time and hassle. :)

          I guess the point is though that if Microsoft weren't being such total douche bags over ARM tablets, fewer people would seriously bother trying to crack their signing key, and any attempt to do so would not enjoy widespread popular support. Microsoft are baiting people and inviting them to blow their security wide open, this seems like a risk they think is worth taking. Can't say I agree though.

    2. Miek
      Linux

      @ C 2

      a bit like the "So you sank my battleship" sony debacle.

    3. Paul 129
      Devil

      That would work in MS favour

      They simply mandate a new set of signing keys for the hardware. Result, you still don't have access to the latest hardware, installation headaches as you have to discover what keys do actually work.

      MS can still say they aren't being anticompetitive. Look you can still install linux, it's not our fault that the PC manufacturers make life difficult for Linux.

  39. david 12 Bronze badge

    Certified for Windows

    I've never used 'certified for Windows' hardware, and I'm unlikely to start now.

    I wrote Windows software for years, on Windows PCs. The certification pocess has been around 15-20 years, and it's an important way for companies like DELL to diferentiate their hardware from the ordinary white box PC's I use.

    There is also a 'certified for Windows' software certification. Unlike Apple, MS doesn't control the supply channel, so 'certified for Windows' software is no more important than 'certified for Windows' hardware.

  40. Dave Bell
    Big Brother

    Other markets.

    Will I be able to install Windows 8 on a machine which doesn't have this secure loader feature, such as a machine I bought with Windows 7. Or a machine I assembled from parts?

    Will Windows 8 be available to small companies assembling computers from parts.

    Given that different countries have different laws on corporate structures, can Microsoft reliably distinguish between private individuals and businesses in setting their rules on who can do what?

  41. Anonymous Coward
    Megaphone

    Linux - time to step up to the plate, but who?...

    Luckily this is comment #160 or something, so the hail of bullets won't actually arrive...

    Microsoft is a hard nosed business and it's going ahead with this no matter what.

    The OEM's will all be on board, especially in this financial climate, with the hope that windows 8 will shift hardware.

    Bottom line, they will march to the microsoft drum regardless.

    So, it seems obvious to me, that the biggest players in Linux, if they actually give a damn, will need to step up to the plate and start talking to OEM's.

    I can't see this happening. Canonical with Ubuntu want to tackle the mobile device market.

    Suse - not even sure where they figure.

    RedHat - server only

    Who else is there?

    Just individuals passionate about Linux - and to be honest, I don't really care if anyone else installs Linux or not. Windows is good, Mac is good, Linux is good.

    It's not like I feel it should be my mission in life to convert people to penguin power, other than tell them how good it is.

  42. Coofer Cat
    FAIL

    Fails at stated purpose (except on Arm)

    As it stands, this completely fails to meet it's stated purpose. A properly secured OS can't be rooted unless you have physical access to the hardware. Since you need to physically on the hardware to install new keys, you gain absolutely nothing from this. Unless of course you have a poorly secured OS ;-)

    As for Arm systems, this approach actually does perform as advertised, although as noted, at the expense of Linux and any other OS.

    I suspect bodies such as the EU and others will hamper the attempt to completely lock Linux out. We may well end up with a situation where machines come with secure boot to Windows only, or have insecure boot (ie. the feature disabled, rather than changeable keys). Either way, all of this would be unnecessary if Microsoft could make a half way decently secured OS.

  43. blondie101
    Stop

    devestating for some dutch gov

    In the netherlands there is a large department that uses a secure memory stick as booting device to connect to the department's network. Personal equipment is used. This MS policy will harm all users big time when it starts to prevent officers to use their fresh bought laptop/pc to use this stick. If Dutch gov is wise they have to protect there investment now by stopping MS with this policy.

    1. Anonymous Dutch Coward
      Meh

      Dutch government wise?

      @Blondie101: Ehm.... well. That did give me a chuckle (sad one though)

  44. Herby Silver badge

    But there are OTHER boot methods which will be screwed up!

    In current systems (ones that have shipped for about 10 years), there are network boot procedures (PXE boot). Will these be "signed" as well. Now there are the floppies (if anyone uses these anymore), CD/DVD's and (as mentioned above) thumb drives. Lots of these will be broken if this goes through.

    So, this is generally a "BIG FAIL". What else is new?

  45. Nameless Faceless Computer User

    yea right

    Firmware signatures are less to do with "protecting" users from root kits and more to do with moving Windows Genuine Advantage to the hardware. Microsoft only does what benefits Microsoft.

  46. OnTheSpecialBus
    Stop

    WTF is all that noise in here ?

    Locking out Linux ?

    I have just been reading a Red Hat doc titled "GRUB and the boot process on UEFI-based x86 systems"

    It doesnt look too hard, for a fat fingered oaf like myself.

    Some of you flamers could probably do it too.

    So calm it down chaps, penguin power still appears to be an option

    Linkage for the lazy

    http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s2-grub-whatis-booting-uefi.html

    1. Vic

      > I have just been reading a Red Hat doc titled "GRUB and the boot

      > process on UEFI-based x86 systems"

      UEFI != Secure Boot.

      > It doesnt look too hard, for a fat fingered oaf like myself.

      If your system does not permit secure boot to be disabled, or you don't have the ability to add new keys, it isn't just hard, it's downright impossible.

      Even if you can - is this the sort of thing we want newbies to have to do?

      Vic.

  47. Dylan Fahey
    Paris Hilton

    And for our next trick!

    And for our next trick! No doubt you will soon have region codes like DVD/Blurays on your PCs. WHATEVER it takes for Hollywood/MS to screw a customer up.

    For Paris: I've had plenty of installs, maybe you've seen them on the interwebz?

  48. Anonymous Coward
    Anonymous Coward

    The point...

    ...is Microsoft is using Windows security as another excuse to block Linux. Wll it work? Who knows. It has not been implemented yet. Yes, I use Linux. Currently I am running Slackware on an Acer Aspire and a homebuilt PC. If this secureboot goes through then I may not be able to buy hardware, say next year, that I can install Linux on. Essentially, if we buy a PC or the hardware to build one we should have the freedom to install whatever OS we want on it.

    Consider all the threats to Windows - viruses, trojans, key loggers, etc. They infect a Windows system when it is actually running, not before it boots. I may be wrong here and if I am I am sure someone will correct me. So, this Secureboot issue seems to be more about locking out other operating systems rather than fixing Windows security. That's my opinion and I'm sticking with it unless someone can prove otherwise. This is backed up by the fact that Microsoft do not appear to have said, yes, add the function to be able to disable this secureboot, unless I have missed something somewhere.

    I have only ever had 2 prebuilt PCs and they were back in the early/mid nineties. Since then I have built my own. Perhaps it will be possible to buy motherboards on their own with this function disabled, or with the ability to disable it. We do need to know what manufacturers are going to do about this instead of speculating on what may or may not happen. Yes, maybe the EU will put a stop to it, and maybe the US will get the locked down motherboards while Europe (and maybe the rest of the world) get fully functional ones. I do think that this may come under the heading of anti-competitiveness but we will have to wait and see.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019