Hi,

I am not sure about the admin structure of 'UEFI'. Arm has been a member since 2008;
As to your analogies, to me that was absurd. No one was talking about driving or other wise. You are not going to dictate designs to a manufacture. If market drives the need for design changes then possibly things can be aligned or changed.

As I have said to others: Your choice to buy or not. If the device supports user defined exemptions then great. But if you purchase something and it does not allow secondary usage or alternate use then you either default the device(possibly junk it) or return it. Your purchase of a known controlled closed environment does not give you any rights to demand it service your needs. Cry foul all you want, it will not change things.

Yup, you can't exactly stop him from stealing the disk drives. (But in some secure data centers, those drives are encrypted and locked to a particular disk-controller serial number.)

But you know, a lot of pragmatic security just comes down to putting even a very slight obstacle in the way. A friend of mine in high school kept a very expensive 12-string guitar in a cardboard case with the tiniest padlock imaginable. The lock was put there, he said, "to keep the honest people out." There are many stories of "pizza-box cat burglars" who stole from houses, even houses with very fancy burglar-alarms, just by trying the front door and seeing if it was unlocked. It often was, and the fancy-pants alarm system was turned off. They took whatever they could find in the first couple rooms and popped it into the box (which actually contained a pizza).

There is nothing to stop me removing Windows and installing Linux, or dual-booting the two OS's, on an x86 device. So I'll ask one more time: WHY should it be any different for an ARM device?

Hi,

Purchase one you can have selective choice and have the options to update or add keys. If you choose one with Microsoft Win/8 then you will not have the choice to modify for a alternate OS. As stated before, buy one that allows the UEFI user control.

You haven't answered the question: why should ARM be any different from x86? As for choosing to buy something that allows UEFI user control, that may be near impossible if Microsoft has the same influence over ARM device manufacturers as they have in the PC field. It would be in their interest to get a lock-down on all new x86 computers sold, too.

Hi,

So in your mind all ARM devices will be secured. Not so! There are loads of other major market share companies that will have ARM based devices other than just Microsoft. I have answered your question. You just fail to realize that not every device will be locked. Speculations & fear, that is the trap you are falling into. Thus spreading FUD!

Brian, you are the provocateur that you attempted to label me as.

Other ARM providers will be using hardware designs with ANDROID/Propriety OS thus the problem is non existent so no lock out. That is unless they too decide differently. Some ARM devices had to be jailbreaked to use but that too was not a big problem except for warranty.

No matter how much you openly complain about Microsoft locking ARM devices designed to work with Win/8 there will be no change. And in my mind there is no need. At this point I will not need to purchase a ARM based Windows/8 Netbook,Notebook system. No need or purpose to use value based Netbook/Notebook at this time.!

Openness for x86 arch system has continued from the onset thus the reasoning for continued openness for the design. That doesn't mean all future x86 systems will have the BIOS extensions to openly allow a user choices. At present there will be secure boot OEM for the x86 designs but to date that will have BIOS extensions to enable/disable. This latter point will allow a user to provide/generate keys for other OS.

Hi,
Of course 'UEFI' will prevent the night operator from booting with his/her Win/8 boot media. Public part of the pk(platform key) in the firmware will not allow the boot. The 'UEFI' can have additional exchange keys(kek) in the firmware which is a signature database. This database contains public keys to be used to verify different components that may be used by UEFI: drivers, boot-loaders and other OS that may be allowed to load from external sources(disks, network,USB or whatever is allowed by 'UEFI').

This database also has the means to provide revocation(s) within the database via 'forbidden signatures' that are stored and provided by UEFI organization. This list contains both authorized and forbidden signatures.

I suggest that you look at Versions 2.0, 2.1, 2.2 and 2.3 of the 'UEFI' Specification. Current is 2.3.1 with errata.

'UEFI' protocol is nothing like the BIOS of old.

HTH!

Unfortunately, most vendors don’t have the option of getting a PC with Linux preinstalled or without an OS. Though, Dell and HP have some options for PCs that come with Linux preinstalled, and they don’t throw in any Linux-installation hurdles on their other PCs. There’s even a Python program called PyAlienFX, for controlling the cool AlienFX lighting system on the Alienware laptops, you guessed it - in Linux!

Yes, I realize this is an old thread. I just came across it when I was searching for a thread about handing out Linux CDs at work.

Well, since raising the dead necro thread.

On my Windows 10 motorcycle tuner laptop. I had to learn about turning off hibernate in Windows so my Linux persistent usb could mount and read the ntfs files.

Seems Windows 10 wanted to lock me out with sneaky snarky functions.

I read an opinion piece today which, while I don't entirely agree with it, gives some nice perspective to the idea of MS monopolies.

https://m.theregister.co.uk/2017/03/...rosoft_on_arm/

When "necro" threads come back to life, I hear [Michael Jackson's] Thriller in the background ... (or this shorter version) complete with Vincent Price and the video actress's wonderful screams. (In the video, that's about all she had to do, but she did it so very, very well.)

Actually, UEFI came out of industry demand. In the wee hours of the night, operators might have the machine room all to themselves, and they might in fact be industrial spies. They shut down a machine, reboot it from a USB stick so that it runs an altogether different operating system, then suck data out of (or, install software into) the now-defenseless machine before again rebooting it back into its "normal" OS. UEFI makes this "caper" considerably more difficult to do, but still not impossible.

Also, by taking a more active – and suspicious – role in the boot process, this firmware can also catch some mistakes. (And, when you're onboarding hundreds of computers in a single day, you can will make mistakes.)

- - -
Trivia: some friends of mine decided that, for a Halloween party, they would perform Thriller. After several weeks of practice, they had sort-of mastered ... forty-six seconds of it.

When I first trialed linux, it was on a windows computer. When I bought it, my knowledge of computers was limited to about "New computer == new windows"
If that windows computer had a unchangeable secure boot and prevented linux from being installed... I would never of learned anything about it.

It's easy to say users should know stuff like that.. when you're already aware of them.

I am one of those that never starts a new pc or laptop that has windows, I usually first boot up off linux live and delete what ever is on the drive using a partition editor(like gparted) then install what ever distro I like at the time...

If I want windows it would have to be through a virtual machine but then wine or some other method will run a windows app if I need one, which I haven't bothered trying to do except with silverlight...

As for uefi, I have installed systems for others and don't normally have any issues...

But then 2 other people I have trained with linux, do all that now, I just get calls at the most unusual times, asking what was misssed...

I would like to know(as I have been away from the internet for a few years), why windows has so many followers still?

You're confusing/conflating UEFI and Secureboot, but I digress.

And what you have posted is just the "textbook" problem/reaction/solution rationale behind this. If you really want to stop someone plugging in a USB stick and booting a different OS, you could use BIOS password protection and disable booting from USB (or better yet disable USB altogether), but either way if there is physical access to the PC, the data can be stolen unless sophisticated encryption is used. All of this still doesn't explain why home user desktop or laptop PCs and tablets need this kind of protection? It doesn't explain why one needs what is a "mini OS" running subliminally or crap like IME/PSP running "out of band" on x86 hardware. 99% of BIOS was useless on modern systems, most of what the end user saw/needed of the BIOS was in configuring/disabling devices/boot. Once the OS is booted, the traditional x86 BIOS releases control of devices/resources. So in fact things should have gotten a lot simpler - in fact we have even more needless complexity...

Secureboot is a feature of UEFI. Microsoft are on the board of the Unified EFI Forum along with it's OEM partners and it's Microsoft pushing secureboot and using it in it's Windows OS from 8.0 upwards on machines supplied by these vendors and it's Microsoft forcing it to be enabled on windows 8.0 certified ARM devices with no way to turn it off.

In the words of one notable security expert - UEFI is "nefarious".

Because desktop linux is a pain in the ass. Vendor support, while getting better, is still nowhere near the levels to make linux more than a "niche market" O/S for general day to day use.

Windows just plain works.

Should everyone switch to linux, maybe, but that'll never happen until there's a single "dominant" distro that's aimed at consumers rather than fanboys. And when a single distro becomes dominant enough that software and hardware vendors support that distro there will be a mountain of claims that DeskSlaxTuTux(tm) linux is "abusing it's market share".