LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 09-21-2011, 03:54 PM   #16
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 327Reputation: 327Reputation: 327Reputation: 327

Google does exactly the same thing with the Chromebook (Linux-based, obviously). They provide a hardware switch, under the motherboard battery, to disable secure boot. That lets you run any other Linux, but obviously not Windows or ChromeOS. Apple will likely follow suit with their machines (I don't believe any Apple hardware uses secure boot today).

So every OS has a hardware vendor that uses, or will shortly use secure boot. What needs to happen is that the ability to disable secure boot has to be user accessible and publicly available information (as is the case with the Chromebook). That's where market pressure needs to be applied.
 
Old 09-21-2011, 04:05 PM   #17
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.16.2
Posts: 1,566
Blog Entries: 13

Rep: Reputation: 178Reputation: 178
Next thing it'll be illegal to have a non-UEFI machine with secure booting disabled... Homeland Security will probably conclude that Linux users are security risks and potential cybercriminals; in fact wasn't there something to that effect in the news a few months ago?
 
Old 09-21-2011, 04:14 PM   #18
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 327Reputation: 327Reputation: 327Reputation: 327
I think it's highly unlikely that secure boot will become mandatory. It's purpose is to protect the end-user from malicious code, and it does this very well. However, development still needs to occur, and there are millions of developers. Forcing the requirement for secure boot means that development stops - every test kernel (any OS) is not going to get some corporate exec out of bed to get the signing key out of the vault.
 
Old 09-21-2011, 04:35 PM   #19
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
It's TCPA all over again. It will probably not be implemented, or will be implemented in such a form that it can't block non-Windows installs. As long as the right groups argue again, it will go away. Until the next time MS want to block our freedoms.
 
Old 09-21-2011, 05:11 PM   #20
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by mostlyharmless View Post
Next thing it'll be illegal to have a non-UEFI machine with secure booting disabled... Homeland Security will probably conclude that Linux users are security risks and potential cybercriminals; in fact wasn't there something to that effect in the news a few months ago?
That certainly did come to mind, and I think that they may be planning this, along with the internet e-ID, and making sure your computer is safe to go on the internet ... you know that it runs Window$.
 
Old 09-21-2011, 05:13 PM   #21
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by mipia View Post
Thoughts? Ideas? Interpretations?
If hardware is physically accessible, any such feature can and WILL be bypassed or disabled. Excessive DRM will result in lost sales.

Quote:
Originally Posted by macemoneta View Post
Think of it like GPG encryption. The implementation is open, but that doesn't provide any access to encrypted data.
The article doesn't talk about encryption, it talks about signatures. Signatures != encryption. In case of signature there will be a subroutine that checks the signature for being acceptable and allows or denies execution of signed code, which is unencrypted. This subroutine can be hacked into always allowing launch. If I remember correctly, similar mechanism has been implemented on symbian, and it was bypassed - there are ways to turn off certificate checking.

Quote:
Originally Posted by macemoneta View Post
Attempt to tamper with the motherboard chip, and the machine is now permanently unable to verify signed software.
This sounds nice in theory, but in reality most likely somebody will steal encryption key from Microsoft and publish it on the internet, as it happened with AASC encryption key. If hardware vendor will provide ability to upgrade built-in key, then the upgrade will be done via some kind of program, which can also be reverse-engineered, which means it will be possible to install different key into firmware. The whole endeavor is a waste of time. If they want unbeatable signature mechanism, they should make hardware physically inaccessible to user.

Quote:
Originally Posted by mostlyharmless View Post
Next thing it'll be illegal to have a non-UEFI machine with secure booting disabled... Homeland Security will probably conclude that Linux users are security risks and potential cybercriminals; in fact wasn't there something to that effect in the news a few months ago?
Sounds like paranoia to me. If this will happen, I'll surely have a good laugh. Anyway, this won't affect the rest of the world.

Last edited by SigTerm; 09-21-2011 at 05:14 PM.
 
Old 09-21-2011, 05:35 PM   #22
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.16.2
Posts: 1,566
Blog Entries: 13

Rep: Reputation: 178Reputation: 178
Yeah just a little flame baiting paranoia, H TeXMex H shouldn't have all the fun, heh, heh..
 
Old 09-21-2011, 07:08 PM   #23
justwantin
Member
 
Registered: Aug 2003
Location: Melbourne, Australia
Distribution: Slackware, Slackware ARM, Salix and Porteus
Posts: 567

Rep: Reputation: 45
My first thought is will UEFI mobos become something sold exclusively in all countries around the world?

Probably not until a long time has passed by and win8 is history.

Why, because there are too many people in too many other countries who for many reasons (including financial) will not be purchasing the hardware and software meeting UEFI requirements. Not to mention the fact that the powers that be in countries such as India, PRC and Brazil will not be inclined to allow this to be somehow mandated or implied by law.

Maybe it will be shoved down the throats of N. America or survive a challenge in the EU. That's the market it is intended for.

I'm no expert on these matters but I think, if anything, it will, intentionally or not help to retain the MS home user customer base who don't think about these things, who think the computer is not working of they lost their internet connection and who are more inclined to purchase a complete new setup than just replace periphials. If any of them turn "Neo" and want try something else they won't be able to. As an added attraction the UEFI machine will be more "secure", i.e. less bothersome to Redmond.

Additionally, look what happened with XP's extended run because big business was not willing to embrace new software with new hardware requiremnts not to mention the fact that win8 is going to be a very big change to user interface. Rection against ribbon menus was bad enough; put all the receptionists and secretaries in front of Win 8 and see what they say.

I can remember businesses not upgrading to win 95 because staff refused to change from word perfect to word and I also remember typists who complained bitterly about having to use software with a mouse because it was slow compared to just using the keyboard. Change outside of the server room takes allot longer for the majority of the corporate world.

This isn't going to happen overnight, by the time it becomes widespread, if it does, there will be workarounds/hacks, and in the interim time non UEFI hardware will still be available because it will be manufactured for outside N. Am. and EU markets by the same people manufacturing for sale in the N.Am and Eu markets.

Last edited by justwantin; 09-21-2011 at 07:11 PM. Reason: tyop
 
Old 09-21-2011, 08:36 PM   #24
jefro
Guru
 
Registered: Mar 2008
Posts: 11,967

Rep: Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484
I tend to use virtual machines so I almost never dual boot. I use a dedicated OS or a VM.
 
Old 09-21-2011, 08:58 PM   #25
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,098

Rep: Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538Reputation: 1538
I tend to think that TobiSG is on the right track.

I think I shall write my Congress critters and the FTC tomorrow.
 
Old 09-21-2011, 11:17 PM   #26
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,390
Blog Entries: 3

Rep: Reputation: 1480Reputation: 1480Reputation: 1480Reputation: 1480Reputation: 1480Reputation: 1480Reputation: 1480Reputation: 1480Reputation: 1480Reputation: 1480
Hi,

Too many people have their heads in the cloud. Literally!

Microsoft, Google and others are trying to get control and remain there in the clouds. Locking things up so no one has the key. Buyer Beware!
 
Old 09-21-2011, 11:44 PM   #27
RedNeck-LQ
Member
 
Registered: Jan 2011
Posts: 83

Rep: Reputation: 11
Microsoft can do whatever they want. It doesn't affect me, I stopped using windows eons ago. HAHAHA

Anyway, whatever OS that goes into the VM won't have access to the real hardware of your system. So for those who like using both windows and linux, you need to choose and weight the options.

Last edited by RedNeck-LQ; 09-21-2011 at 11:59 PM.
 
Old 09-22-2011, 02:37 AM   #28
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
I have merged the two identical threads together.
 
Old 09-22-2011, 03:29 AM   #29
magiknight
Member
 
Registered: Oct 2003
Posts: 37

Rep: Reputation: 4
Do you know what is awesome about this? If those Windows *edited*people*end edit* (yes all you guys and gals who wanted flashing the bios support directly from windows) never got their way, we would never see this type of stuff. But people were too lazy to you know reboot and use a floppy or a usbkey to boot to flat mode and actually flash there BIOS, so now we have this shit to deal with.... thanks *edited* people *end edit*!

Last edited by Mara; 09-28-2011 at 01:31 PM. Reason: Removed bad language.
 
Old 09-22-2011, 06:55 AM   #30
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by macemoneta View Post
It took 5 years for the PS3 key to be discovered, and only then because of a flaw in the implementation they used. And that's only a single platform.
Somehow you forgot that PS3 is a proprietary closed hardware system, while on PC we have open architecture, which has such things are replaceable RAM, etc. This makes it much simpler to hack.

P.S. I have impression that there are too many paranoid people.
 
  


Reply

Tags
microsoft, uefi booting, windows 8


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
UEFI and BIOS: What is it really? cruiser General 10 09-27-2011 12:18 PM
Has anyone got UEFI working? BeaverusIV Arch 2 07-31-2011 07:47 AM
LXer: Shaping the future of secure Ajax mashups LXer Syndicated Linux News 0 04-04-2007 10:46 PM
secure booting of linux vijeesh_ep Linux - Security 4 08-15-2004 12:55 PM
Booting up with Linux Secure and a blank screen mykyl Mandriva 0 03-02-2004 12:25 AM


All times are GMT -5. The time now is 04:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration