Do I want to? No. Do I have a choice? Also no.
So I have to make the best out of it and that works only if I go and study the great white shark and its rules. You can be sure that they don't make this rules for the benefit of Linux. They make it because of two simple things:
1. Don't mess with antitrust laws, especially in the EU.
2. Many of there larger customers have the option to downgrade their licenses. If they need more licenses they will buy Windows 8 licenses in the future, but have the right to use Windows 7 instead. Now try to install Windows 7 on hardware where you can't disable Secure Boot.

I can't see where it is against GNU/Linux principles to buy hardware that has a logo on it that indicates that you can be sure that you are able to install GNU/Linux on it. It doesn't matter if this logo comes from Microsoft or a different third party. What would be the difference if a logo with the same requirements would come from the FSF?

Another thing:
Secure Boot is meant to make a system more secure, but it can be easily disabled. Waste of time, isn't it?

Not really. If I have physical access to your machine then no machine is secure, I can just rip out your harddisk and steal your data (assuming that it is not encrypted). But you can't disable Secure Boot from a running OS, which will prevent that malicious software can link itself into the boot process (root kits or similar). Also, in corporate environments you can be pretty sure that there will be a BIOS (UEFI) password that prevents you from simply disabling it.

Anyway, this debating is speculative. We'll have to wait and see. I'll remain sceptical, but admit I was wrong if everything works out OK.

OK. Will it allow dual boot? I think it will
kill linux, not because of FUD, but because
it makes it a little bit harder.

Easier is what we need. Not harder. Bye Bye.

Member Response
 

Hi,
Yes, for informed users that do not fall for 'FUD'. Secure boot will not kill Linux.

How is it harder? User doesn't wish to read information to allow the choice of proper hardware & configuration. We call that laziness!

I think I must be missing something.

I have been confused throughout this whole Secure Boot debate about why those who don't like it can't simply purchase one of these or something similar, instead of going down to their local Costco/RadioShack/OfficeMax/etc. and purchasing a computer there. Open source hardware seems to be the logical choice if one is hoping to run open source software, to me at least.

It's a mistake to present Secure Boot technology as "an obstacle" which has been tossed into the way of The Freedom Lovers by the Evil Empire.

Secure Boot is an attempt to thwart root-kits. It is therefore of equal importance to Linux and to Windows, and for precisely the same reasons. Yes, it relies heavily upon the integrity of cryptographic root-keys, as do all other systems of their kind.

Obviously, Microsoft can't control what kind of operating-system a particular computer might need to run. Businesses (including Microsoft itself) "need to run" Linux, "too." The only thing that they wish to enforce is the prerogatives of the system owner to only permit known operating systems to be booted on the device.

The problem here is literally the industrial spy or assailant or god-knows-what who, in the guise of a young kid, who hires on for the job that nobody wants: third-shift sysop. He's got a USB stick in his pocket and he knows how to use it ... shutting down a Windows server, booting up a Knoppix linux on the same hardware, and surfing the computer's hard drive at his leisure because the security and the vigilance normally provided by the "intended" host operating-system (it could be "another Linux," after all ...) no longer exists. He siphons away the information, unplugs the USB stick, hits the reset button and in a few moments there is no obvious evidence of his crime.

This happens to be an extremely significant attack-vector, very plausible and real, which must be guarded against. Secure Boot is an important step in that direction, and both Windows and Linux (and every other potential "legitimate guest") must support it securely.

(Let me put it this way: "This vector is as devastating as a root-kit ... of course it is an excellent way to install a root-kit ... and it is potentially undetectable." In a world in which computer systems are profoundly trusted with matters directly pertaining to "human health and safety," this is unacceptable and dangerous.)

This is an absolutely brilliant post - the most convincing and well-researched argument in favor of Secure Boot that I have seen thus far.

Moderator Response
 

@Yukon

Please do not form attacks or form posts with the intent of baiting to start a flame war. Be respectful with your post.

You are violating the LQ Rules;In the future, please re-read your composed post before submitting. One thing to have firm believe(s) but you should have consideration & respect for fellow LQ members thus forming a considerate, constructive post.

You should consider researching 'EFI', 'UEFI' and 'secure boot' since it seems you are not informed on the subject at hand as related to the Gnu/Linux community. Nobody has stated that Gnu/Linux will die because of 'secure boot', except for the uninformed and people who rely on 'FUD' thus not knowing what to do and how..

Please remove the masked vulgarity in your post. If you don't edit the post satisfactorily, I will remove the post entirely. Not censoring either, this is a moderated forum and you agreed to abide by LQ Rules.

Now this statement is all too true and the worst part of the whole thing. They are bad laws and ill conceived too.

Why is there such faith in rules and laws? Do you not think the " kid with USB" will have a bootable signed system? Or that the malfeasance will be authorized? Or that the amateur will simply remove the drive, clone it and return it, just as a forensic expert would do? I'm not saying that it isn't sensible to take security precautions, but this sort of thing isn't really addressing the problem.

I have been studying for about 3 to 4 weeks on anything I could find on this UEFI and I'm just glad that men are working on this.
One of the company's that design these UEFI System Partiions is Insyde
http://www.insydesw.com/

I found these articles of intrest as well.
http://www.zdnet.com/blog/open-sourc...d-fedora/11187
http://www.extremetech.com/computing...os-replacement

The Linux Foundation had some say about this as well and made a PDF
http://www.linuxfoundation.org/publi...open-platforms

I look at this UEFI and Secure Boot issue as a challange not evil. But I do see where some individuals can find it a wee bit negative and the act of manufacturing for pure profit. It's even possible that this may be some type of 'control' used for the future.

However; every man must support himself and his family but it is what he is practicing/making/manufacturing that is what deems this practice good or bad-

My previous post was primarily to illustrate how such a "conspiracy" might be orchestrated not that I necessarily thought there was one. Though I have no doubt that Microsoft hopes this will discourage people from using something other than Windows.

Secure Boot, like TPM before it, is a piece of technology designed to help solve a specific set of problems.Yes, like all technology it can be misused but properly used has some significant benefits. TPM didn't hurt Linux and this isn't liekly too either.

And if all the hand wringing and wailing would stop for a minute and people think, than all that might really be needed is a reputable Linux entity (the Linux Foundation or OSI for example) to step up an offer a secure key service to distribution authors, that don't want to use a self-signed key, and say OEM's. Then Linux wold have its own "certified" keys rather than relying on Microsoft's.

There are numerous options but it's mostly a tempest in a teapot (though I think the MS deal with ARM based OEM's is a bit over the top).

I don't think that it is realistic for Microsoft to "discourage people" in this way ... the notion just isn't credible. No one with Linux installations in-place is going to "convert" those systems to the entirely non-equivalent Windows OS. This is technically inconceivable.

But, yes, there can't just be one cryptographic root-key, owned by a particular software vendor. You do want to minimize the number of authorized-issuers in any such system, obviously.

The Achilles Heel that I perceive in this system as-designed right now is that you need to be able to lock a system to a particular OS-build ... a company needs to say, "Windows Version 1.2.3 As Customized By Us on August 22nd," and none other, may be installed on our machines. All without creating hideous complications for their infrastructure teams. I'm not sure how well this architecture is going to play out in practice, nor how widespread it will actually become. In a year or two, we'll all know.

UEFI worry
 

I must say I enjoy all the feedback I got from
my initial posting of worry, and agree with much of
it, but until someone comes up with an open solution,
I retain my view. Over the long haul, and because
of MS cunning, Linux will become even more
of a specialist thing. NOT Good.

Thanks to the person that mentioned the effort at

http://www.insydesw.com/

which I will check out now. Happy trails!

BTW, very good point about the Achilles heel
mentioned below. *Windows* people are
going to be unhappy about upgrading
all the time, also.

-jae