"Linux Developers Step Up to the Secure Boot Challenge"
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It's really not a "hidden agenda," as long as the technology (a) actually works, as verified by peer-review; and (b) can be used by other operating systems.
We have a genuine business need, when constructing "trustworthy" computing environments, to be able to control the entire software environment, including the built-in (flash...) ROM software.
Given Microsoft's past behaviour one could make a case for a "hidden agenda".
1) back UEFI (done)
2) back SecureBoot (done)
3) make sure all UEFI BIOSes incorporate SecureBoot (done)
3) strike deal with ARM manufacturers so their SecureBoot BIOS only boots Windows (almost there)
4) strike deal with desktop OEM's so that their SecureBoot BIOS only boots Windows (pending)
5) strike deal with desktop motherboard manufacturers so that their SecureBoot BIOS only boots Windows (pending)
6) strike deal with server OEM's so that their SecureBoot BIOS only boots Windows (pending)
7) strike deal with desktop motherboard manufacturers so that their SecureBoot BIOS only boots Windows (pending)
8) 99.9% of all "PC" and related servers now only boot Microsoft products.
Have they considered it? Probably.
Is it practical? No.
Could it be practical as far as step 4? Yes, possibly even step 5.
It starts to break down on the server market. Then there would be the inevitible legal hurdles such a strategy would entail and the costs involved. Another very practical obstacle to trying to implement such a plan beyond the OEM desktop.
NyteOwl, your step 7 is redundent. If it ever gets as bad as all new desktop motherboards being pre-locked to Windows, then vendors like System76 are going to have a lot more customers. I know that we Linux/BSD/other OS users only make up a small percentage of the desktop market, but there are enough of us around to where such a thing will not be possible.
Also, since most web servers run something other than Windows, I really can't see any server motherboard manufacturers implementing the secure boot crap. In my opinion, the SecureBoot/RestrictedBoot crap really isn't necessary to begin with. It's just another way for MS to make money without actually making a product.
Also, NyteOwl, there is a bit of practical reality here. If "99.9% of all servers now must boot Microsoft products," then a very significant percentage of those servers have just become ... unmarketable!
Linux, BSD, and several other "non-Microsoft" operating systems are, and always will remain, "legitimate and necessary operating systems" that there is, and always will be, a fundamental requirement to be able to run. And, to run with "secure boot" capability. (In other words, "if I have a legitimate business need for secure boot ... and I do ... then I have that need, regardless of which particular operating system I am talking about.
Walk into any server-farm on the planet, and it is extremely likely that you are looking at machines, side-by-side with one another, who are running many different operating systems (and versions thereof). The need to be able to guarantee that a bored (or clandestine) computer operator cannot hijack a system by rebooting it from an unauthorized DVD-ROM at 2:30 in the morning is a very legitimate business concern which actually has nothing at all to do with "Microsoft" or "Windows."
There are laws coming down, in all sorts of businesses including but not limited to health-care, that say that you must be able to guarantee this. And time is running out to prove compliance.
Last edited by sundialsvcs; 07-24-2012 at 04:47 PM.
brianL, too much misinformation by the commentators to the article. Both articles are helpful and do reveal the on-coming issues for some hardware vendors that stick/set the secure boot. Most still provide the means for a BIOS compatibility but when will that no longer be available?
People do not understand that 'UEFI' & 'Secure Boot' are different animals. 'UEFI' is a protocol that does provide the provision for 'Secure Boot' protocol for hardware.
I'm still not convinced. I still regard Secure Boot as a potential threat, interfering with peoples' rights to install whatever operating-systems/distros/software on whatever hardware they want.
I'm still not convinced. I still regard Secure Boot as a potential threat, interfering with peoples' rights to install whatever operating-systems/distros/software on whatever hardware they want.
Windows 8 logo? Why not some new logo, independent of any individual company? You might be willing to trust Microsoft, but I wouldn't. It could all end up as restrictive as their EULAs.
Windows 8 logo? Why not some new logo, independent of any individual company?
Because nobody would care for such a logo. Microsoft is the biggest fish in the pool, so the hardware manufacturers will use their logo.
The requirements for the Windows 8 logo for x86 hardware clearly state that it must be possible to deactivate Secure Boot and to add your own keys if you don't want to disable it.
It may sound ironical and somewhat odd for a Linux user, but buying Windows 8 hardware is in this case the only way to go to make sure that Secure Boot actually will not prevent you from installing the OS of your choice.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.