"Linux Developers Step Up to the Secure Boot Challenge"
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Given Microsoft's past behaviour one could make a case for a "hidden agenda".
1) back UEFI (done)
2) back SecureBoot (done)
3) make sure all UEFI BIOSes incorporate SecureBoot (done)
3) strike deal with ARM manufacturers so their SecureBoot BIOS only boots Windows (almost there)
4) strike deal with desktop OEM's so that their SecureBoot BIOS only boots Windows (pending)
5) strike deal with desktop motherboard manufacturers so that their SecureBoot BIOS only boots Windows (pending)
6) strike deal with server OEM's so that their SecureBoot BIOS only boots Windows (pending)
7) strike deal with desktop motherboard manufacturers so that their SecureBoot BIOS only boots Windows (pending)
8) 99.9% of all "PC" and related servers now only boot Microsoft products.
Have they considered it? Probably.
Is it practical? No.
Could it be practical as far as step 4? Yes, possibly even step 5.
It starts to break down on the server market. Then there would be the inevitible legal hurdles such a strategy would entail and the costs involved. Another very practical obstacle to trying to implement such a plan beyond the OEM desktop.
NyteOwl, your step 7 is redundent. If it ever gets as bad as all new desktop motherboards being pre-locked to Windows, then vendors like System76 are going to have a lot more customers. I know that we Linux/BSD/other OS users only make up a small percentage of the desktop market, but there are enough of us around to where such a thing will not be possible.
Also, since most web servers run something other than Windows, I really can't see any server motherboard manufacturers implementing the secure boot crap. In my opinion, the SecureBoot/RestrictedBoot crap really isn't necessary to begin with. It's just another way for MS to make money without actually making a product.
Also, NyteOwl, there is a bit of practical reality here. If "99.9% of all servers now must boot Microsoft products," then a very significant percentage of those servers have just become ... unmarketable!
Linux, BSD, and several other "non-Microsoft" operating systems are, and always will remain, "legitimate and necessary operating systems" that there is, and always will be, a fundamental requirement to be able to run. And, to run with "secure boot" capability. (In other words, "if I have a legitimate business need for secure boot ... and I do ... then I have that need, regardless of which particular operating system I am talking about.
Walk into any server-farm on the planet, and it is extremely likely that you are looking at machines, side-by-side with one another, who are running many different operating systems (and versions thereof). The need to be able to guarantee that a bored (or clandestine) computer operator cannot hijack a system by rebooting it from an unauthorized DVD-ROM at 2:30 in the morning is a very legitimate business concern which actually has nothing at all to do with "Microsoft" or "Windows."
There are laws coming down, in all sorts of businesses including but not limited to health-care, that say that you must be able to guarantee this. And time is running out to prove compliance.
Last edited by sundialsvcs; 07-24-2012 at 05:47 PM.
brianL, too much misinformation by the commentators to the article. Both articles are helpful and do reveal the on-coming issues for some hardware vendors that stick/set the secure boot. Most still provide the means for a BIOS compatibility but when will that no longer be available?
People do not understand that 'UEFI' & 'Secure Boot' are different animals. 'UEFI' is a protocol that does provide the provision for 'Secure Boot' protocol for hardware.
Windows 8 logo? Why not some new logo, independent of any individual company?
Because nobody would care for such a logo. Microsoft is the biggest fish in the pool, so the hardware manufacturers will use their logo.
The requirements for the Windows 8 logo for x86 hardware clearly state that it must be possible to deactivate Secure Boot and to add your own keys if you don't want to disable it.
It may sound ironical and somewhat odd for a Linux user, but buying Windows 8 hardware is in this case the only way to go to make sure that Secure Boot actually will not prevent you from installing the OS of your choice.