LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 10-04-2012, 06:17 PM   #46
ukiuki
Senior Member
 
Registered: May 2010
Location: Planet Earth
Distribution: Debian
Posts: 1,030

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371

It is all about control, who control who through what. It is their brand new control toy for sure, don't be naive, even if they say, "oh you can disable it", that is just a ground been prepared for later on. Every coin has 3 sides, and people normally don't pay attention to the 3rd side. Threats aren't to be detect, until is too late. Fences are been built around, you can see through it but if you jump over it well...
Then the fences get electricity, barbwire, you name it. At the end you will be locked, in or out, still locked.

"Lets control the computers, the internet, so the people will be controlled too." That is their(governments, corporations) plan, if you can't see it, you have been controlled already.

Regards
 
Old 10-05-2012, 05:34 AM   #47
mtx329
LQ Newbie
 
Registered: May 2012
Distribution: Slackware / Windows
Posts: 4

Rep: Reputation: Disabled
If Microsoft wants UEFI then so be it. There will be countless ways to bypass this, since security is not a strong point of this company. And how can one pretend UEFI is for security reasons anyway? They simply try to lower the piracy rate of their systems which is a total failure.

Furthermore, no one should be able to decide what's best for you. You pay for a PC and you should be able to do whatever you want with it, that includes installing a malware filled system. You do it at your own risk.
 
Old 10-05-2012, 06:49 AM   #48
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,650
Blog Entries: 2

Rep: Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095
Once again, UEFI is not the same as Secure Boot. Also, Secure Boot can not be used to prevent piracy, since the copied bootloader is still signed. By the way, it is their good right to prevent people from circumventing their license. If you don't agree with that license than don't use it, in the same way you are not allowed to circumvent any other license,like the GPL.

Besides that is it a non-sense argument that it is your right to install a malware filled system. Don't get me wrong, if you want you can do that, but then disconnect that machine from the net, so that it doesn't fill our mail accounts with spam or is used to attack our servers.
 
Old 10-05-2012, 10:28 AM   #49
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,445
Blog Entries: 4

Original Poster
Rep: Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505
Member Response

Hi,
Quote:
Originally Posted by mtx329 View Post
If Microsoft wants UEFI then so be it. There will be countless ways to bypass this, since security is not a strong point of this company. And how can one pretend UEFI is for security reasons anyway? They simply try to lower the piracy rate of their systems which is a total failure.

Furthermore, no one should be able to decide what's best for you. You pay for a PC and you should be able to do whatever you want with it, that includes installing a malware filled system. You do it at your own risk.
Hopefully you have read information on 'UEFI' if not then please consider 'Unified Extensible Firmware Interface (UEFI)';
Quote:
The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. UEFI is meant as a replacement for the BIOS firmware interface, present in all IBM PC-compatible personal computers.[1][2] In practice, most UEFI images have legacy support for BIOS services. It can be used to allow remote diagnostics and repair of computers, even without another operating system. [3]
The original EFI (Extensible Firmware Interface) specification was developed by Intel. Some of its practices and data formats mirror ones from Windows.[4][5] In 2005, UEFI deprecated EFI 1.10 (final release of EFI). The UEFI specification is managed by the Unified EFI Forum.
You could go to: http://www.uefi.org/home/ for more help & information.

There is too much 'FUD';
Quote:

FUD definition
jargon
/fuhd/ An acronym invented by Gene Amdahl after he left IBM to found his own company: "FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential customers who might be considering [Amdahl] products." The idea, of course, was to persuade them to go with safe IBM gear rather than with competitors' equipment. This implicit coercion was traditionally accomplished by promising that Good Things would happen to people who stuck with IBM, but Dark Shadows loomed over the future of competitors' equipment or software.
[Jargon File]
(1995-05-23)
 
Old 10-05-2012, 02:06 PM   #50
mtx329
LQ Newbie
 
Registered: May 2012
Distribution: Slackware / Windows
Posts: 4

Rep: Reputation: Disabled
Quote:
Originally Posted by onebuck View Post

Hopefully you have read information on 'UEFI'
I'm not trying to spread FUD or anything. I'm not an expert on the subject but according to Wikipedia:

Quote:

The UEFI 2.2 specification adds a protocol known as Secure boot, which can secure the boot process by preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature. When secure boot is enabled, it is initially placed in "Setup" mode, which allows a public key known as the "Platform key" (PK) to be written to the firmware. Once the key is written, secure boot enters "User" mode, where only drivers and loaders signed with the platform key can be loaded by the firmware. Additional "Key Exchange Keys" (KEK) can be added to a database stored in memory to allow other certificates to be used, but they must still have a connection to the private portion of the Platform key. Secure boot can also be placed in "Custom" mode, where additional public keys can be added to the system that do not match the private key.
So from what I understand so far BIOS is too primitive to have a feature like secure boot implemented so they needed a replacement.
 
Old 10-05-2012, 02:12 PM   #51
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,650
Blog Entries: 2

Rep: Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095
Quote:
Originally Posted by mtx329 View Post
So from what I understand so far BIOS is too primitive to have a feature like secure boot implemented so they needed a replacement.
UEFI is far older than Secure Boot, so no, UEFI was not invented with the intention to years later implement Secure Boot.
 
Old 10-05-2012, 03:40 PM   #52
mtx329
LQ Newbie
 
Registered: May 2012
Distribution: Slackware / Windows
Posts: 4

Rep: Reputation: Disabled
Quote:
Originally Posted by TobiSGD View Post
UEFI is far older than Secure Boot, so no, UEFI was not invented with the intention to years later implement Secure Boot.
I didnt said UEFI was invented for secure boot. What I meant is that they figured out UEFI is much more advanced than BIOS ( and by all means it should be, considering the age of BIOS ) and so the replacement process began.

Anyway, we'll have to wait and see what happens, but I'm afraid that this won't end here.
 
Old 10-08-2012, 01:56 AM   #53
Yukon
LQ Newbie
 
Registered: Feb 2004
Location: Vancouver BC
Distribution: Debian
Posts: 12

Rep: Reputation: 0
It is important ..

My last post was removed and/or I was reprimanded by
the moderator God, for something or other which I think
He didn't understand. Sarcasm with intelligence, for example,
is communication. This topic deserves repeats from every side in
my stupid opinion, sir, because it relates to the future of
Linux for Everyman.

This is what He, and many, don't get:

There is a reason to hope that Linux will be popular
outside of *nix professionals. It gives us a lot of levers.

However, that requires easy access to Linux on new, dumb-bought
machines, by ordinary joes. <=

I probably am disqualifying myself right here by mentioning
this but I am artist. My main thing. But however (long story)
I also have enjoyed the UNIX line since version 7, at a
Canadian university.

The thing is, there are still at least two sorts
of people - ones who are comfortable with techie things,
and those who would really rather not. There is a complicated
continuous conversation here as you realize.

The thing is, if we want the levers (for Openness and
Goodness) that Linux will potentially give us still, it at
least has to continue to have it's current popularity,

-> OUTSIDE of the community that can compile and
do any whiz thing necessary to get what
they want.

i.e. Dumb guys like me have to have a way.
And that's what -so far- it looks like Windows 8
and the bloody greedy vendors .. are going
to do.

Close the "civilian" users of Linux free "market".

For instance, I no doubt will be fine, but how am I going
to support Linux for dummies, if that's what I might
make money on, when the possibility evaporates?

Somebody said somewhere that no one has stepped
up to the plate to do a UEFI boot for us all.

Or I hallucinated again.

I think, at the very least, that this issue is a real
sore soreness, and should stay alive, and am kind
of pissed that Linuxers should shut me up when
it's kind of important.

-jae
 
Old 10-08-2012, 10:31 AM   #54
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,445
Blog Entries: 4

Original Poster
Rep: Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505
Moderator Response

Quote:
Originally Posted by Yukon View Post
My last post was removed and/or I was reprimanded by
the moderator God, for something or other which I think
He didn't understand. Sarcasm with intelligence, for example,
is communication. This topic deserves repeats from every side in
my stupid opinion, sir, because it relates to the future of
Linux for Everyman.
Your post was removed because of the failure to edit & remove the masked vulgarity. Plus you were in violation;
Quote:
Please do not form attacks or form posts with the intent of baiting to start a flame war. Be respectful with your post.

You are violating the LQ Rules;
You were given the opportunity to edit & revise your post. When you did not then the post was deleted for not abiding the LQR.
Quote:
Originally Posted by Yukon View Post
This is what He, and many, don't get:

There is a reason to hope that Linux will be popular
outside of *nix professionals. It gives us a lot of levers.
I do understand the proper use of 'UEFI' protocol. Too much 'FUD' and rumors that misstate the facts to suit their argument or to the their understanding(s) thus causing issues.
Quote:
Originally Posted by Yukon View Post
However, that requires easy access to Linux on new, dumb-bought
machines, by ordinary joes. <=
Your views are not clear. Documentation is available to help ordinary 'joes' to understand what and how someone can use a 'UEFI' based machine.
Quote:
Originally Posted by Yukon View Post
I probably am disqualifying myself right here by mentioning
this but I am artist. My main thing. But however (long story)
I also have enjoyed the UNIX line since version 7, at a
Canadian university.
I do not see how that will dis-qualify you.
Quote:
Originally Posted by Yukon View Post
The thing is, there are still at least two sorts
of people - ones who are comfortable with techie things,
and those who would really rather not. There is a complicated
continuous conversation here as you realize.
Then maybe stick with turn key equipment. If you are not willing to learn how to use the newer systems with protocol changes then it will be difficult.
Quote:
Originally Posted by Yukon View Post
The thing is, if we want the levers (for Openness and
Goodness) that Linux will potentially give us still, it at
least has to continue to have it's current popularity,
I really do not see an issue. Informed users will continue to use equipment with Gnu/Linux.
Quote:
Originally Posted by Yukon View Post
-> OUTSIDE of the community that can compile and
do any whiz thing necessary to get what
they want.
Review the documentation available so you will be informed.
Quote:
Originally Posted by Yukon View Post
i.e. Dumb guys like me have to have a way.
And that's what -so far- it looks like Windows 8
and the bloody greedy vendors .. are going
to do.
Only if you and people like you will not inform so that the ability to perform will evolve.
Quote:
Originally Posted by Yukon View Post
Close the "civilian" users of Linux free "market".

For instance, I no doubt will be fine, but how am I going
to support Linux for dummies, if that's what I might
make money on, when the possibility evaporates?
False fear(s), you will always have *buntu like Gnu/Linux available to hold your hand thus limit abilities. Yet, you will be able to use a Gnu/Linux.
Quote:
Originally Posted by Yukon View Post
Somebody said somewhere that no one has stepped
up to the plate to do a UEFI boot for us all.

Or I hallucinated again.
There you go again! Someone passes 'FUD', you believe it thus pass it on. 'UEFI' with a Gnu/Linux is doable. No issues! Do us all a favor and do some searching or read some of the previous linked information for 'UEFI' within this thread.
Quote:
Originally Posted by Yukon View Post
I think, at the very least, that this issue is a real
sore soreness, and should stay alive, and am kind
of pissed that Linuxers should shut me up when
it's kind of important.

-jae
No one is shutting you up! You are not informed nor tooled to understand 'UEFI'. Spend a little time reading the protocol(s) for 'EFI' then for 'UEFI' so when you do present information then it will be formed and reliable information. Look at 'UEFI_Home';
Quote:
Unified EFI Forum:

UEFI is a community effort by many companies in the personal-computer industry to modernize the booting process. UEFI capable systems are already shipping, and many more are in preparation. During the transition to UEFI, most platform firmware will continue to support legacy (BIOS) booting as well, to accommodate legacy-only operating systems.

UEFI stands for "Unified Extensible Firmware Interface". The UEFI specification defines a new model for the interface between personal-computer operating systems and platform firmware. The interface consists of data tables that contain platform-related information, plus boot and runtime service calls that are available to the operating system and its loader. Together, these provide a standard environment for booting an operating system and running pre-boot applications.

The Unified EFI Forum is the group responsible for developing, managing and promoting UEFI specifications. Further information about the UEFI specification and membership opportunities can be found throughout this Web site. The "Adopter" membership category is free. For additional information please contact UEFI Administration.
& From 'UEFI_About';
Quote:
Overview The Unified EFI Forum is a non-profit collaborative trade organization formed to promote and manage the UEFI standard. As an evolving standard, the UEFI specification is driven by contributions and support from member companies of the UEFI Forum.
The UEFI Forum board of directors include representatives from the following eleven leading companies:
With support and innovation from all UEFI Forum member companies, work is being done continually to evolve the UEFI specification to meet industry needs.
If you wish to dig deeper then look at 'UEFI_Specifications'. When & if you do not understand something then post a query here.

Someone will help you to understand once you inform and re-learn why 'UEFI' is necessary.
 
2 members found this post helpful.
Old 10-12-2012, 09:47 AM   #55
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,454

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
Well, let's just skip this rambling talk, that's off-subject anyhow, and stick to subject: what are the technical requirements for getting Linux to respect the secure-boot protocols, and where does Linux now stand in fulfilling them?

The exploits of Microsoft Windows that have occurred are legend: root-kitting the entire system, reprogramming the Flash ROMs on the mobo ... as thorough and complete an "exploit" as an "exploit" could possibly be.

It's no accident that there are NTFS drivers for MS-DOS. Boot up the ol' command-prompt of yesteryear, if the computer will allow you to easily do it i.e. without removing the thing from the rack and opening it up, and you can do any damm thing you want with that supposedly "secure" machine. No one's paying attention to you at 3:30 AM. No one knows you're an industrial spy or saboteur ... and no one will easily be able to detect what you have done. They will go on, maybe for years, supposing that their machines are uncompromised. The invisible Trojan Horse.

And so, people are just as interested in making sure that their production Linux systems cannot be easily exploited in this way, as they are with their Microsoft and Apple operating-systems and for precisely the same good reasons.

So ... let's just put the kibosh on off-topic diatribes about conspiracy theories, as often as necessary, and follow the progress of the Secure Boot support in Linux. That support, done correctly, is necessary to everyone concerned.

No, UEFI won't be impenetrable. Nothing is. But Master Padlock Company made millions selling devices that can be opened with the help of a soft-drink can, because they worked. The existence of the security alone is a deterrent, and Linux must support it correctly also, for those sites who wish to use it.

Last edited by sundialsvcs; 10-12-2012 at 09:54 AM.
 
Old 10-12-2012, 10:02 AM   #56
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,650
Blog Entries: 2

Rep: Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095
Quote:
Originally Posted by sundialsvcs View Post
So ... let's just put the kibosh on off-topic diatribes about conspiracy theories, as often as necessary, and follow the progress of the Secure Boot support in Linux. That support, done correctly, is necessary to everyone concerned.
And there is the support: http://www.linuxfoundation.org/news-...em-open-source
 
Old 10-12-2012, 02:22 PM   #57
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,445
Blog Entries: 4

Original Poster
Rep: Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505Reputation: 1505
Member Response

Hi,

Quote:
Originally Posted by TobiSGD View Post
Thanks for the link.
 
Old 10-12-2012, 02:46 PM   #58
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,454

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
... and this does seem to be a pragmatic solution to the matter. If you want to use hardware in your shop that implements this protection, then this solution extends that protection to cover your Linux systems while avoiding actual changes to the plentitude of Linux systems that already exist -- both within your shop and elsewhere.

It will be interesting to see how long this strategy lasts, because I can see rather obvious holes in it unless a particular operating-system image can be keyed to a device. It won't take very long for various "properly keyed" OS images to show up: of necessity, software-service and sysadmin-defribillator discs will have to have the proper keys on them. And when this happens, I suspect that we will be right back where we started from. This whole concept is really trying to tiptoe along a very delicate line between "secure" and "maintainable," and the jury might still be out as to where that line will actually turn out to be located.
 
Old 10-12-2012, 07:05 PM   #59
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,134
Blog Entries: 52

Rep: Reputation: Disabled
http://www.linuxquestions.org/questi...7/#post4804313
 
Old 10-15-2012, 04:32 AM   #60
Nikosis
Member
 
Registered: Dec 2005
Location: In front of the monitor
Distribution: Slackware
Posts: 312

Rep: Reputation: 59
I don't get how can it be a new standard, which favors one OS, and puts obstacles for the other. Yes, there is a workaround by cutting a deal with M$ and obtaining their key - wow, is that the best that can be done.
And I don't think that leaving some users at the mercy of *buntu like Gnu/Linux is a right thing to do, just because they're not techie enough. Besides I don't trust *buntu as I don't trust M$.

Quote:
"I fully understand that Red Hat and Canonical won't be doing the right thing, they are traitors to the cause, mostly in it for the money and power. They want to be the new Microsoft." - Theo de Raadt

Stand up for your freedom to install free software


Free Software Foundation recommendations for free operating system distributions considering Secure Boot
 
  


Reply

Tags
bios, secure boot, uefi


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Will your computer's "Secure Boot" turn out to be "Restricted Boot"? LXer Syndicated Linux News 0 10-17-2011 10:00 PM
What are the easy to follow step-by-step instructions for loading "WICD" in Slackware Twilight_Bandit Linux - Software 2 06-22-2009 06:16 AM
boot hangs at the "/boot: clean" step dh4 Linux - General 1 03-10-2007 11:14 AM
LXer: Why EnGarde Secure Linux is "Secure By Design" LXer Syndicated Linux News 0 10-10-2006 01:21 AM
LXer: O'reilly Releases "Learning PHP & MySQL": A Step-by-Step Guide to ... LXer Syndicated Linux News 0 06-21-2006 07:33 AM


All times are GMT -5. The time now is 07:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration