Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I also disagree with most, and think that secure boot is not good anywhere, not even in a corporate environment. If the techs at a company can't boot into their memtest or gparted CDs they are left out in the cold.
If a tech has to do that all he needs is either a CD with a signed bootloader (not that difficult to create for a tech), or he just disables Secure Boot for the duration of testing. Secure Boot will not keep a technician from doing his job, it will also not keep the trained attacker with physical access to the machine from whatever he wants to do, but it will keep malware from infecting the boot process and the "normal" employee from just booting a Knoppix or WinPE CD to circumvent company policy or compromise the system.
If a tech has to do that all he needs is either a CD with a signed bootloader (not that difficult to create for a tech), or he just disables Secure Boot for the duration of testing. Secure Boot will not keep a technician from doing his job, it will also not keep the trained attacker with physical access to the machine from whatever he wants to do, but it will keep malware from infecting the boot process and the "normal" employee from just booting a Knoppix or WinPE CD to circumvent company policy or compromise the system.
If the PC isn't a windows 8 PC, and thus doesn't have the Windows 8 logo, the tech may not be able to disable secure boot. Of course, most systems will have the Windows 8 logo.
If the PC isn't a windows 8 PC, and thus doesn't have the Windows 8 logo, the tech may not be able to disable secure boot. Of course, most systems will have the Windows 8 logo.
A PC does not have to come with the Windows 8 OS to have the Windows 8 logo. In fact, the logo is not really referring to the whole PC (when it comes to Secure Boot), but only to the options available in the firmware of the motherboard. Usually motherboards are delivered without OS. This is of course different with laptops and machines with mainboards that are specifically manufactured for one OEM, like Dell.
You also can be sure that a company that want to use Secure Boot with a non-Microsoft OS (or disable it) will buy machines that have these options available. They don't go out buy machines randomly, usually companies have some type of evaluation process.
A PC does not have to come with the Windows 8 OS to have the Windows 8 logo. In fact, the logo is not really referring to the whole PC (when it comes to Secure Boot), but only to the options available in the firmware of the motherboard. Usually motherboards are delivered without OS. This is of course different with laptops and machines with mainboards that are specifically manufactured for one OEM, like Dell.
You also can be sure that a company that want to use Secure Boot with a non-Microsoft OS (or disable it) will buy machines that have these options available. They don't go out buy machines randomly, usually companies have some type of evaluation process.
And thus add a working system to landfill just because it won't run the next version of MS pile of crud.
That is what is wrong with it.
Just because a machine is bought with Win8 on it doesn't mean it always will. Hand-me-down computers work just fine - but if you READ the license, hand-me-down systems DON'T come with a license to use the OS. You are supposed to buy it again.
And that purchase is (or can be) unaffordable (or like XP, unavailable) to to the recipient.
Thus making more electronic junk which tends to have hazardous substances.
I have four machines that were originally purchased for use with windows for other people. When they were no longer supported by MS, then they were headed for the landfill.
I got them and put Linux on them because I knew there was nothing wrong with the systems. They run fine, and are (well were, they are over 10 years old now) good usable systems with Linux.
Secure boot as implemented/required by MS prevents doing this by only allowing windows to boot - and the inability to put MY certificates on such systems means I can't use them to boot MY trusted software, unless I disable secure boot. And on systems I CAN'T disable secure boot means I can't put Linux on them, thus headed for the landfill.
I have four machines that were originally purchased for use with windows for other people. When they were no longer supported by MS, then they were headed for the landfill.
Why? If those machines are ten years old they came with XP and XP is still supported. If a ten years old machine came with Ubuntu you can be sure that without upgrading the hardware you won't be able to run a current Ubuntu on it. This is the way it goes in IT, software becomes more demanding over time, just because there are more resources available. this is not Microsoft specific.
Quote:
Secure boot as implemented/required by MS prevents doing this by only allowing windows to boot - and the inability to put MY certificates on such systems means I can't use them to boot MY trusted software, unless I disable secure boot.
If manufacturers want to get the Windows 8 Logo certification, which is obviously wanted by Microsoft, they have to implement the options to disable Secure Boot and to manage your own keys. So Microsoft prevents you from nothing (in fact they are encouraging manufacturers to give you the options you want), manufacturers that don't want to get the certification for whatever reason do.
So you have to blame the manufacturers in the first place, not Microsoft.
I am a victim of 'Secure Boot', and I have been told by a computer retailer, that if I override secure boot which I am told is almost impossible I could be sued by Microsoft. With all the millions of computers in the world, I can't really believe this, but it has got me thinking. Thanks for the help I have received so far by the way. Is this retailer talking rubbish?
in the us, you have a right to sue if you are willing to pay court fees and possible counter-suit if you don't recieve judgement as a plaintiff. doesnt mean that the other party broke the law or did anything illigal.
this may be related to the patriot act (which is a corrolary to the dmca) which makes people who supercede any computer encryption (such as modding cell phones, ripping dvd's, ...) into military combatants.
that law has recently been renewed to allow installing alternate roms on devices and ripping dvd's for education purposes.
Why? If those machines are ten years old they came with XP and XP is still supported. If a ten years old machine came with Ubuntu you can be sure that without upgrading the hardware you won't be able to run a current Ubuntu on it. This is the way it goes in IT, software becomes more demanding over time, just because there are more resources available. this is not Microsoft specific.
XP is no longer being sold except for systems that have already been built with it - and a 10 year old system wont run current XP...
And those machines work just fine in what I have targeted them, so no landfill. And I do know how to put a linux on it that will work - that is one of the benefits of Linux from Scratch.
I still have a 486 that can do routing for 10Mbit networks. Think that will run current XP?
Quote:
If manufacturers want to get the Windows 8 Logo certification, which is obviously wanted by Microsoft, they have to implement the options to disable Secure Boot and to manage your own keys. So Microsoft prevents you from nothing (in fact they are encouraging manufacturers to give you the options you want), manufacturers that don't want to get the certification for whatever reason do.
So you have to blame the manufacturers in the first place, not Microsoft.
No they aren't. MS has only stated that for Window 8 (they do still have to support Windows 7, so secure boot MUST be disabled for that...)
For ARM is is mandated that they NOT BE ABLE TO DISABLE secure boot.
As I said, SPECIFIED and REQUIRED by MS.. so Microsoft is to blame.
I may be a bit paranoid, but:
In a few years I fully expect (unless another anti-trust suite stops them) to drop the "able to disable secure boot" on X86. Likely as soon as they can drop the Windows 7 support. After that they can revoke the certificate used for booting via secure boot for those systems - thus making it impossible to create/update systems based on them...
The past history of MS is full of crap they have done to "partners" and "competitors" all over the world to preserve, and extend their monopoly. This is just their first way of trying to extend it into the ARM market.
And thus add a working system to landfill just because it won't run the next version of MS pile of crud.
Not a responsible company, if disposed of improperly they can be fined for that type of dumping.
Quote:
Originally Posted by jpollard
That is what is wrong with it.
No, what is wrong with is that some people are not fully aware of proper disposal rules and restrictions
Quote:
Originally Posted by jpollard
Just because a machine is bought with Win8 on it doesn't mean it always will. Hand-me-down computers work just fine - but if you READ the license, hand-me-down systems DON'T come with a license to use the OS. You are supposed to buy it again.
That will depend on the 'EULA'. If OEM then yes you will need to re-license.
Quote:
Originally Posted by jpollard
And that purchase is (or can be) unaffordable (or like XP, unavailable) to to the recipient.
Not always true, you will have to dig to find the OS but it can be done legally and sometimes affordable.
Quote:
Originally Posted by jpollard
Thus making more electronic junk which tends to have hazardous substances.
Which when handled properly by licensed recyclers then no issue. What I am against is the companys that move hardware to third world or countries that do not have regard for human safety when handling electronic hardware disposal. Now that should be something local, state & federal agents should be handling by closer contacts & inspections.
First, I think you should research a bit before making statements you have been making. Too much 'FUD', lack of understanding and misinformation.
Quote:
Originally Posted by jpollard
XP is no longer being sold except for systems that have already been built with it - and a 10 year old system wont run current XP...
Not if you use SP1 for a 10 year old system then do updates. Of course if the system is not 64 bit then using a current Xp 64bit on a 10 year old machine may require you to jump through more hoops/. Doable on proper hardware. I still do this with licensed XP on older equipment with proper license.
Quote:
Originally Posted by jpollard
And those machines work just fine in what I have targeted them, so no landfill. And I do know how to put a linux on it that will work - that is one of the benefits of Linux from Scratch.
I still have a 486 that can do routing for 10Mbit networks. Think that will run current XP?
Not a current but you could install SP1 an do the update process in order to bring too a supported Xp level. Fine that you are able to recycle older equipment to extend the service life.
Quote:
Originally Posted by jpollard
No they aren't. MS has only stated that for Window 8 (they do still have to support Windows 7, so secure boot MUST be disabled for that...)
Again you do not know nor understand the 'UEFI' protocol nor how 'secure boot' is handled for equipment. Nor how the certification process is done for a user with Microsoft. Read a bit to inform yourself.
Quote:
Originally Posted by jpollard
For ARM is is mandated that they NOT BE ABLE TO DISABLE secure boot.
Microsoft based ARM. Rooting ARM can be done on other manufactures devices. Of course 'Apple' has locked their devices, but 'Apple' is unique in the type of equipment provided to their users. You can 'root' but at the risk of warranty for equipment.
Quote:
Originally Posted by jpollard
As I said, SPECIFIED and REQUIRED by MS.. so Microsoft is to blame.
Not on all systems, you still need to read the license agreement. Read the protocol, 'UEFI'.
Quote:
Originally Posted by jpollard
I may be a bit paranoid, but:
I think you are relying on to much 'FUD'. Research and certify information before passing it on. That way you will be informed.
Quote:
Originally Posted by jpollard
In a few years I fully expect (unless another anti-trust suite stops them) to drop the "able to disable secure boot" on X86. Likely as soon as they can drop the Windows 7 support. After that they can revoke the certificate used for booting via secure boot for those systems - thus making it impossible to create/update systems based on them...
Here again, You do not understand the 'UEFI' protocol and the 'Secure boot' set for that protocol. Thre are too many active Win/7 computer user base to drop Win/7. Win/7 is in the position that Win/Xp has been for the past decade(plus). You do not understand the License again, read the 'EULA' for Win/7 and read up on 'UEFI' then realize your misinformation concerning 'Secure boot'.
Quote:
Originally Posted by jpollard
The past history of MS is full of crap they have done to "partners" and "competitors" all over the world to preserve, and extend their monopoly. This is just their first way of trying to extend it into the ARM market.
As I stated above, you do need to research more and be specific. Microsoft is a company that must profit for their share holders. Fines and judgements are not something a company needs to bear. Sure, earlier years Microsoft did some bad business practices. Proof is that people think that Microsoft does this presently on a blanketed basis. They have teams of lawyers & bean counters who know the limits and tricks to keep the company profitable legally.
My biggest complaint is that many users (Gnu/Linux included) is that most rely on and pass on 'FUD' to assure their hatred for Microsoft. Research & verify!
I still have a 486 that can do routing for 10Mbit networks. Think that will run current XP?
Of course not, it was never intended to. It also won't run current Ubuntu. This is just a nonsensical argument, sorry I have to say that.
Quote:
No they aren't. MS has only stated that for Window 8 (they do still have to support Windows 7, so secure boot MUST be disabled for that...)
Of course they have only stated that only for Windows 8. May be because it is the Windows 8 Logo certfication, not the "pick a random future Windows version" certification.
Quote:
For ARM is is mandated that they NOT BE ABLE TO DISABLE secure boot.
As I said, SPECIFIED and REQUIRED by MS.. so Microsoft is to blame.
True on ARM devices. They do it exactly as Apple and almost any manufacturer for Android devices. Yet I wait to see the people blame them. Double standard?
Quote:
In a few years I fully expect (unless another anti-trust suite stops them) to drop the "able to disable secure boot" on X86. Likely as soon as they can drop the Windows 7 support. After that they can revoke the certificate used for booting via secure boot for those systems - thus making it impossible to create/update systems based on them...
The past history of MS is full of crap they have done to "partners" and "competitors" all over the world to preserve, and extend their monopoly. This is just their first way of trying to extend it into the ARM market.
So basically you say: I don't have any facts, I say all that only based on my personal opinion?
Do that on your blog, a technical forum is about facts.
As stated, other companies already do this sort of task to prevent other OS's. Secure boot if one reads about and understands it is not as big an issue. You have a choice to buy it or not. You have to realize that very few people in the world know about computer. They don't want to know. They don't join LQ even. They just want their computer to work. If you read up on secure boot, you will find it useful just like the billions of changes that have been made to linux over the years. Remember when such a notion as running as a limited user and not root was crazy talk? Remember when using antivirus and antimalware was nutty?
I have added this to hopefully help others to understand and relate to the information as we still have world members who use WinXP with Gnu/Linux dual boot or VM usage.
With Service Pack 3 for Windows XP just over the horizon, we've managed to get our hands on the internal schedule for the release of the highly anticipated update to the aging operating system. As you can see in the list below, most of the stages will occur before the end of the month, though forced automatic updates won't land until June. This delay should give system administrators an ample amount of time to prepare for the upgrade or simply come up with an excuse for when things go awry.
April 14, 2008: Support is available for the release version of Service Pack 3 for Windows XP
April 21, 2008: Original Equipment Manufacturers, Volume License, Connect, and MSDN and TechNet subscribers
April 29, 2008: Microsoft Update, Windows Update, Download Center
Of course the WinXp updates are still supported. Just no new release except for the Netbook/Notebook hardware. Users still can use Win/XP on proper equipment. 10 year old equipment that fits the model can be used.
EDIT: Forgot to add: Windows XP Service Pack 3 Overview
HTH!
Last edited by onebuck; 12-16-2012 at 11:48 AM.
Reason: forgot link
Of course not, it was never intended to. It also won't run current Ubuntu. This is just a nonsensical argument, sorry I have to say that.
The aim wasn't to run any specific distribution. It was specific to running MY kernel that I compile for that specific target. It doesn't have to be a distribution. Linux can run for specific target environments in 16 MB of memory even, and on a 486 - the DSL distribution for example.
Quote:
Of course they have only stated that only for Windows 8. May be because it is the Windows 8 Logo certfication, not the "pick a random future Windows version" certification.
True on ARM devices. They do it exactly as Apple and almost any manufacturer for Android devices. Yet I wait to see the people blame them. Double standard?
No - Apple isn't a monopoly trying to take over every other vendor.
Quote:
=
So basically you say: I don't have any facts, I say all that only based on my personal opinion?
Do that on your blog, a technical forum is about facts.
I clearly stated what followed was opinion (paranoid even). It has been the history of MS that developed that opinion.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.