LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Syndicated Linux News (http://www.linuxquestions.org/questions/syndicated-linux-news-67/)
-   -   LXer: Microsoft dragging its feet on Linux Secure Boot fix (http://www.linuxquestions.org/questions/syndicated-linux-news-67/lxer-microsoft-dragging-its-feet-on-linux-secure-boot-fix-4175438264/)

LXer 11-22-2012 06:40 AM

LXer: Microsoft dragging its feet on Linux Secure Boot fix
 
Published at LXer:

The Linux Foundation's promised workaround that will allow Linux to boot on Windows 8 PCs has yet to clear Microsoft's code certification process, although the exact reason for the hold-up remains unclear. As The Reg reported previously, the Secure Boot feature of the Unified Extensible Firmware Interface (UEFI) found on modern Windows 8 PCs will only allow an OS to boot if its code has been digitally signed with a key obtained from Microsoft.

Read More...

H_TeXMeX_H 11-22-2012 08:30 AM

I bet they will never release it, and I hope so too.

TobiSGD 11-22-2012 10:20 AM

So you don't want that Secure Boot is available to any Linux distro? Would you mind to post your reasons for that?

H_TeXMeX_H 11-22-2012 12:03 PM

Yes. Because this is not the right solution. You should NOT need M$'s approval to boot another OS. They should have made a deal with hardware manufacturers not with M$.

Going through M$ gives them control. They can revoke the key anytime they want.

If it isn't done this way, then people will refuse to buy into Secure Boot until it supports more OSs properly.

TobiSGD 11-22-2012 12:26 PM

Quote:

Originally Posted by H_TeXMeX_H (Post 4834942)
They can revoke the key anytime they want.

How do you think they should do that? One of the requirements of getting the Windows 8 label is that there must be no option keys can be changed from an running OS.

Quote:

If it isn't done this way, then people will refuse to buy into Secure Boot until it supports more OSs properly.
You get it from the wrong side. Secure Boot is nothing more than a standard, it is the OS that has to support Secure Boot, not Secure Boot that has to support the OS.

H_TeXMeX_H 11-22-2012 12:58 PM

Then why does M$ have to approve the software ? I don't want M$ involved in the process. You don't deal with the devil.

TobiSGD 11-22-2012 01:14 PM

Quote:

Originally Posted by H_TeXMeX_H (Post 4834986)
Then why does M$ have to approve the software ?

Because the Linux Foundation decided to get their bootloader signed by Microsoft. They could have decided not to do that and to ask the hardware manufacturers directly, but chances are high that not every mainboard, especially those meant for OEM PCs, will come with those keys. You can be sure that any mainboard will come with Microsoft keys.

Quote:

I don't want M$ involved in the process. You don't deal with the devil.
I read from that that you don't want to use Microsoft software, so why bother at all? Just disable Secure Boot and you will be fine. Even if you don't want to do that, just get Microsoft certified hardware and you will be able to add your own custom keys and sign your own bootloader. This way no one is involved except you.

H_TeXMeX_H 11-22-2012 01:20 PM

Quote:

Originally Posted by TobiSGD (Post 4834998)
Because the Linux Foundation decided to get their bootloader signed by Microsoft. They could have decided not to do that and to ask the hardware manufacturers directly, but chances are high that not every mainboard, especially those meant for OEM PCs, will come with those keys. You can be sure that any mainboard will come with Microsoft keys.

Even if not every mobo would come with the keys, they could post which ones they convinced and we could go out and buy those specifically. Instead they sold out to M$. I don't like it at all. It was a bad decision and it will come back to haunt them.

TobiSGD 11-22-2012 04:43 PM

All we can do is wait and see. I doubt that anything bad will happen.

Ztcoracat 11-24-2012 09:14 AM

Quote:

Originally Posted by H_TeXMeX_H (Post 4834942)
Yes. Because this is not the right solution. You should NOT need M$'s approval to boot another OS. They should have made a deal with hardware manufacturers not with M$.

Going through M$ gives them control. They can revoke the key anytime they want.

If it isn't done this way, then people will refuse to buy into Secure Boot until it supports more OSs properly.

I agree with you; we should not have to get or have M$'s approval to boot another OS on our computer.

Maybe I'm off base but I (think) that the devil only needs an opportunity and Microsoft is providing just that tool for the devil to use.

Again this is why I have not installed Fedora on my laptop and it's not because I haven't educated myself on the "UEFI Secure Boot" issue. I have written about 5 to 7 pages of documentation from webpages just to try to understand this whole thing. It's still not clear to me what to do either before or after the install of a new disto-

TobiSGD 11-24-2012 11:49 AM

Quote:

Originally Posted by Ztcoracat (Post 4836051)
Maybe I'm off base but I (think) that the devil only needs an opportunity and Microsoft is providing just that tool for the devil to use.

I find that really interesting:
Quote:

The Unified EFI Forum or UEFI Forum (where UEFI stands for Unified Extensible Firmware Interface) is an alliance between several leading technology companies to modernize the booting process. The board of directors includes representatives from eleven "Promoter" companies: AMD, American Megatrends, Apple, Dell, HP, IBM, Insyde Software, Intel, Lenovo, Microsoft, and Phoenix Technologies.
From http://en.wikipedia.org/wiki/Unified_EFI_Forum
I would like to know why anyone is blaming Microsoft, but no one blames AMD, IBM or Intel. They all are partners on the UEFI forum, they all have a voice when it comes to discussing new specifications, so why does Microsoft get all the hate, but none of the other partners?

Ztcoracat 11-24-2012 12:21 PM

Quote:

Originally Posted by TobiSGD (Post 4836131)
I find that really interesting:
From http://en.wikipedia.org/wiki/Unified_EFI_Forum
I would like to know why anyone is blaming Microsoft, but no one blames AMD, IBM or Intel. They all are partners on the UEFI forum, they all have a voice when it comes to discussing new specifications, so why does Microsoft get all the hate, but none of the other partners?

Perhaps Microsoft is getting all of the hate because (this is only speculation; being suspicious)because they have reached full capacity on 'Greed' and are only concerned with pure profit for their establishment(Corporation).

I don't get why AMD, IBM or Intel is not in the 'blame' afterall they are assisting Microsoft to develop and manufacturer the product/merchandise. I would imagine that the contributing partners are receiving compensation and possibly; kickbacks from the Microsoft Corporation. As time passes things we don't know yet might be reveled by those other contributors/partners.

H_TeXMeX_H 11-25-2012 04:34 AM

Originally, M$ wanted to make it so that Secure Boot couldn't be turned off like on ARM, but Intel and some of the other companies wouldn't have it. Eventually I think that Secure Boot will be mandatory.

brianL 11-25-2012 06:19 AM

Quote:

Originally Posted by TobiSGD (Post 4835104)
I doubt that anything bad will happen.

As did the passengers on the Titanic.

Ztcoracat 11-25-2012 01:45 PM

Quote:

Originally Posted by H_TeXMeX_H (Post 4836457)
Originally, M$ wanted to make it so that Secure Boot couldn't be turned off like on ARM, but Intel and some of the other companies wouldn't have it. Eventually I think that Secure Boot will be mandatory.

What has lead you to think that Secure Boot will be mandatory?


All times are GMT -5. The time now is 09:27 AM.