LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > Linux - News > Syndicated Linux News
User Name
Password
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.

Notices

Reply
 
Search this Thread
Old 11-22-2012, 07:40 AM   #1
LXer
LXer NewsBot
 
Registered: Dec 2005
Posts: 75,834

Rep: Reputation: 87
LXer: Microsoft dragging its feet on Linux Secure Boot fix


Published at LXer:

The Linux Foundation's promised workaround that will allow Linux to boot on Windows 8 PCs has yet to clear Microsoft's code certification process, although the exact reason for the hold-up remains unclear. As The Reg reported previously, the Secure Boot feature of the Unified Extensible Firmware Interface (UEFI) found on modern Windows 8 PCs will only allow an OS to boot if its code has been digitally signed with a key obtained from Microsoft.

Read More...
 
Old 11-22-2012, 09:30 AM   #2
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
I bet they will never release it, and I hope so too.
 
Old 11-22-2012, 11:20 AM   #3
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,619
Blog Entries: 2

Rep: Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076
So you don't want that Secure Boot is available to any Linux distro? Would you mind to post your reasons for that?
 
Old 11-22-2012, 01:03 PM   #4
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Yes. Because this is not the right solution. You should NOT need M$'s approval to boot another OS. They should have made a deal with hardware manufacturers not with M$.

Going through M$ gives them control. They can revoke the key anytime they want.

If it isn't done this way, then people will refuse to buy into Secure Boot until it supports more OSs properly.

Last edited by H_TeXMeX_H; 11-22-2012 at 01:05 PM.
 
Old 11-22-2012, 01:26 PM   #5
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,619
Blog Entries: 2

Rep: Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076
Quote:
Originally Posted by H_TeXMeX_H View Post
They can revoke the key anytime they want.
How do you think they should do that? One of the requirements of getting the Windows 8 label is that there must be no option keys can be changed from an running OS.

Quote:
If it isn't done this way, then people will refuse to buy into Secure Boot until it supports more OSs properly.
You get it from the wrong side. Secure Boot is nothing more than a standard, it is the OS that has to support Secure Boot, not Secure Boot that has to support the OS.
 
Old 11-22-2012, 01:58 PM   #6
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Then why does M$ have to approve the software ? I don't want M$ involved in the process. You don't deal with the devil.
 
Old 11-22-2012, 02:14 PM   #7
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,619
Blog Entries: 2

Rep: Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076
Quote:
Originally Posted by H_TeXMeX_H View Post
Then why does M$ have to approve the software ?
Because the Linux Foundation decided to get their bootloader signed by Microsoft. They could have decided not to do that and to ask the hardware manufacturers directly, but chances are high that not every mainboard, especially those meant for OEM PCs, will come with those keys. You can be sure that any mainboard will come with Microsoft keys.

Quote:
I don't want M$ involved in the process. You don't deal with the devil.
I read from that that you don't want to use Microsoft software, so why bother at all? Just disable Secure Boot and you will be fine. Even if you don't want to do that, just get Microsoft certified hardware and you will be able to add your own custom keys and sign your own bootloader. This way no one is involved except you.
 
Old 11-22-2012, 02:20 PM   #8
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by TobiSGD View Post
Because the Linux Foundation decided to get their bootloader signed by Microsoft. They could have decided not to do that and to ask the hardware manufacturers directly, but chances are high that not every mainboard, especially those meant for OEM PCs, will come with those keys. You can be sure that any mainboard will come with Microsoft keys.
Even if not every mobo would come with the keys, they could post which ones they convinced and we could go out and buy those specifically. Instead they sold out to M$. I don't like it at all. It was a bad decision and it will come back to haunt them.
 
Old 11-22-2012, 05:43 PM   #9
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,619
Blog Entries: 2

Rep: Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076
All we can do is wait and see. I doubt that anything bad will happen.
 
Old 11-24-2012, 10:14 AM   #10
Ztcoracat
Senior Member
 
Registered: Dec 2011
Distribution: Slackware, CentOS & Android
Posts: 3,269
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by H_TeXMeX_H View Post
Yes. Because this is not the right solution. You should NOT need M$'s approval to boot another OS. They should have made a deal with hardware manufacturers not with M$.

Going through M$ gives them control. They can revoke the key anytime they want.

If it isn't done this way, then people will refuse to buy into Secure Boot until it supports more OSs properly.
I agree with you; we should not have to get or have M$'s approval to boot another OS on our computer.

Maybe I'm off base but I (think) that the devil only needs an opportunity and Microsoft is providing just that tool for the devil to use.

Again this is why I have not installed Fedora on my laptop and it's not because I haven't educated myself on the "UEFI Secure Boot" issue. I have written about 5 to 7 pages of documentation from webpages just to try to understand this whole thing. It's still not clear to me what to do either before or after the install of a new disto-

Last edited by Ztcoracat; 11-24-2012 at 10:20 AM.
 
Old 11-24-2012, 12:49 PM   #11
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,619
Blog Entries: 2

Rep: Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076Reputation: 4076
Quote:
Originally Posted by Ztcoracat View Post
Maybe I'm off base but I (think) that the devil only needs an opportunity and Microsoft is providing just that tool for the devil to use.
I find that really interesting:
Quote:
The Unified EFI Forum or UEFI Forum (where UEFI stands for Unified Extensible Firmware Interface) is an alliance between several leading technology companies to modernize the booting process. The board of directors includes representatives from eleven "Promoter" companies: AMD, American Megatrends, Apple, Dell, HP, IBM, Insyde Software, Intel, Lenovo, Microsoft, and Phoenix Technologies.
From http://en.wikipedia.org/wiki/Unified_EFI_Forum
I would like to know why anyone is blaming Microsoft, but no one blames AMD, IBM or Intel. They all are partners on the UEFI forum, they all have a voice when it comes to discussing new specifications, so why does Microsoft get all the hate, but none of the other partners?
 
Old 11-24-2012, 01:21 PM   #12
Ztcoracat
Senior Member
 
Registered: Dec 2011
Distribution: Slackware, CentOS & Android
Posts: 3,269
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by TobiSGD View Post
I find that really interesting:
From http://en.wikipedia.org/wiki/Unified_EFI_Forum
I would like to know why anyone is blaming Microsoft, but no one blames AMD, IBM or Intel. They all are partners on the UEFI forum, they all have a voice when it comes to discussing new specifications, so why does Microsoft get all the hate, but none of the other partners?
Perhaps Microsoft is getting all of the hate because (this is only speculation; being suspicious)because they have reached full capacity on 'Greed' and are only concerned with pure profit for their establishment(Corporation).

I don't get why AMD, IBM or Intel is not in the 'blame' afterall they are assisting Microsoft to develop and manufacturer the product/merchandise. I would imagine that the contributing partners are receiving compensation and possibly; kickbacks from the Microsoft Corporation. As time passes things we don't know yet might be reveled by those other contributors/partners.
 
Old 11-25-2012, 05:34 AM   #13
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Originally, M$ wanted to make it so that Secure Boot couldn't be turned off like on ARM, but Intel and some of the other companies wouldn't have it. Eventually I think that Secure Boot will be mandatory.
 
Old 11-25-2012, 07:19 AM   #14
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,081
Blog Entries: 52

Rep: Reputation: Disabled
Quote:
Originally Posted by TobiSGD View Post
I doubt that anything bad will happen.
As did the passengers on the Titanic.
 
Old 11-25-2012, 02:45 PM   #15
Ztcoracat
Senior Member
 
Registered: Dec 2011
Distribution: Slackware, CentOS & Android
Posts: 3,269
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by H_TeXMeX_H View Post
Originally, M$ wanted to make it so that Secure Boot couldn't be turned off like on ARM, but Intel and some of the other companies wouldn't have it. Eventually I think that Secure Boot will be mandatory.
What has lead you to think that Secure Boot will be mandatory?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux Foundation struggles with Microsoft's Secure Boot signing service LXer Syndicated Linux News 0 11-21-2012 08:50 PM
LXer: Microsoft mum on reasons for secure boot LXer Syndicated Linux News 4 08-07-2012 10:51 PM
LXer: Microsoft Says No to Disabling UEFI Secure Boot on ARM LXer Syndicated Linux News 0 01-16-2012 07:40 AM
LXer: Secure Boot: What's Microsoft's Agenda? LXer Syndicated Linux News 0 10-04-2011 07:00 AM
LXer: Microsoft's Secure Boot Gambit LXer Syndicated Linux News 0 09-28-2011 05:30 PM


All times are GMT -5. The time now is 09:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration