GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
No ARM holdings on the UEFI board of directors though.
I'd be interested to see what ARM holdings would say about all this, but there is just too much 'noise' to figure it out, if they have even made a public statement.
I am not sure about the admin structure of 'UEFI'. Arm has been a member since 2008;
http://www.arm.com/images/uefi_logo_red.gifUnified Extensible Firmware Interface (UEFI) specification now includes the ARM® architecture. UEFI improves the hardware-software interface by standardizing the boot procedure between the operating system and a target processor. Specification 2.3 incorporates the necessary modifications required to help enable original equipment manufacturers (OEMs) to standardize the boot procedure on hardware platforms based on the ARM processor.
The UEFI Forum, which ARM joined in April 2008, is a non-profit collaborative trade organization formed as an industry-wide effort to modernize the boot process. The forum develops, manages, and promotes the UEFI specification. It is an evolving specification driven by contributions and support from member companies. The UEFI specification details an interface that helps hand off control of the low level system from a pre-boot environment to an Operating System. UEFI provides a clean interface between Operating System and platform firmware at boot time, and supports an architecture-independent mechanism for initializing add-in cards.
As to your analogies, to me that was absurd. No one was talking about driving or other wise. You are not going to dictate designs to a manufacture. If market drives the need for design changes then possibly things can be aligned or changed.
As I have said to others: Your choice to buy or not. If the device supports user defined exemptions then great. But if you purchase something and it does not allow secondary usage or alternate use then you either default the device(possibly junk it) or return it. Your purchase of a known controlled closed environment does not give you any rights to demand it service your needs. Cry foul all you want, it will not change things.
UEFI secure boot alone wont stop this situation. There is no way to stop your hypothetical 'night operator' from booting up his copy of win8.....unless you've locked users out of UEFI with a password. Which was possible with the old fashioned BIOS as well.
In the end, given a competent (maybe smart) operator, physical access = root access.
Yup, you can't exactly stop him from stealing the disk drives. (But in some secure data centers, those drives are encrypted and locked to a particular disk-controller serial number.)
But you know, a lot of pragmatic security just comes down to putting even a very slight obstacle in the way. A friend of mine in high school kept a very expensive 12-string guitar in a cardboard case with the tiniest padlock imaginable. The lock was put there, he said, "to keep the honest people out." There are many stories of "pizza-box cat burglars" who stole from houses, even houses with very fancy burglar-alarms, just by trying the front door and seeing if it was unlocked. It often was, and the fancy-pants alarm system was turned off. They took whatever they could find in the first couple rooms and popped it into the box (which actually contained a pizza).
Last edited by sundialsvcs; 01-24-2012 at 09:36 AM.
There is nothing to stop me removing Windows and installing Linux, or dual-booting the two OS's, on an x86 device. So I'll ask one more time: WHY should it be any different for an ARM device?
There is nothing to stop me removing Windows and installing Linux, or dual-booting the two OS's, on an x86 device. So I'll ask one more time: WHY should it be any different for an ARM device?
Purchase one you can have selective choice and have the options to update or add keys. If you choose one with Microsoft Win/8 then you will not have the choice to modify for a alternate OS. As stated before, buy one that allows the UEFI user control.
You haven't answered the question: why should ARM be any different from x86? As for choosing to buy something that allows UEFI user control, that may be near impossible if Microsoft has the same influence over ARM device manufacturers as they have in the PC field. It would be in their interest to get a lock-down on all new x86 computers sold, too.
You haven't answered the question: why should ARM be any different from x86? As for choosing to buy something that allows UEFI user control, that may be near impossible if Microsoft has the same influence over ARM device manufacturers as they have in the PC field. It would be in their interest to get a lock-down on all new x86 computers sold, too.
So in your mind all ARM devices will be secured. Not so! There are loads of other major market share companies that will have ARM based devices other than just Microsoft. I have answered your question. You just fail to realize that not every device will be locked. Speculations & fear, that is the trap you are falling into. Thus spreading FUD!
Brian, you are the provocateur that you attempted to label me as.
Other ARM providers will be using hardware designs with ANDROID/Propriety OS thus the problem is non existent so no lock out. That is unless they too decide differently. Some ARM devices had to be jailbreaked to use but that too was not a big problem except for warranty.
No matter how much you openly complain about Microsoft locking ARM devices designed to work with Win/8 there will be no change. And in my mind there is no need. At this point I will not need to purchase a ARM based Windows/8 Netbook,Notebook system. No need or purpose to use value based Netbook/Notebook at this time.!
Openness for x86 arch system has continued from the onset thus the reasoning for continued openness for the design. That doesn't mean all future x86 systems will have the BIOS extensions to openly allow a user choices. At present there will be secure boot OEM for the x86 designs but to date that will have BIOS extensions to enable/disable. This latter point will allow a user to provide/generate keys for other OS.
UEFI secure boot alone wont stop this situaton. There is no way to stop your hypothetical 'night operator' from booting up his copy of win8.....unless you've locked users out of UEFI with a password. Which was possible with the old fashioned BIOS as well.
In the end, given a competent (maybe smart) operator, physcial access = root access.
Of course 'UEFI' will prevent the night operator from booting with his/her Win/8 boot media. Public part of the pk(platform key) in the firmware will not allow the boot. The 'UEFI' can have additional exchange keys(kek) in the firmware which is a signature database. This database contains public keys to be used to verify different components that may be used by UEFI: drivers, boot-loaders and other OS that may be allowed to load from external sources(disks, network,USB or whatever is allowed by 'UEFI').
This database also has the means to provide revocation(s) within the database via 'forbidden signatures' that are stored and provided by UEFI organization. This list contains both authorized and forbidden signatures.
Do not purchase if it does not allow you access. It is the users choice. If one cannot make choices as to purchase then complains that I cannot run my desired software on said device because the machine is dedicated to use one designated operating system. Your choice, do not buy it. You as a user have to decide what you wish to purchase. A FORD is a FORD and you cannot make a FORD into a Chevy!
Just like any other device for purchase, research to meet your needs. If a OEM does not allow you to modify then do not buy that particular item. $$ do control whether the device will be popular. If the many Microsoft users decide they want said control for that device then so be it. 'UEFI' is long over due and will benefit the computer industry. We have the need for a new BIOS extension and 'UEFI' will help when used.
Look at the screen shot for the BIOS (Figure 5 - Samsung PC secure boot setting).
FUD and rumors are driving things to the extreme. Get your facts then discuss.
Unfortunately, most vendors don’t have the option of getting a PC with Linux preinstalled or without an OS. Though, Dell and HP have some options for PCs that come with Linux preinstalled, and they don’t throw in any Linux-installation hurdles on their other PCs. There’s even a Python program called PyAlienFX, for controlling the cool AlienFX lighting system on the Alienware laptops, you guessed it - in Linux!
Yes, I realize this is an old thread. I just came across it when I was searching for a thread about handing out Linux CDs at work.
On my Windows 10 motorcycle tuner laptop. I had to learn about turning off hibernate in Windows so my Linux persistent usb could mount and read the ntfs files.
Seems Windows 10 wanted to lock me out with sneaky snarky functions.
When "necro" threads come back to life, I hear [Michael Jackson's] Thriller in the background ... (or this shorter version) complete with Vincent Price and the video actress's wonderful screams. (In the video, that's about all she had to do, but she did it so very, very well.)
Actually, UEFI came out of industry demand. In the wee hours of the night, operators might have the machine room all to themselves, and they might in fact be industrial spies. They shut down a machine, reboot it from a USB stick so that it runs an altogether different operating system, then suck data out of (or, install software into) the now-defenseless machine before again rebooting it back into its "normal" OS. UEFI makes this "caper" considerably more difficult to do, but still not impossible.
Also, by taking a more active – and suspicious – role in the boot process, this firmware can also catch some mistakes. (And, when you're onboarding hundreds of computers in a single day, you can will make mistakes.)
- - - Trivia: some friends of mine decided that, for a Halloween party, they would perform Thriller. After several weeks of practice, they had sort-of mastered ... forty-six seconds of it.
Last edited by sundialsvcs; 03-21-2017 at 03:42 PM.
When I first trialed linux, it was on a windows computer. When I bought it, my knowledge of computers was limited to about "New computer == new windows"
If that windows computer had a unchangeable secure boot and prevented linux from being installed... I would never of learned anything about it.
It's easy to say users should know stuff like that.. when you're already aware of them.
I am one of those that never starts a new pc or laptop that has windows, I usually first boot up off linux live and delete what ever is on the drive using a partition editor(like gparted) then install what ever distro I like at the time...
If I want windows it would have to be through a virtual machine but then wine or some other method will run a windows app if I need one, which I haven't bothered trying to do except with silverlight...
As for uefi, I have installed systems for others and don't normally have any issues...
But then 2 other people I have trained with linux, do all that now, I just get calls at the most unusual times, asking what was misssed...
I would like to know(as I have been away from the internet for a few years), why windows has so many followers still?
Actually, UEFI came out of industry demand. In the wee hours of the night, operators might have the machine room all to themselves, and they might in fact be industrial spies. They shut down a machine, reboot it from a USB stick so that it runs an altogether different operating system, then suck data out of (or, install software into) the now-defenseless machine before again rebooting it back into its "normal" OS. UEFI makes this "caper" considerably more difficult to do, but still not impossible.
You're confusing/conflating UEFI and Secureboot, but I digress.
And what you have posted is just the "textbook" problem/reaction/solution rationale behind this. If you really want to stop someone plugging in a USB stick and booting a different OS, you could use BIOS password protection and disable booting from USB (or better yet disable USB altogether), but either way if there is physical access to the PC, the data can be stolen unless sophisticated encryption is used. All of this still doesn't explain why home user desktop or laptop PCs and tablets need this kind of protection? It doesn't explain why one needs what is a "mini OS" running subliminally or crap like IME/PSP running "out of band" on x86 hardware. 99% of BIOS was useless on modern systems, most of what the end user saw/needed of the BIOS was in configuring/disabling devices/boot. Once the OS is booted, the traditional x86 BIOS releases control of devices/resources. So in fact things should have gotten a lot simpler - in fact we have even more needless complexity...
Secureboot is a feature of UEFI. Microsoft are on the board of the Unified EFI Forum along with it's OEM partners and it's Microsoft pushing secureboot and using it in it's Windows OS from 8.0 upwards on machines supplied by these vendors and it's Microsoft forcing it to be enabled on windows 8.0 certified ARM devices with no way to turn it off.
In the words of one notable security expert - UEFI is "nefarious".
I would like to know(as I have been away from the internet for a few years), why windows has so many followers still?
Because desktop linux is a pain in the ass. Vendor support, while getting better, is still nowhere near the levels to make linux more than a "niche market" O/S for general day to day use.
Windows just plain works.
Should everyone switch to linux, maybe, but that'll never happen until there's a single "dominant" distro that's aimed at consumers rather than fanboys. And when a single distro becomes dominant enough that software and hardware vendors support that distro there will be a mountain of claims that DeskSlaxTuTux(tm) linux is "abusing it's market share".
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.