LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-24-2012, 09:16 AM   #31
onebuck
Moderator
 
Registered: Jan 2005
Location: Summer Midwest USA, Central Illinois, Winter Central Florida
Distribution: Slackware®
Posts: 13,654
Blog Entries: 36

Rep: Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844
Member response


Hi,

Quote:
Originally Posted by cascade9 View Post
<snip>

No ARM holdings on the UEFI board of directors though.

I'd be interested to see what ARM holdings would say about all this, but there is just too much 'noise' to figure it out, if they have even made a public statement.
I am not sure about the admin structure of 'UEFI'. Arm has been a member since 2008;
Quote:
excerpt from ARM;
UEFI

http://www.arm.com/images/uefi_logo_red.gif Unified Extensible Firmware Interface (UEFI) specification now includes the ARM® architecture. UEFI improves the hardware-software interface by standardizing the boot procedure between the operating system and a target processor. Specification 2.3 incorporates the necessary modifications required to help enable original equipment manufacturers (OEMs) to standardize the boot procedure on hardware platforms based on the ARM processor.

The UEFI Forum, which ARM joined in April 2008, is a non-profit collaborative trade organization formed as an industry-wide effort to modernize the boot process. The forum develops, manages, and promotes the UEFI specification. It is an evolving specification driven by contributions and support from member companies. The UEFI specification details an interface that helps hand off control of the low level system from a pre-boot environment to an Operating System. UEFI provides a clean interface between Operating System and platform firmware at boot time, and supports an architecture-independent mechanism for initializing add-in cards.
As to your analogies, to me that was absurd. No one was talking about driving or other wise. You are not going to dictate designs to a manufacture. If market drives the need for design changes then possibly things can be aligned or changed.

As I have said to others: Your choice to buy or not. If the device supports user defined exemptions then great. But if you purchase something and it does not allow secondary usage or alternate use then you either default the device(possibly junk it) or return it. Your purchase of a known controlled closed environment does not give you any rights to demand it service your needs. Cry foul all you want, it will not change things.
 
Old 01-24-2012, 09:34 AM   #32
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
Quote:
Originally Posted by cascade9 View Post
UEFI secure boot alone wont stop this situation. There is no way to stop your hypothetical 'night operator' from booting up his copy of win8.....unless you've locked users out of UEFI with a password. Which was possible with the old fashioned BIOS as well.

In the end, given a competent (maybe smart) operator, physical access = root access.
Yup, you can't exactly stop him from stealing the disk drives. (But in some secure data centers, those drives are encrypted and locked to a particular disk-controller serial number.)

But you know, a lot of pragmatic security just comes down to putting even a very slight obstacle in the way. A friend of mine in high school kept a very expensive 12-string guitar in a cardboard case with the tiniest padlock imaginable. The lock was put there, he said, "to keep the honest people out." There are many stories of "pizza-box cat burglars" who stole from houses, even houses with very fancy burglar-alarms, just by trying the front door and seeing if it was unlocked. It often was, and the fancy-pants alarm system was turned off. They took whatever they could find in the first couple rooms and popped it into the box (which actually contained a pizza).

Last edited by sundialsvcs; 01-24-2012 at 09:36 AM.
 
Old 01-24-2012, 10:49 AM   #33
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.2 & current
Posts: 7,914
Blog Entries: 59

Rep: Reputation: Disabled
There is nothing to stop me removing Windows and installing Linux, or dual-booting the two OS's, on an x86 device. So I'll ask one more time: WHY should it be any different for an ARM device?
 
Old 01-24-2012, 01:03 PM   #34
onebuck
Moderator
 
Registered: Jan 2005
Location: Summer Midwest USA, Central Illinois, Winter Central Florida
Distribution: Slackware®
Posts: 13,654
Blog Entries: 36

Rep: Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844
Member response

Hi,

Quote:
Originally Posted by brianL View Post
There is nothing to stop me removing Windows and installing Linux, or dual-booting the two OS's, on an x86 device. So I'll ask one more time: WHY should it be any different for an ARM device?
Purchase one you can have selective choice and have the options to update or add keys. If you choose one with Microsoft Win/8 then you will not have the choice to modify for a alternate OS. As stated before, buy one that allows the UEFI user control.
 
Old 01-24-2012, 01:17 PM   #35
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.2 & current
Posts: 7,914
Blog Entries: 59

Rep: Reputation: Disabled
You haven't answered the question: why should ARM be any different from x86? As for choosing to buy something that allows UEFI user control, that may be near impossible if Microsoft has the same influence over ARM device manufacturers as they have in the PC field. It would be in their interest to get a lock-down on all new x86 computers sold, too.
 
Old 01-24-2012, 02:39 PM   #36
onebuck
Moderator
 
Registered: Jan 2005
Location: Summer Midwest USA, Central Illinois, Winter Central Florida
Distribution: Slackware®
Posts: 13,654
Blog Entries: 36

Rep: Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844
Member response

Hi,

Quote:
Originally Posted by brianL View Post
You haven't answered the question: why should ARM be any different from x86? As for choosing to buy something that allows UEFI user control, that may be near impossible if Microsoft has the same influence over ARM device manufacturers as they have in the PC field. It would be in their interest to get a lock-down on all new x86 computers sold, too.
So in your mind all ARM devices will be secured. Not so! There are loads of other major market share companies that will have ARM based devices other than just Microsoft. I have answered your question. You just fail to realize that not every device will be locked. Speculations & fear, that is the trap you are falling into. Thus spreading FUD!

Brian, you are the provocateur that you attempted to label me as.

Other ARM providers will be using hardware designs with ANDROID/Propriety OS thus the problem is non existent so no lock out. That is unless they too decide differently. Some ARM devices had to be jailbreaked to use but that too was not a big problem except for warranty.

No matter how much you openly complain about Microsoft locking ARM devices designed to work with Win/8 there will be no change. And in my mind there is no need. At this point I will not need to purchase a ARM based Windows/8 Netbook,Notebook system. No need or purpose to use value based Netbook/Notebook at this time.!

Openness for x86 arch system has continued from the onset thus the reasoning for continued openness for the design. That doesn't mean all future x86 systems will have the BIOS extensions to openly allow a user choices. At present there will be secure boot OEM for the x86 designs but to date that will have BIOS extensions to enable/disable. This latter point will allow a user to provide/generate keys for other OS.
 
Old 01-24-2012, 07:53 PM   #37
onebuck
Moderator
 
Registered: Jan 2005
Location: Summer Midwest USA, Central Illinois, Winter Central Florida
Distribution: Slackware®
Posts: 13,654
Blog Entries: 36

Rep: Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844Reputation: 2844
Member response

Hi,
Quote:
Originally Posted by cascade9 View Post
UEFI secure boot alone wont stop this situaton. There is no way to stop your hypothetical 'night operator' from booting up his copy of win8.....unless you've locked users out of UEFI with a password. Which was possible with the old fashioned BIOS as well.

In the end, given a competent (maybe smart) operator, physcial access = root access.
Of course 'UEFI' will prevent the night operator from booting with his/her Win/8 boot media. Public part of the pk(platform key) in the firmware will not allow the boot. The 'UEFI' can have additional exchange keys(kek) in the firmware which is a signature database. This database contains public keys to be used to verify different components that may be used by UEFI: drivers, boot-loaders and other OS that may be allowed to load from external sources(disks, network,USB or whatever is allowed by 'UEFI').

This database also has the means to provide revocation(s) within the database via 'forbidden signatures' that are stored and provided by UEFI organization. This list contains both authorized and forbidden signatures.

I suggest that you look at Versions 2.0, 2.1, 2.2 and 2.3 of the 'UEFI' Specification. Current is 2.3.1 with errata.

'UEFI' protocol is nothing like the BIOS of old.

HTH!
 
Old 03-21-2017, 12:57 PM   #38
Mr. Macintosh
Member
 
Registered: Sep 2015
Distribution: Debian
Posts: 296

Rep: Reputation: 60
Quote:
Originally Posted by onebuck View Post
Hi,

Do not purchase if it does not allow you access. It is the users choice. If one cannot make choices as to purchase then complains that I cannot run my desired software on said device because the machine is dedicated to use one designated operating system. Your choice, do not buy it. You as a user have to decide what you wish to purchase. A FORD is a FORD and you cannot make a FORD into a Chevy!

Just like any other device for purchase, research to meet your needs. If a OEM does not allow you to modify then do not buy that particular item. $$ do control whether the device will be popular. If the many Microsoft users decide they want said control for that device then so be it. 'UEFI' is long over due and will benefit the computer industry. We have the need for a new BIOS extension and 'UEFI' will help when used.

Look at the screen shot for the BIOS (Figure 5 - Samsung PC secure boot setting).

Be sure to read the whole entry: Protecting the pre-OS environment with UEFI

FUD and rumors are driving things to the extreme. Get your facts then discuss.
Unfortunately, most vendors don’t have the option of getting a PC with Linux preinstalled or without an OS. Though, Dell and HP have some options for PCs that come with Linux preinstalled, and they don’t throw in any Linux-installation hurdles on their other PCs. There’s even a Python program called PyAlienFX, for controlling the cool AlienFX lighting system on the Alienware laptops, you guessed it - in Linux!

Yes, I realize this is an old thread. I just came across it when I was searching for a thread about handing out Linux CDs at work.
 
Old 03-21-2017, 01:57 PM   #39
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 19
Posts: 6,292
Blog Entries: 21

Rep: Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152
Well, since raising the dead necro thread.

On my Windows 10 motorcycle tuner laptop. I had to learn about turning off hibernate in Windows so my Linux persistent usb could mount and read the ntfs files.

Seems Windows 10 wanted to lock me out with sneaky snarky functions.
 
Old 03-21-2017, 02:30 PM   #40
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,585

Rep: Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351
I read an opinion piece today which, while I don't entirely agree with it, gives some nice perspective to the idea of MS monopolies.

https://m.theregister.co.uk/2017/03/...rosoft_on_arm/
 
Old 03-21-2017, 03:35 PM   #41
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
When "necro" threads come back to life, I hear [Michael Jackson's] Thriller in the background ... (or this shorter version) complete with Vincent Price and the video actress's wonderful screams. (In the video, that's about all she had to do, but she did it so very, very well.)

Actually, UEFI came out of industry demand. In the wee hours of the night, operators might have the machine room all to themselves, and they might in fact be industrial spies. They shut down a machine, reboot it from a USB stick so that it runs an altogether different operating system, then suck data out of (or, install software into) the now-defenseless machine before again rebooting it back into its "normal" OS. UEFI makes this "caper" considerably more difficult to do, but still not impossible.

Also, by taking a more active – and suspicious – role in the boot process, this firmware can also catch some mistakes. (And, when you're onboarding hundreds of computers in a single day, you can will make mistakes.)

- - -
Trivia: some friends of mine decided that, for a Halloween party, they would perform Thriller. After several weeks of practice, they had sort-of mastered ... forty-six seconds of it.

Last edited by sundialsvcs; 03-21-2017 at 03:42 PM.
 
Old 03-22-2017, 12:09 AM   #42
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 630

Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
When I first trialed linux, it was on a windows computer. When I bought it, my knowledge of computers was limited to about "New computer == new windows"
If that windows computer had a unchangeable secure boot and prevented linux from being installed... I would never of learned anything about it.

It's easy to say users should know stuff like that.. when you're already aware of them.
 
Old 03-22-2017, 04:34 AM   #43
wraithe
Member
 
Registered: Feb 2006
Location: Australia
Distribution: Linux... :-)
Posts: 241
Blog Entries: 1

Rep: Reputation: 50
I am one of those that never starts a new pc or laptop that has windows, I usually first boot up off linux live and delete what ever is on the drive using a partition editor(like gparted) then install what ever distro I like at the time...

If I want windows it would have to be through a virtual machine but then wine or some other method will run a windows app if I need one, which I haven't bothered trying to do except with silverlight...

As for uefi, I have installed systems for others and don't normally have any issues...

But then 2 other people I have trained with linux, do all that now, I just get calls at the most unusual times, asking what was misssed...

I would like to know(as I have been away from the internet for a few years), why windows has so many followers still?
 
Old 03-22-2017, 06:55 AM   #44
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,594
Blog Entries: 7

Rep: Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064
Quote:
Originally Posted by sundialsvcs View Post
Actually, UEFI came out of industry demand. In the wee hours of the night, operators might have the machine room all to themselves, and they might in fact be industrial spies. They shut down a machine, reboot it from a USB stick so that it runs an altogether different operating system, then suck data out of (or, install software into) the now-defenseless machine before again rebooting it back into its "normal" OS. UEFI makes this "caper" considerably more difficult to do, but still not impossible.
You're confusing/conflating UEFI and Secureboot, but I digress.

And what you have posted is just the "textbook" problem/reaction/solution rationale behind this. If you really want to stop someone plugging in a USB stick and booting a different OS, you could use BIOS password protection and disable booting from USB (or better yet disable USB altogether), but either way if there is physical access to the PC, the data can be stolen unless sophisticated encryption is used. All of this still doesn't explain why home user desktop or laptop PCs and tablets need this kind of protection? It doesn't explain why one needs what is a "mini OS" running subliminally or crap like IME/PSP running "out of band" on x86 hardware. 99% of BIOS was useless on modern systems, most of what the end user saw/needed of the BIOS was in configuring/disabling devices/boot. Once the OS is booted, the traditional x86 BIOS releases control of devices/resources. So in fact things should have gotten a lot simpler - in fact we have even more needless complexity...

Secureboot is a feature of UEFI. Microsoft are on the board of the Unified EFI Forum along with it's OEM partners and it's Microsoft pushing secureboot and using it in it's Windows OS from 8.0 upwards on machines supplied by these vendors and it's Microsoft forcing it to be enabled on windows 8.0 certified ARM devices with no way to turn it off.

In the words of one notable security expert - UEFI is "nefarious".
 
Old 03-22-2017, 07:28 AM   #45
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,162

Rep: Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361
Quote:
Originally Posted by wraithe View Post
I would like to know(as I have been away from the internet for a few years), why windows has so many followers still?
Because desktop linux is a pain in the ass. Vendor support, while getting better, is still nowhere near the levels to make linux more than a "niche market" O/S for general day to day use.

Windows just plain works.

Should everyone switch to linux, maybe, but that'll never happen until there's a single "dominant" distro that's aimed at consumers rather than fanboys. And when a single distro becomes dominant enough that software and hardware vendors support that distro there will be a mountain of claims that DeskSlaxTuTux(tm) linux is "abusing it's market share".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Microsoft Denies Locking out Linux Stories LXer Syndicated Linux News 0 09-26-2011 03:50 PM
LXer: VMware rains hardware deals on Microsoft's parade LXer Syndicated Linux News 0 02-26-2008 11:40 AM
Athlon locking up after hardware upgrade/Debian reinstall Storm16 Linux - Hardware 0 05-20-2006 09:43 PM
LXer: Microsoft study finds Linux to have no advantage on older hardware LXer Syndicated Linux News 0 01-09-2006 09:16 PM
Microsoft Hardware on Linux DarkHawke SUSE / openSUSE 1 10-19-2004 07:10 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 12:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration