GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A friend sent me this link from an article talking about how, in a nutshell, "made for win8" systems could quite possibly make dual booting, wipe & replace, or even driver installation a huge problem? Am I reading this right?
I ask as a desktop layman with genuine preference for my operating system. I'm not using Linux out of spite of something else.
It seems to me that this borderlines on illegal?
Thoughts? Ideas? Interpretations?
To quote the article:
The UEFI secure boot protocol is part of recent UEFI specification releases. It permits one or more signing keys to be installed into a system firmware. Once enabled, secure boot prevents executables or drivers from being loaded unless they're signed by one of these keys. Another set of keys (Pkek) permits communication between an OS and the firmware. An OS with a Pkek matching that installed in the firmware may add additional keys to the whitelist. Alternatively, it may add keys to a blacklist. Binaries signed with a blacklisted key will not load.
This impacts both software and hardware vendors. An OS vendor cannot boot their software on a system unless it's signed with a key that's included in the system firmware. A hardware vendor cannot run their hardware inside the EFI environment unless their drivers are signed with a key that's included in the system firmware.
Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.
Last edited by mipia; 09-20-2011 at 11:00 PM.
Reason: added examples
It's only illegal (in the U.S.) if the Justice Department considers it a violation of the Sherman Antitrust Act. So long as consumers have a choice, they are unlikely to take action.
Likewise, this is only the case for companies that want to use the Windows 8 logo in advertising, on the product, or the packaging. Manufacturers can still indicate that the machine comes with Windows 8, they just have to limit how much free advertising they give Microsoft. They can provide an option to disable secure boot, disabling Windows 8, but enabling the installation of another OS. Since this lets them sell the same hardware to a larger audience, it's pretty much a nobrainer.
whether or not you use windows is not important.
The problem is that Microsoft wants future PCS to be unable to run anything except Windows.
If i understand correctly, to get the Windows 8 logos, computer manufacturers will have to comply to a bios feature that will need prevent booting anything other than Windows 8
So it's a major threat to Linux users.
Remember, it's almost impossible to buy a PC that does not have Windows on it. And the Linux users usually just erase the disk and install Linux on it. Looks like it won't be possible anymore.
What will all the Windows users do when we are not able to help them anymore with our Linux Live-CDs/USBs, when Windows is messed up once again?
Personally, If I would buy a machine that comes with an OS that forbids to run other OSes of my choice on my hardware I would sue them.
I also wonder how that would look to those people that are watching Microsoft for building a monopoly.
It took 5 years for the PS3 key to be discovered, and only then because of a flaw in the implementation they used. And that's only a single platform. It must be repeated for every model of every computer from every manufacturer. the only way around that is to get Microsoft's signing key for Windows 8, and you know that's not going to happen.
Distribution: Mandriva 2009 X86_64 suse 11.3 X86_64 Centos X86_64 Debian X86_64 Linux MInt 86_64 OS X
Posts: 2,369
Rep:
16Pide
It is possible to buy a computer without any OS preloaded .
Just go to a computer shop who build one for you according to you're spec .
Off course it is comes as a tower or midi tower .
But the problem did it still comes UEFI .
From what I read of UEFI, it is just a new interface between OS and BIOS firmware. Otherwise, it is much like a regular BIOS, I mean it can be flashed ... right ?
If someone could explain in short, what the difference between a regular BIOS and EFI are it would be very useful.
Honestly, I don't see any real benefit in UEFI over BIOS. Maybe supposedly better ACPI support, but other than that, it looks like they just pimped the BIOS graphics, added a few not too useful features, and forced it on everyone.
Last edited by H_TeXMeX_H; 09-21-2011 at 01:48 PM.
Opening the UEFI firmware doesn't change the secure behavior.
Think of it like GPG encryption. The implementation is open, but that doesn't provide any access to encrypted data.
The secure store (chip on the motherboard, tamper-resistant) contains the public key for Microsoft, signed by the hardware vendor. Microsoft has the private key, which they use to sign Windows (the message in the GPG analogy). The UEFI asks the hardware to validate the signature. UEFI never has access to the public key or the private key, though access to the public key is as meaningless as access to the GPG public key. Alter the Windows software after signing, and the validation fails. Attempt to tamper with the motherboard chip, and the machine is now permanently unable to verify signed software.
The only option is for the vendor to provide the UEFI option, via motherboard jumper or software switch, to disable secure boot. That lets you run other OS, but not signed OS. Dual booting requires opening the case or altering UEFI settings each time (not an end-user task). If the vendor does not provide the option to disable secure boot, it is a Windows-only machine.
I see, I thought it might be something similar to GPG with the signing.
Still, the PS3 was broken, it's not impossible to hack this. It may take years.
If it is exactly as you said and there is no way around, I'm not buying any computer pre-installed with Window$ 8. I always build my own desktop computers, but laptops and netbooks often come with Window$.
Typical Microsoft, lean on the hardware manufacturers to favor their business. They're trying to be Apple. As the article points out, manufacturers will probably make a lot of cheaper machines without the ability to disable the UEFI counting on the average consumer not knowing or caring. The sticker should say Windows 8 only, not ready or compatible. Feh.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.