Red Hat Linux paying to get past UEFI restrictions
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
and all the pundits said that the manufactures would NOT SHOOT themselves in the head by implementing this WITHOUT an easy way to disable it .It looks like they were a bit off
well -- our new overlords
" We are the Microsoft ,we will add your technological distinctiveness to our own. Your culture will adapt to service us. Resistance is futile, you will be assimilated "
In which way does this indicate that the hardware manufacturers will not implement the option to disable Secure Boot?
I also can't see how this is related to Microsoft, except that Red Hat has bought the Microsoft key from Verisign.
Of course Red Hat will jump onto this bandwagon, they have to. Red Hat is a commercial entity and in the future for many (most?) customers Secure Boot will be a requirement in their corporate environment (and their is nothing bad in that). So they have to adapt and using the same key as Microsoft is the most logical option, since any board out there that comes with the Secure Boot feature will have the Microsoft key in their ROMs. So with this move Red Hat gets maximum compatibility where Secure Boot has to be enabled.
This is a big deal because soon people will not be able to install Linux on hardware that they buy unless they screw with the firmware, something many users are not comfortable with. They also have the option of buying a $90 key.
This is also a big deal because Microsoft has the ability to disable any key, meaning that Microsoft now can disable your Linux system if you were one that paid for a key.
Screw online petitions, I say we sit in at the Microsoft headquarters.
As I understand it, they have not bought a Microsoft key, they have bought Microsoft's key. If Microsoft disables the key they will disable any Windows 8 installation.
Even if that is not the case, just go into your firmware and disable Secure Boot. You have bought a mainboard with that feature, haven't you?
Please bear in mind that one of the principles of setting up a secure installation is: "do not completely trust the sysop!" At three o'clock in the morning at the server farm, when there are no security cameras watching, it could indeed be a very easy thing to boot an otherwise-secure computer using a Linux DVD-ROM and to thereby bypass security controls, say for the purposes of industrial espionage. Given this unfortunate reality, it may well be that you profoundly want a meaningful defense against that possibility. Indeed, your relationship with (say...) credit-card providers ("PCI") probably demands it.
Red Hat, of course, is a particularly corporate-focused player. They do have thousands of installations out there, many of them right alongside Windows installs within the same secure farm, owned by the same company and working together in the same security-mandatory scenarios. So, to my view, it makes absolutely 100% sense to me that they would do this, and that they would do this in this way. It's not surprising that license fees and/or royalties might be involved; certainly costs are involved. No "1984" talk here ... I think that I rather instantly understand what they did and why they did it, and also why they might do it when other Linux distro vendors might not make an identical choice. I really don't think that to say, "to get by..." is the right way to describe it; not at all.
Last edited by sundialsvcs; 06-05-2012 at 09:36 PM.
If Microsoft disables the key they will disable any Windows 8 installation.
I am a paranoid person in general, I would not put it past M$ and/or the government to disable the key and make nearly every computer in the country un-bootable. Sure they say that the hardware will have an option to disable secureboot, this is what they say now, just wait 5 years down the road when to be PCI compliant, the hardware can't have an option to turn off secureboot. Then the vendors will quit giving the option of disabling secureboot.
Something similar was said about TPM some years ago, but actually nothing happened. Let's see how it goes.
Here an update from Red Hat to clarify some things: http://www.redhat.com/about/news/arc...fi-secure-boot
If I were a malware writer, I would write code that would install a root kit in Microsoft Windows computers, then leak out the information to people that all they have to do to get their compute working again is to turn off the UEFI. The computer users would then turn it off, and start up their computers. They would have their anti-virus software remove the root kit, and their computers would be clean of the malware, and ready for another root kit to be installed, without them even knowing that a second root kit had been installed, because they would not bother to turn the UEFI back on again, since why bother since they regularly get viruses even with the UEFI turned on.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.