Linked by Elv13 on Sun 17th Jun 2012 10:35 UTC
Hardware, Embedded Systems "The UEFI secure boot mechanism has been the source of a great deal of concern in the free software community, and for good reason: it could easily be a mechanism by which we lose control over our own systems. Recently, Red Hat's Matthew Garrett described how the Fedora distribution planned to handle secure boot in the Fedora 18 release. That posting has inspired a great deal of concern and criticism, though, arguably, about the wrong things."
Order by: Score:
EU commision
by Vanders on Sun 17th Jun 2012 11:09 UTC
Vanders
Member since:
2005-07-06

Personally I'm expecting the entire Secure Boot system to be referred to the EU competition commission in about 3 seconds flat once hardware begins to appear, and I don't expect them to be wildly excited by it either.

Reply Score: 13

RE: EU commision
by JAlexoid on Mon 18th Jun 2012 00:00 UTC in reply to "EU commision"
JAlexoid Member since:
2009-05-19

Specifically because EU (Commission and other institutions) dislikes everything MS does by default. Microsoft having a hold on secure boot will not go down well.

Reply Score: 2

Much nicer...
by ronaldst on Sun 17th Jun 2012 12:14 UTC
ronaldst
Member since:
2005-06-29

if the industry would have gotten rid of the BIOS altogether. Such an unnecessary layer of software.


Here's a Samsung Chromebook with CoreBoot instead of the regular BIOS or UEFI:
http://www.youtube.com/watch?v=RypqMqtTPs8

Reply Score: 3

RE: Much nicer...
by Elv13 on Sun 17th Jun 2012 18:18 UTC in reply to "Much nicer..."
Elv13 Member since:
2006-06-12

BIOS is 1 million time better than those "bios less" arm/blackfin devices. It is better to have a standardized boot layer than per device custom and incompatible ones. And no, uBoot is not standardized.

Reply Score: 3

RE[2]: Much nicer...
by tylerdurden on Sun 17th Jun 2012 23:51 UTC in reply to "RE: Much nicer..."
tylerdurden Member since:
2009-03-17

Oh, dear...

Reply Score: 2

Comment by ssokolow
by ssokolow on Sun 17th Jun 2012 14:35 UTC
ssokolow
Member since:
2010-01-21

When BIOS-based motherboards are no longer available, I plan to specifically source hardware which works well with CoreBoot, but what really worries me is when machines with buggy key resetting (and WinRT+ARM machines) start showing up in thrift and refurb shops.

Reply Score: 4

v About time for more secure OS's
by jefro on Sun 17th Jun 2012 15:52 UTC
the_trapper Member since:
2005-07-07

This isn't about getting things for free, or about making Windows more secure, it's about Microsoft making yet another anti-competitive move. Look at their entire history and if you honestly think that this is all about computer bootloader security, I've got a bridge to sell you. Bootsector viruses are almost a non-issue today. Maybe back in the sneaker-net days of the late eighties and early nineties where floppy-disk boot sector viruses were a huge problem, something like this would've been very helpful. However, today, if you encounter a virus that can attach itself to your boot process, it can also attach itself to other software much higher up the stack with just as much utility to an attacker.

What makes more sense to you, that they are locking the bootloaders to protect against an almost non-existent security threat, or that they are finally so terrified of competition with Linux and Android that they are trying to lock them out?

Reply Score: 14

ephracis Member since:
2007-09-23

I think the real target is Android or any OS that can replace Windows on tablets. Making it a hassle to install Linux on your desktop is just a bonus.

Reply Score: 6

lucas_maximus Member since:
2009-08-18

Actually boot sector viruses are making a come back.

Reply Score: 3

the_trapper Member since:
2005-07-07

Actually boot sector viruses are making a come back.


UEFI isn't that bad. I kid, I kid.

Reply Score: 9

lucas_maximus Member since:
2009-08-18

:|

Reply Score: 2

justsayin Member since:
2012-06-18

The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.

The solution is to fix it not to cry about it. An openbios that can be locked is a solution.

The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.



I registered an account just to reply to your comment. The "Free" in "Free Software" stands for "Freedom", not price. It's not about getting what we want or don't want without paying any money. It's about not enjoying freedoms over the computing device we own.

You should take a look at https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot to see why there's this campaign from the free software community against secure boot.

Reply Score: 2

lucas_maximus Member since:
2009-08-18

Nobody cares outside of RMS and his fanatics.

Reply Score: 0

jefro Member since:
2007-04-13

Why can't anyone fix an issue? Instead it is easier to cry foul.
"
The solution is to fix it not to cry about it. An openbios that can be locked is a solution.
"
So get off your silly notions about what free is and either pay to get a fix or have someone or yourself fix the issue.

The issue is around us every day. Only task a 9 year old to know about rootkits, virus's and malware. Every major OS company knows how dangerous the whole issue it. They can't simply not rely on software to fix the problem. We as in both MS and other OS users need to have more secure systems.

There is NO FREEDOM while under the threat of hackers. That is not free to me at all. My credit, my personal medical history, my entire life now resides on computers that are subject to attack. Sure if you are a 24 YO that doesn't have any money or job you many not care but I do.

Get secure to quit talking.

Reply Score: 0

Alfman Member since:
2011-01-28

jefro,

I think your understanding of secure boot is flawed to be suggesting that linux users (and the alternative OS crowd at large) are crying about fixing the problem themselves. We're certainly not crying because we're lazy or incapable of implementing secure boot ourselves. If this is what you think, then your assumptions are invalid. To gain a better understanding of why secure boot is so controversial, for starters you should read Matthew Garrett's reports.

The problem for us is that even if we implement secure boot in our alternative/independent/non-commercial/etc operating systems, it will not run on off the shelf consumer hardware in secure boot mode because it's not signed by microsoft's key. Microsoft is going to be alone in having a "skeleton" key that can run on 100% of secure boot enabled consumer hardware.


You see, it's NOT a matter of us making our operating systems secure boot compliant, it's a matter of who controls the keys. Very few independent software developer has the power to get their keys in consumer devices that would otherwise support their code, not even Red Hat does. This is why they are seeking to boot as a subordinate to microsoft's bootloader & keys, because at least that way Fedora will boot everywhere windows can. However by doing so they've implicitly granted microsoft the technical ability and right to control our usage of Fedora Linux on our own machines, which is outrageous.

In principal, we believe the owners should control their own keys to their own hardware.

Secondly, there are plenty of security issues with the design of secure boot itself. As these new secure boot systems enter consumer homes, all windows users will be vulnerable to signed & hacked Fedora images, all Fedora users will be vulnerable to signed & hacked Windows images. Remember to add in everyone else who gets permission to branch off microsoft's bootloader. Secure boot with MS keys necessarily becomes a global failure mode where the weakest link dictates the security of the whole model. What do you think about that? From a security perspective, this is awful, and there's no good reason for it.

Of course they might resort to revoking/reissuing 3rd party keys of legitimate partners who've been compromised, but that'll cause it's own havoc. We're not protesting a secure boot feature in general so much as the current flawed and restricted implementation of it.

Reply Score: 3

WereCatf Member since:
2006-02-15

The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.


Way to misunderstand everything. I wonder which rock you've been living under.

You see, SecureBoot is controlled by a single entity with absolute power over it, there is no standardized way of creating keys when needed and no design committee to oversee its development. Since it is controlled by a single entity Microsoft can simply refuse to accept requests for keys on a whim. This is a clearly anti-competitive move designed to make using non-Windows operating systems much more difficult.

There is nothing wrong per se in trying to protect a system against boot sector viruses, but it should be made in such a way that there is a documented path for creating new keys via some form of a standards body consisting of multiple entities, and there should similarly be a clearly documented standardized way of disabling SecureBoot. Why a standards body then, you ask? Well, so that multiple entities can strutinize the proposals, to point out flaws and possible improvements that a single entity managing it would possibly miss, and to ensure cross-platform compatibility and end-user benefit.

The solution is to fix it not to cry about it. An openbios that can be locked is a solution.


No, it is not. You cannot e.g. expect IT personnel to install Openbios on every single device they may have to fix.

The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.


How would that protect against boot-sector viruses? If the write switch is off then it protects against no viruses, and if it is on the whole disk can only be used for reading stuff, ie. it would be inherently useless, ergo everyone would just keep it switched off -> no protection.

Reply Score: 6

quackalist Member since:
2007-08-27

OK, I'll come clean, it was me that pressed that button. Just couldn't help myself.

Reply Score: 1

Soulbender Member since:
2005-08-18

Except secure boot doesn't solve any real security problem. It's obviously just a move by MS to stifle current and future competition.

MS and other companies do pay real people to have real jobs and have real lives.


WHY WON"T SOMEONE THINK OF THE CHILDREN...errr...JOBS?!?!

Edited 2012-06-18 03:31 UTC

Reply Score: 4

RE: About time for more secure OS's
by gilboa on Mon 18th Jun 2012 10:16 UTC in reply to "About time for more secure OS's"
gilboa Member since:
2005-07-06

MS and other companies do pay real people to have real jobs and have real lives.


I wonder if I should tag this comment:
-1 irrelevant.
-1 incorrect.
-1 troll.

What the **** does a locked boot loader with no user-controlled off switch (E.g. on ARM) have to do with MS' paying real money to their employees?

Newsflash! There are number [1] of [2] multi-billion [3] companies [4] that use / contribute to [5] open [6] source [7], and Gee, they, too, have real employees earning real paychecks.
(And trust me, this list is *very* partial)

- Gilboa
[1] http://finance.yahoo.com/q?s=ibm&ql=1
[2] http://finance.yahoo.com/q?s=GOOG
[3] http://finance.yahoo.com/q?s=INTC
[4] http://finance.yahoo.com/q?s=ORCL
[5] http://finance.yahoo.com/q?s=SSNLF
[6] http://finance.yahoo.com/q?s=VMW
[7] http://finance.yahoo.com/q?s=RHT&ql=0

Edited 2012-06-18 10:20 UTC

Reply Score: 9

Secure Boot is a joke
by TheKurrgan on Sun 17th Jun 2012 18:21 UTC
TheKurrgan
Member since:
2010-07-28

I can see no benefit to secure boot. As it has been stated, its a nearly non existant security problem. However, to state that they are terrified of android/linux is a bit reaching; Numbers speak volumes, and they have a lot more to worry about from Apple than from Linux on the desktop market. While it is clearly anti-competitive, I dont see where it is really going to help given that their biggest competitor is Apple, who will never release OSX to function on non-apple hardware and therefore, secureboot makes not difference to in terms of competition. The only place that this could come in to effect is in servers, where Microsoft is still battling linux, however server manufacturers have not been blindly and exclusively producing products for Windows Servers ever, and I would venture to guess that if any server hardware lacked the ability to turn secure boot off so a unix OS could be loaded, it'd likely flop.
That said, the only point I can see in SecureBoot is that it would be the first step in solidifying Microsofts position in application distribution to their platform, ala Apple App store.
All this will only matter if Metro manages not to completely tank.
I personally will never use Windows 8 because of Metro, and will not shrink from speaking badly of people who mindlessly use it on a desktop because its new and cool. Never been a really huge fan of Apples mentality, but after Win8, they will have the only viable desktop option available to mainstream consumers.
Linux for us people will always be an option, but the fragmentation and frankly the lack of coordination will always make it a lesser choice for most consumers and manufacturers alike.

Reply Score: 2

RE: Secure Boot is a joke
by lucas_maximus on Sun 17th Jun 2012 22:03 UTC in reply to "Secure Boot is a joke"
lucas_maximus Member since:
2009-08-18

I personally will never use Windows 8 because of Metro, and will not shrink from speaking badly of people who mindlessly use it on a desktop because its new and cool.


How dare people use something because the like it.

Reply Score: 2

RE: Secure Boot is a joke
by Lennie on Sun 17th Jun 2012 22:15 UTC in reply to "Secure Boot is a joke"
Lennie Member since:
2007-09-22

UEFI isn't about the desktop, that is just a bonus.

Microsoft wants the ARM-devices that run Windows 8 to be Windows 8 only. They specifically say you can't disable UEFI on those devices.

And they know they can probably get away with it, because (currently) Microsoft has no dominant position in that market.

Reply Score: 5

MS does not make the efi, uefi or bios
by tjw344 on Sun 17th Jun 2012 19:23 UTC
tjw344
Member since:
2012-06-17

(didn;t read the post above me till after I posted, he makes some good points, except for his dislike of Metro, which I feel will integrate well with my entire set of devices including the xbox and such, plus I think they are looking to the future and realizing that the desktop is not going to be around in 10 years or so)
MS doesn't make the bios, the company your looking for is pheonix or the like. They currently do not pay anyone to make bios's. They have a deal set for Pheonix to secure it. Doing this does not provide any extra jobs, but it does attempt to lock their OS in the market. As far as security, I don't know how much more secure it can make it, as linux and Mac don't have secure boot, yet they are not criticized for being insecure. The disk can still be easily read from a third party, by simply writing it to another disk and then booting the other disk. Think it is more about maintaining market share. Please give me some info if I am wrong.
As for what fedora is doing, I don't think they should have done anything. I think the opensource community should have stuck together on this one and fought it as an infringement on my right to do what I want with my computer. Similar things have happened in the android and ios community. The courts ruled that we can do whatever we like with our devices, like rooting, and cannot be prevented from doing so (albeit there do exist so drawbacks such as breaking of warranty, which is understandable)

Edited 2012-06-17 19:38 UTC

Reply Score: 1

Lennie Member since:
2007-09-22

If properly combined with TPM (Trusted Platform Module for Trusted Computing) they can make it about as "secure" as XBox 360.

Which took a 16 months before it was cracked.

I think there might not have been enough interrest from the really good hackers at first though, so it might have been a bit longer because of that.

Reply Score: 3

lucas_maximus Member since:
2009-08-18

However most don't bother because they get their XBOX live subscriptions banned.

Reply Score: 2

Yoko_T Member since:
2011-08-18

(didn;t read the post above me till after I posted, he makes some good points, except for his dislike of Metro, which I feel will integrate well with my entire set of devices including the xbox and such, plus I think they are looking to the future and realizing that the desktop is not going to be around in 10 years or so)
MS doesn't make the bios, the company your looking for is pheonix or the like. They currently do not pay anyone to make bios's. They have a deal set for Pheonix to secure it. Doing this does not provide any extra jobs, but it does attempt to lock their OS in the market. As far as security, I don't know how much more secure it can make it, as linux and Mac don't have secure boot, yet they are not criticized for being insecure. The disk can still be easily read from a third party, by simply writing it to another disk and then booting the other disk. Think it is more about maintaining market share. Please give me some info if I am wrong.
As for what fedora is doing, I don't think they should have done anything. I think the opensource community should have stuck together on this one and fought it as an infringement on my right to do what I want with my computer. Similar things have happened in the android and ios community. The courts ruled that we can do whatever we like with our devices, like rooting, and cannot be prevented from doing so (albeit there do exist so drawbacks such as breaking of warranty, which is understandable)


Let's be perfectly honest here. This UEFI bullshit is being inflicted on us by the same bunch of assholes within Fedora who decided to inflict the half-baked garbage known as Gnome 3 upon unsuspecting users of Fedora.

Reply Score: 1

the_trapper Member since:
2005-07-07

Let's be perfectly honest here. This UEFI bullshit is being inflicted on us by the same bunch of assholes within Fedora who decided to inflict the half-baked garbage known as Gnome 3 upon unsuspecting users of Fedora.


Ummm, yeah where to begin.

See Linux is different than the other OSes you're probably used to. You hate Gnome 3? No problem, you can install MATE (Gnome 2 kept on life support), KDE, XFCE, LXDE, WindowMaker, TWM, or just hit Ctrl-Alt-F2 and start using the Linux console. So Gnome 3, it wasn't forced on you.

Also, this UEFI bullshit is being orchestrated by Microsoft. Yeah, they aren't exclusive in designing and developing it, so there certainly are a few other companies to blame there. However, Microsoft are the ones who are twisting the OEMs arms into enabling it by default.

Fedora, and by extension Red Hat are just trying to figure out how to ensure that their software continues to work on these new Windows 8 stickered computers with minimal interuptions for their users. With that being said, I, like many others, am disappointed that they decided to kowtow to Microsoft, instead of putting up a fight against this clearly anticompetitive practice.

Reply Score: 2

zima Member since:
2005-07-06

In the same vein you can use Litestep, LDE(X), bbLean, Emerge Desktop on "the other OSes you're probably used to" - or just start using the Powershell. So, Explorer isn't forced on you.

Except, that's not really the case in ~corporate scenarios, where some fairly usual set of defaults does tend to be forced on users. Also when the OS is Red Hat (or its derivatives), which likely will force Gnome 3.

Reply Score: 2

Just wondering
by acobar on Sun 17th Jun 2012 19:46 UTC
acobar
Member since:
2005-11-15

To fix computers I have been using boot CDs, DVDs and pen drives for years. They are very practical and get the job done. I wonder what will happen then if the secure boot Microsoft designed start to refuse such tools. Microsoft own solution was never ever on par with hand crafted 3rd parties ones.

I believe that all this will make hard to me to clean the mess that enter the "Microsoft Windows opened" and also will make it more expensive, time and money wise.

My bet is the MS wants to fight the piracy more effectively, that the system would be strengthened against attacks is probably a side effect. Many exploits exist that work around MS registration/validation by interfering exactly on this stage of OS loading to be able to deliver their payload.

Reply Score: 4

RE: Just wondering
by pgeorgi on Sun 17th Jun 2012 20:27 UTC in reply to "Just wondering"
pgeorgi Member since:
2010-02-18

I believe that all this will make hard to me to clean the mess that enter the "Microsoft Windows opened" and also will make it more expensive, time and money wise.

For the time being, you will be able to disable secureboot in the UEFI menu somewhere. Fedora's issue with that solution is that UEFI isn't standardized, so they can't tell their customers 3 simple steps to unlock the device.

My bet is the MS wants to fight the piracy more effectively, that the system would be strengthened against attacks is probably a side effect.

There's a NIST paper on securing systems which also includes firmware level attacks. I'd expect that secureboot has something to do with that rather than licensing concerns - they might need to lock that area down to be able to pass the next level Common Criteria certification.

The issue is also more pressing with UEFI than with BIOS since UEFI is so much more powerful than BIOS - you can load rather arbitrarily sized 32bit modules (built by a modern C compiler), which have access to everything a modern OS provides (threads, networking, plenty of memory). With "UEFI Shell" they basically admitted that UEFI _is_ an Operating System (whose main purpose - for now - is to load another OS).

This cozy environment simplifies attacks somewhat compared with the old BIOS situation.

Reply Score: 2

RE[2]: Just wondering
by Soulbender on Mon 18th Jun 2012 04:01 UTC in reply to "RE: Just wondering"
Soulbender Member since:
2005-08-18

they might need to lock that area down to be able to pass the next level Common Criteria certification.


Security designed by bean-counters, is there anything better?

Reply Score: 1

RE[3]: Just wondering
by pgeorgi on Mon 18th Jun 2012 08:56 UTC in reply to "RE[2]: Just wondering"
pgeorgi Member since:
2010-02-18

Security designed by bean-counters, is there anything better?

The design isn't common criteria. Only the requirements as to what the system is supposed to withstand - and those are quite sound.

Reply Score: 3

RE[4]: Just wondering
by Soulbender on Mon 18th Jun 2012 08:58 UTC in reply to "RE[3]: Just wondering"
Soulbender Member since:
2005-08-18

Good. I stand corrected then.

Reply Score: 2

ARM
by Moredhas on Sun 17th Jun 2012 20:40 UTC
Moredhas
Member since:
2008-04-10

While it's already bad enough that Microsoft is requiring OEMs to use UEFI on their Windows 8 machines, it's downright disgusting that they have mandated it be completely locked on ARM devices, more so that they have the leverage to demand that. The justification is that it isn't anti-competitive on ARM because Windows lags behind on tablets, but that argument collapses when you consider there may (will) be ARM desktops and ultrabooks (well, Intel owns the word "ultrabook", but a rose by any other name...). Microsoft still dominates that market, and consumers really are too dumb to understand what "CPU architecture" means (I dropped that term to a customer by accident, recently, and he thought I meant the form of the case), and why their Windows will have less capabilities than their friend's.

Reply Score: 4

RE: ARM
by Lennie on Sun 17th Jun 2012 22:25 UTC in reply to "ARM"
Lennie Member since:
2007-09-22

It is going to take a year or more before people know they should ask what type of Windows it is running so they can run their existing applications on it.

It is like Windows Vista, even "your grandmother" would ask if it was running Vista and wouldn't buy it if she couldn't get something else on it.

Reply Score: 1

RE[2]: ARM
by lucas_maximus on Mon 18th Jun 2012 13:03 UTC in reply to "RE: ARM"
lucas_maximus Member since:
2009-08-18

It is like 2005 all over again, the same "grandmother" comments .

Reply Score: 2

RE[2]: ARM
by zima on Wed 20th Jun 2012 14:12 UTC in reply to "RE: ARM"
zima Member since:
2005-07-06

It is like Windows Vista, even "your grandmother" would ask if it was running Vista and wouldn't buy it if she couldn't get something else on it.

And now everybody loves Vista SE.

People might yet love Win9, after grumbling for some time about Win8, even if 9 will be mostly just Win8 SE / Metro 2.0.

Reply Score: 2

uefi disable
by l3v1 on Mon 18th Jun 2012 05:58 UTC
l3v1
Member since:
2005-07-06

On several occasions I've seen and heard the argument that easy disabling (e.g. including a simple switch in the bios/whatever you want to call it) should be a no-go. Then for crying out loud, at least provide a jumper on the mobo in an accessible place (anywhere on desktop/server boards, and near the ram slots on laptops) where those who care enough, can disable it.

Going for abominations like this Fedora plan (where you can't use your own compiled kernel, modified drivers, etc.) should be the absolute no-go, and distro makers should not offer to voluntarily go with MS's lockout plan. Instead they should join the effort in full to lobby for including the option to switch off UEFI SB on every and each UEFI hardware.

Reply Score: 7

RE: uefi disable
by pgeorgi on Mon 18th Jun 2012 09:02 UTC in reply to "uefi disable"
pgeorgi Member since:
2010-02-18

distro makers should not offer to voluntarily go with MS's lockout plan.

Except if they want to compete in the server business (RHEL vs. Windows Server 8). Having a checkbox to tick "protected boot process" might come in useful when trying to secure government contracts, whereas having that checkbox empty might hurt sales.
Even NIST is aware that firmware level attacks might be a problem.

MJG is paid by Redhat, and so he will work on what's best for them. Compiling your own kernel is so far down the requirements lists for enterprise servers that they don't care about it much. They just need a way to _somehow_ get around the lock-down for their own development (and the geeks) - and right now, there is.

Reply Score: 3

RE[2]: uefi disable
by acobar on Mon 18th Jun 2012 12:56 UTC in reply to "RE: uefi disable"
acobar Member since:
2005-11-15

I failed to see how the proposed solution is somewhat unfitting. He asked for a simple jump or switch on motherboards, nothing more. I think it is the best and simplest solution I ever heard. It will not lessen what Red Hat can do or claim for their systems and provides a fair level playing field for all others involved on linux/*BSD, or whatever camps.

Reply Score: 3

RE[3]: uefi disable
by pgeorgi on Mon 18th Jun 2012 16:00 UTC in reply to "RE[2]: uefi disable"
pgeorgi Member since:
2010-02-18

I failed to see how the proposed solution is somewhat unfitting. He asked for a simple jump or switch on motherboards, nothing more. I think it is the best and simplest solution I ever heard.

After some kicking and screaming, Microsoft was coerced to require a soft switch (somewhere in the firmware menu) to disable secureboot in order to gain the Windows 8 Logo. That's not the concern.

There are numerous others, eg.: Will that switch cease to exist sometimes, eg. with Windows 9 Logo? Why can you only ever sign files, incl. UEFI drivers with one signature, which grants an effective monopoly to Microsoft?

It will not lessen what Red Hat can do or claim for their systems and provides a fair level playing field for all others involved on linux/*BSD, or whatever camps.

Using such a switch (no matter if hardware or software) prevents the "boots securely" checkbox item on the RHEL sales material. Redhat _needs_ secureboot capability - not so much for Fedora, but for RHEL.
I guess that they do it for Fedora is just a way to get it tested before they run it by their paying customers.

Reply Score: 2

RE[4]: uefi disable
by acobar on Mon 18th Jun 2012 23:43 UTC in reply to "RE[3]: uefi disable"
acobar Member since:
2005-11-15

Using such a switch (no matter if hardware or software) prevents the "boots securely" checkbox item on the RHEL sales material.

If they NEED such thing, just REFUSE to boot on machines where this feature is available and was disabled. Nothing more, nothing less. It keep its toys and let the others play with theirs.

Edited 2012-06-18 23:44 UTC

Reply Score: 2

RE[5]: uefi disable
by pgeorgi on Tue 19th Jun 2012 06:26 UTC in reply to "RE[4]: uefi disable"
pgeorgi Member since:
2010-02-18

"Using such a switch (no matter if hardware or software) prevents the "boots securely" checkbox item on the RHEL sales material.

If they NEED such thing, just REFUSE to boot on machines where this feature is available and was disabled. Nothing more, nothing less. It keep its toys and let the others play with theirs.
"
At some point, customers (government, big business) will _require_ "secure" booting. Telling them to buy "insecure" systems (or disabling the secure boot feature) won't fly.

Reply Score: 2

RE: uefi disable
by lucas_maximus on Mon 18th Jun 2012 13:04 UTC in reply to "uefi disable"
lucas_maximus Member since:
2009-08-18

Going for abominations like this Fedora plan (where you can't use your own compiled kernel, modified drivers, etc.) should be the absolute no-go, and distro makers should not offer to voluntarily go with MS's lockout plan. Instead they should join the effort in full to lobby for including the option to switch off UEFI SB on every and each UEFI hardware.


That would mean death to them then.

Reply Score: 2

This is an Anti-Trust Issue
by kateline on Tue 19th Jun 2012 01:25 UTC
kateline
Member since:
2011-05-19

UEFI is a clear attempt to prevent competition by a player with a near-monopoly in the market for laptop/desktop operating systems.

In the U.S. there should be anti-trust filed over this.

This would be the third go-round for MS in the anti-trust courts: the consent degree back in the 90s, then the judgement against them in 2001.

Third time's the charm, MS.

Reply Score: 0

RE: This is an Anti-Trust Issue
by zima on Wed 20th Jun 2012 14:10 UTC in reply to "This is an Anti-Trust Issue"
zima Member since:
2005-07-06

What laptop/desktop OS competition?

You really think MS will need UEFI in that area?

Reply Score: 2