Linked by Howard Fosdick on Thu 6th Dec 2012 05:26 UTC
OSNews, Generic OSes With computers now shipping with UEFI Secure Boot enabled, users of any OS other than Windows 8 will want to know how to circumvent it. Jesse Smith of DistroWatch tells how he did it here. The Linux Foundation describes its approach here. If you want to boot an OS other than Windows 8, you'll want to figure this out before you buy that new computer.
Order by: Score:
Fedora Shim
by Brendan on Thu 6th Dec 2012 07:47 UTC
Brendan
Member since:
2005-11-16

Hi,

I think Fedora are also planning to create a "shim". The basic idea is that it's signed with Microsoft's key, and boots other boot loaders.

It's possibly not that simple though - I think they're planning to allow end users to add keys to UEFI's store; so that if you try to boot a signed boot loader with the shim, it'll ask if the key should be added. This way Linux can use secure boot too; and all those dual booting Linux users don't have to worry about getting their Linux OS infected by viruses that Windows let in. :-)

- Brendan

Reply Score: 3

RE: Fedora Shim
by dionicio on Thu 6th Dec 2012 15:04 UTC in reply to "Fedora Shim"
dionicio Member since:
2006-07-12

Does this mean that,
if using Windows Signature,
and BIOS activate the network,
then Microsoft could
play with my linux?

I know that UEFI is about identity;
The first in the stack "owns" the stack.

But, could it be that
the BIOS designer,
-the non writable part of the BIOS-
is the real "owner" of the stack?

Reply Score: 2

RE[2]: Fedora Shim
by ssokolow on Thu 6th Dec 2012 18:10 UTC in reply to "RE: Fedora Shim"
ssokolow Member since:
2010-01-21

Does this mean that,
if using Windows Signature,
and BIOS activate the network,
then Microsoft could
play with my linux?

I know that UEFI is about identity;
The first in the stack "owns" the stack.

But, could it be that
the BIOS designer,
-the non writable part of the BIOS-
is the real "owner" of the stack?


Looks that way.

http://mjg59.dreamwidth.org/11235.html

Also, the reference UEFI implementation most motherboard builders are using is demonstrably buggy and at least as complex as your average OS kernel.

https://www.youtube.com/watch?v=V2aq5M3Q76U

One of the reasons I'll probably be trying to source BIOS-based motherboards for as long as possible and, when that's no longer an option, I'll try to source something known to support reflashing with CoreBoot so I can prune it down to the minimum amount of code needed to boot Linux.

http://www.coreboot.org/

On the plus side, it does mean plenty of room for rooting the UEFI itself which could really put some egg on Microsoft's face.

(I'm sort of hoping that UEFI rootkits make such a mess of things that Microsoft is forced to backpedal on this idiotic "kernel-sized, under-tested, buggy firmware blob" idea)

Reply Score: 4

RE: Fedora Shim
by Alfman on Thu 6th Dec 2012 15:20 UTC in reply to "Fedora Shim"
Alfman Member since:
2011-01-28

Brendan,

"I think Fedora are also planning to create a 'shim'. The basic idea is that it's signed with Microsoft's key, and boots other boot loaders."

It's not exactly that simple. Because of the way secure boot was designed (for 3rd party control rather than security), it cannot pass control back to users without compromising security.

Consider that malware could exploit this and install the unrestricted bootloader (signed by microsoft's key) and then install a backdoor through the unrestricted bootloader. This would break secure boot's security on every secure boot desktop in the world and not just your desktop. Now MS would be forced to admit that secure boot is permanently broken, or it would revoke Fedora's key and break legitimate linux installs everywhere.


This is another reason I hate microsoft's secure boot design. Even if they had the best of intentions, it creates a single point of failure. One bug or leak breaks everybody's secure boot security worldwide. It just reaffirms how secure boot has been designed for 3rd party control rather than security.


The shim you referred to can only run locked down versions of linux running signed components. It's probably ok for normal users, but it's not the same free/open linux kernel that we're fond of. We'll become dependent upon Fedora provided kernels, and they'll become dependent upon MS, all so that home users can dual boot a restricted linux on their own machines.

Reply Score: 8

RE[2]: Fedora Shim
by bornagainenguin on Fri 7th Dec 2012 05:53 UTC in reply to "RE: Fedora Shim"
bornagainenguin Member since:
2005-08-07

Alfman posted...

This is another reason I hate microsoft's secure boot design. Even if they had the best of intentions, it creates a single point of failure. One bug or leak breaks everybody's secure boot security worldwide. It just reaffirms how secure boot has been designed for 3rd party control rather than security.


Which is exactly why the hacking scene needs to get on breaking this single point of failure as hard and spectacularly as they can, then release something that crashes every system running "secure boot" in such a way to make it clear that it is worse than useless at what it was ostensibly designed to do. Better yet it needs to crash the hardware in such a way the OEMs are liable and it costs them enough pain they instinctively shy away from any future types of such systems. Maybe then it would make the whole thing go away again...

--bornagainpenguin

Reply Score: 5

RE[3]: Fedora Shim
by ssokolow on Fri 7th Dec 2012 13:01 UTC in reply to "RE[2]: Fedora Shim"
ssokolow Member since:
2010-01-21

Alfman posted...
"This is another reason I hate microsoft's secure boot design. Even if they had the best of intentions, it creates a single point of failure. One bug or leak breaks everybody's secure boot security worldwide. It just reaffirms how secure boot has been designed for 3rd party control rather than security.


Which is exactly why the hacking scene needs to get on breaking this single point of failure as hard and spectacularly as they can, then release something that crashes every system running "secure boot" in such a way to make it clear that it is worse than useless at what it was ostensibly designed to do. Better yet it needs to crash the hardware in such a way the OEMs are liable and it costs them enough pain they instinctively shy away from any future types of such systems. Maybe then it would make the whole thing go away again...

--bornagainpenguin
"

Shouldn't be too hard when you have a modular firmware that's essentially an OS unto itself. (as complex as an OS kernel, high-level programming interface, standard library of helper functions, its own drivers for things like the network card, facilities for storing what (depending on the vendor) could potentially be megabytes of data in on-motherboard non-volatile storage, etc.)

I'm hoping for the day when a piece of malware comes out that waits for its creator to inform it of a 0-day exploit, then exploits Windows and UEFI to set up shop as a UEFI rootkit and resist all attempts to remove it without desoldering the flash chip and replacing it.

It'd be a fiasco worse than the Intel FDIV bug and it's completely possible because:

1. Every motherboard manufacturer is using Intel's reference implementation of UEFI with their own modules added in. It's effectively a monoculture like Windows. Hardware variations don't really matter.

2. They discover new bugs in the reference implementation quite often. It's like Windows in that way too.

Edited 2012-12-07 13:11 UTC

Reply Score: 5

RE[4]: Fedora Shim
by dionicio on Tue 11th Dec 2012 14:21 UTC in reply to "RE[3]: Fedora Shim"
dionicio Member since:
2006-07-12

The UEFI "fiasco" is a good label for the actual delivery of UEFI implementations...

Reply Score: 1

RE[4]: Fedora Shim
by zima on Wed 12th Dec 2012 17:24 UTC in reply to "RE[3]: Fedora Shim"
zima Member since:
2005-07-06

2. They discover new bugs in the reference implementation quite often. It's like Windows in that way too.

Or like Linux ...or like pretty much any OS, you know.

Reply Score: 2

RE[3]: Fedora Shim
by Alfman on Fri 7th Dec 2012 15:55 UTC in reply to "RE[2]: Fedora Shim"
Alfman Member since:
2011-01-28

bornagainenguin,

Implementation bugs can be a problem. I was actually referring to how we effectively have one key (microsoft's) controlling the hardware/firmware secure features on every consumer computer from now on is an inherently poor security design. This is not something a competent standards security engineer could have signed off on unless there were ulterior motives. Of course they were working for microsoft so there you go.

I agree that finding an implementation vulnerability will be an embarrassment, but realistically what do we think will happen? I believe they'll just fix the implementation & release patches, and then continue down the same path.

Edited 2012-12-07 16:00 UTC

Reply Score: 3

RE[4]: Fedora Shim
by ssokolow on Fri 7th Dec 2012 16:31 UTC in reply to "RE[3]: Fedora Shim"
ssokolow Member since:
2010-01-21

I agree that finding an implementation vulnerability will be an embarrassment, but realistically what do we think will happen? I believe they'll just fix the implementation & release patches, and then continue down the same path.


That is, assuming they can convince the motherboard manufacturers to support things to a suitable degree.

This is basically like Android but with less thought put into how patches are going to get made and distributed for each of the gazillion different motherboard models that'll go on the market, each needing its own combination of proprietary EFI add-on modules to work.

Reply Score: 2

RE[5]: Fedora Shim
by Alfman on Fri 7th Dec 2012 17:58 UTC in reply to "RE[4]: Fedora Shim"
Alfman Member since:
2011-01-28

ssokolow,

"That is, assuming they can convince the motherboard manufacturers to support things to a suitable degree."

Haven't they already?

Reply Score: 2

RE[6]: Fedora Shim
by ssokolow on Fri 7th Dec 2012 18:29 UTC in reply to "RE[5]: Fedora Shim"
ssokolow Member since:
2010-01-21

ssokolow,

"That is, assuming they can convince the motherboard manufacturers to support things to a suitable degree."

Haven't they already?


You honestly expect motherboard manufacturers to obsessively release patches for every single motherboard they offer for the entire 5-10 year lifespan of the manufactured boards and not screw up getting them actually installed in the end users' PCs?

Last I checked, with BIOS-based motherboards, the solution was "release something tested, expect no more than 1% of users to need to update, and possibly provide updates when a hardware incompatibility or software bug is discovered."

(I know of at least once instance where a Gigabyte rep insisted that it must be the owner's fault that a fully-updated BIOS was still exhibiting a problem... maybe because they were running Linux before the problem was also proven to be present on Windows)

I seriously doubt motherboard manufacturers are prepared to handle reliably providing ongoing security fixes for what is essentially a small operating system.

Reply Score: 3

RE[7]: Fedora Shim
by Alfman on Fri 7th Dec 2012 22:40 UTC in reply to "RE[6]: Fedora Shim"
Alfman Member since:
2011-01-28

ssokolow,

"You honestly expect motherboard manufacturers to obsessively release patches for every single motherboard they offer for the entire 5-10 year lifespan of the manufactured boards and not screw up getting them actually installed in the end users' PCs?"

The good ones will offer updates to older MBs retroactively, the others will only fix it going forward. Either way real defections seem unlikely.

"I seriously doubt motherboard manufacturers are prepared to handle reliably providing ongoing security fixes for what is essentially a small operating system."

There's a huge technical difference. A real OS has to be secure while running arbitrary user programs. With UEFI, you'll be hard pressed to find the opportunity to run your code in the first place because it's not authorized. So you might have to find an OS level vulnerability to get system access in order to exploit the UEFI vulnerability.

Although that's likely to happen eventually, it would become more useful to real hackers than users who just want to run linux. Once the windows vulnerability gets fixed, the UEFI one becomes inaccessible again.

Edited 2012-12-07 22:44 UTC

Reply Score: 2

Comment by Drumhellar
by Drumhellar on Thu 6th Dec 2012 08:11 UTC
Drumhellar
Member since:
2005-07-12

That's like 'circumventing' the lock on a car door by climbing through the other unlocked door, reaching over, and hitting a switch.

However, those are instructions on disabling secure boot, which is something different.

Reply Score: 4

I did my homework
by OSGuy on Thu 6th Dec 2012 08:32 UTC
OSGuy
Member since:
2006-01-01

I am getting a new laptop and of course comes with Windows 8 which I will either W7nize it or install Windows 7 64-bit. I already purchased W7 64-bit a few months ago. Anyway, before I picked the laptop, I emailed the manufacturer sales team asking if the laptop comes with TMP and if yes, I asked if it can be disabled. I was told the laptop is using UEFI but there is no TPM module installed. So this means, it has no secure boot. However it does have UEFI. Any gotchas? I hope not.

Edited 2012-12-06 08:34 UTC

Reply Score: 3

RE: I did my homework
by NuxRo on Thu 6th Dec 2012 08:58 UTC in reply to "I did my homework"
NuxRo Member since:
2010-09-25

Why not buy one without Windows?

http://lxer.com/module/newswire/view/177429/

Reply Score: 4

RE[2]: I did my homework
by Coxy on Thu 6th Dec 2012 12:00 UTC in reply to "RE: I did my homework"
Coxy Member since:
2006-07-01

Because they are crap for the price, or they only come with US keyboards.

Reply Score: 5

RE: I did my homework
by Kivada on Thu 6th Dec 2012 09:38 UTC in reply to "I did my homework"
Kivada Member since:
2010-07-07

Zareason, System76, Ohava and Think Penguin all sell machines where the ONLY preinstalled option is Linux. My guess is that they'll have you covered on circumventing UEFI.

Reply Score: 7

RE[2]: I did my homework
by moondevil on Thu 6th Dec 2012 13:02 UTC in reply to "RE: I did my homework"
moondevil Member since:
2005-07-08

They are not available everywhere though.

Reply Score: 2

RE[3]: I did my homework
by lucas_maximus on Thu 6th Dec 2012 13:50 UTC in reply to "RE[2]: I did my homework"
lucas_maximus Member since:
2009-08-18

System 76 is pretty terrible.

Reply Score: 1

RE[4]: I did my homework
by Bill Shooter of Bul on Thu 6th Dec 2012 15:45 UTC in reply to "RE[3]: I did my homework"
Bill Shooter of Bul Member since:
2006-07-14

Terrible quality wise or terrible because of the high prices? I would buy one, if the prices were more reasonable. Its much cheaper right now ( well, before UEFI secure boot) to just buy better hardware with windows on it and wipe windows off.

Reply Score: 2

RE[5]: I did my homework
by lucas_maximus on Thu 6th Dec 2012 15:55 UTC in reply to "RE[4]: I did my homework"
lucas_maximus Member since:
2009-08-18

/* Duplicate Post */

Edited 2012-12-06 16:01 UTC

Reply Score: 2

RE[5]: I did my homework
by lucas_maximus on Thu 6th Dec 2012 15:59 UTC in reply to "RE[4]: I did my homework"
lucas_maximus Member since:
2009-08-18

There has been a lot of forum posts on problems with things not working with Linux after kernel upgrades etc.

This is the most notable posts and would put me off:

http://estrip.org/articles/read/tinypliny/54588/System76_Ubuntu_Dis...

http://ubuntuforums.org/showthread.php?t=1979573

if you google there are quite a few complaints about misleading product photos and patchy quality on the second page

https://www.google.com.gi/search?q=system+76+problems&oq=system+76+p...

IMHO with laptops in my experience, it best to buy dell latitude or lenovo.

Reply Score: 2

RE[6]: I did my homework
by FishB8 on Thu 6th Dec 2012 17:13 UTC in reply to "RE[5]: I did my homework"
FishB8 Member since:
2006-01-16

I think this is very misleading. The laptops from system76 are no different than the windows laptops. They are just re-branded versions of the same hardware sold with windows installed.

Just because it's sold by system76 doesn't mean you can modify the installation without knowing what you are doing and expect it to still work.

You'll find the same type of complaints about hardware not working for just about any set of components.

I've been using a System76 laptop for about 18 months now. Dual boots windows7 and Gentoo. Works just fine.

Reply Score: 3

RE[7]: I did my homework
by lucas_maximus on Thu 6th Dec 2012 17:53 UTC in reply to "RE[6]: I did my homework"
lucas_maximus Member since:
2009-08-18

Kinda negates their main selling point then doesn't it.

Reply Score: 4

RE[6]: I did my homework
by tylerdurden on Thu 6th Dec 2012 18:48 UTC in reply to "RE[5]: I did my homework"
tylerdurden Member since:
2009-03-17

We could play the same game, I can find a few random internet posts complaining about the build quality (or technical problems with Linux) of either Lenovo or Dell laptops. And I can use those posts to tell you that their products are terrible and that you should instead buy brand XXX.


In fact, chances are that there are orders of magnitude of those posts than System 76. Given the larger market share and customer base of either of those brands.

I'm not endorsing any brand, just pointing out the fallacious nature of the argument.

Reply Score: 1

RE[7]: I did my homework
by lucas_maximus on Thu 6th Dec 2012 21:23 UTC in reply to "RE[6]: I did my homework"
lucas_maximus Member since:
2009-08-18

The fact I found so many with a simple google pretty much invalidated you argument.

If the user base is quite small, I would expect better support from them not generic equivalent. Also I surely would find it harder to find examples than simply putting in "system 76 examples, if they are such a small player.

BTW the top post was, he emailed them several times for a response and found none ... so the guy assumed they were going under (when they aren't) ... NOT GOOD.

A simple email saying that his support ticket was being looked into probably would have sufficed for the time being to let him know they were available.

Also a lot of the complaints is with their stuff supporting Linux itself ... which negates the reason for buying from them!!!

Edited 2012-12-06 21:24 UTC

Reply Score: 3

RE[5]: I did my homework
by Alfman on Thu 6th Dec 2012 16:02 UTC in reply to "RE[4]: I did my homework"
Alfman Member since:
2011-01-28

Bill Shooter of Bul,

Yea, the trouble is that non-windows computers are a niche commodity. It's often difficult to get a no-os computer from a brand name vendor with the benefits of scales of economy. They don't want the trouble of supporting non-windows users when 95% of the customers are windows users and the remaining 5% will buy the windows computers anyways to wipe them.

This ultimately results in less competition selling non-windows computers making that segment even more niche than it already is.

I build my own desktops, but for laptops I still don't have a good solution for my vendor/hardware/price/os requirements.

Reply Score: 2

RE[6]: I did my homework
by Bill Shooter of Bul on Thu 6th Dec 2012 16:10 UTC in reply to "RE[5]: I did my homework"
Bill Shooter of Bul Member since:
2006-07-14

Yeah, I understand that scale has something to do with it. But with everyone outsourcing all the work to foxconn and the like, at some point I'd imagine those to diminish a bit. As a company you still need to make some money and the price you can get on laptops will depend on the number you order, but the barier to entry is much lower than the days where you'd have to do all the assembly yourself.

Reply Score: 2

RE[7]: I did my homework
by westlake on Fri 7th Dec 2012 05:35 UTC in reply to "RE[6]: I did my homework"
westlake Member since:
2010-01-07

Yeah, I understand that scale has something to do with it. But with everyone outsourcing all the work to foxconn and the like, at some point I'd imagine those to diminish a bit.


The economies of scale in Windows extend to marketing and sales, service and support.

Then there is the lucrative after-market in sales of Windows hardware, software and peripherals.

The Windows-only THQ Humble Bundle is closing in fast on a $4 million return from 700,000 sales, with five days left to go.

Reply Score: 2

RE[6]: I did my homework
by lucas_maximus on Thu 6th Dec 2012 18:28 UTC in reply to "RE[5]: I did my homework"
lucas_maximus Member since:
2009-08-18

As I said, get Dell Latitudes or Lenovos (Thinkpad) with Intel chipsets and you are usually okay.

Reply Score: 2

RE[7]: I did my homework
by Alfman on Thu 6th Dec 2012 19:35 UTC in reply to "RE[6]: I did my homework"
Alfman Member since:
2011-01-28

lucas_maximus,

"As I said, get Dell Latitudes or Lenovos (Thinkpad) with Intel chipsets and you are usually okay."

Dells website shows some laptops are compatible with Ubuntu, but it forces me to buy a version of windows, which is part of the problem Bill_Shooter_of_Bul and I were talking about.


Incidentally, I had a horrible experience with dell. I tried buying a large stash of hard drives for a NAS, but the website informed me that bulk orders couldn't be processed through the website and I'd have to call to place the order. I called and they quoted me a price that was higher than on the website, they spoke to a manager to approve the advertised price, and I gave them my credit card info and I thought my order was placed. But after several days I hadn't received any kind of confirmation and the drives hadn't arrived. I tried calling the rep but there was no answer. I called sales, and they told me my rep was on vacation and that they couldn't find my order, but they didn't want to ship other drives if my original order had already gone out, they had me wait for the original guy to get back. He forgot to place the order.

Now I know accidents happen and this is probably not typical, but my order was delayed by two weeks because they didn't handle it, and to top it all off I did not get so much as an apology from them. I've stuck with newegg since, however they don't offer any linux computers.

Reply Score: 2

RE[6]: I did my homework
by zima on Tue 11th Dec 2012 00:40 UTC in reply to "RE[5]: I did my homework"
zima Member since:
2005-07-06

the trouble is that non-windows computers are a niche commodity. It's often difficult to get a no-os computer from a brand name vendor with the benefits of scales of economy. They don't want the trouble of supporting non-windows users [...]
I build my own desktops, but for laptops I still don't have a good solution for my vendor/hardware/price/os requirements.

But those big PC makers do sell no-OS (or Linux) computers... But I take it you still haven't found your local equivalent of ceneo.pl product & online shop catalogue? (you know, "no OS" & "Linux" filters for http://www.ceneo.pl/Laptopy;017P8-250094-250095.htm few hundred results; looks like all big vendors present at the first page... PL->EN GTranslate works decently)

Edited 2012-12-11 00:41 UTC

Reply Score: 2

RE[7]: I did my homework
by Alfman on Tue 11th Dec 2012 04:24 UTC in reply to "RE[6]: I did my homework"
Alfman Member since:
2011-01-28

zima,

You keep mentioning this foreign example as though it's proof that the situation is equal everywhere, but it is not. The few niche vendors who specialise in linux can charge more than their hardware is worth because big venders with scales of economy hardly ever bother selling linux or no-OS machines.

I understand you are tired of listening to us whine about paying the ms tax, but you should still recognise that it is a legitimate complaint and isn't something we're just making up.

Reply Score: 2

RE[3]: I did my homework
by zima on Tue 11th Dec 2012 00:25 UTC in reply to "RE[2]: I did my homework"
zima Member since:
2005-07-06

A hop across the Oder, and: visiting "laptops" category of ceneo.pl (possibly the most popular and well-known here catalogue of products and online shops; surely you have similar services...) quite often shows a model without Windows at the top of popularity; and generally, "no OS" & "Linux" filters give http://www.ceneo.pl/Laptopy;017P8-250094-250095.htm few hundred results. Can't be that different in DE ...plus you can always shop in PL.

Reply Score: 2

RE: I did my homework
by ssokolow on Thu 6th Dec 2012 18:14 UTC in reply to "I did my homework"
ssokolow Member since:
2010-01-21

I was told the laptop is using UEFI but there is no TPM module installed. So this means, it has no secure boot. However it does have UEFI. Any gotchas? I hope not.


Secure Boot doesn't require a TPM because they're apparently too expensive to have while keeping mainstream motherboards competitive on price.

I can't remember where I learned that, but it might have been this talk.

https://www.youtube.com/watch?v=V2aq5M3Q76U

Reply Score: 2

RE: I did my homework
by Lennie on Thu 6th Dec 2012 23:44 UTC in reply to "I did my homework"
Lennie Member since:
2007-09-22

Actually, that is not true.

They can still implement UEFI without a TPM. It will just be a lot easier to break for 'hackers'. But that doesn't mean easy to circumvent for consumers.

But what you should be asking is: can I provide my own keys or if that isn't possible: at least disable it.

Reply Score: 3

Comment by Lorin
by Lorin on Thu 6th Dec 2012 08:34 UTC
Lorin
Member since:
2010-04-06

With my Samsung laptop its simply setting the bios to off or hybrid mode

Reply Score: 4

Beware of lazy OEMs
by moondevil on Thu 6th Dec 2012 09:02 UTC
moondevil
Member since:
2005-07-08

There are UEFI bios whose firmware is looking for specific OS names:

http://mjg59.dreamwidth.org/20187.html

Reply Score: 6

RE: Beware of lazy OEMs
by benali72 on Thu 6th Dec 2012 10:15 UTC in reply to "Beware of lazy OEMs"
benali72 Member since:
2008-05-03

Jeez, there's a problem we don't need. Thanks for the link.

Fortunately it sounds like many computers come with a "legacy mode" setting that gets you out of the problems.

Edited 2012-12-06 10:16 UTC

Reply Score: 3

RE[2]: Beware of lazy OEMs
by Lennie on Fri 7th Dec 2012 00:56 UTC in reply to "RE: Beware of lazy OEMs"
Lennie Member since:
2007-09-22

Only if it is not an ARM device with Windows 8, if it is an ARM device with Windows 8 it will NOT have a disable button.

Microsoft demands it.

Reply Score: 5

Good to know
by sisora on Thu 6th Dec 2012 09:53 UTC
sisora
Member since:
2011-08-26

This is good to know. Should come in handy when I buy a Windows 8 machine and dual boot it with may be Ubuntu or Mint.

Edited 2012-12-06 09:56 UTC

Reply Score: 2

Comment by marcp
by marcp on Thu 6th Dec 2012 10:45 UTC
marcp
Member since:
2007-11-23

Just don't buy computers that don't work with your OS of choice or wasn't even designed to work with it.
Apple users buy Apple hardware. Microsoft wants you to buy Microsoft hardware. If you're using GNU/Linux or *BSD, Haiku OS, just buy hardware certified for GNU/Linux. That way you will:
- show your disagreement to the practices of MS
- save quite some cash
- get perfect hardware support, things will just run
- invest in [your own/others'] freedom, openness and independence [open hardware is getting more popular]
- help to grow this market
- give yourself future option [you'll have more FLOSS-compatible hardware vendors as a result of your choice]

Of course, you can also do nothing, buy random crap and keep whining it doesn't support your OS. But you are the one who made that choice. Be wise, vote with your wallet.

Reply Score: 3

RE: Comment by marcp
by UglyKidBill on Thu 6th Dec 2012 10:56 UTC in reply to "Comment by marcp"
UglyKidBill Member since:
2005-07-27

While I agree with idea, you should also realise that in some (many?) markets importing costs and brand availability severely limit consumer's options.

Reply Score: 3

RE: Comment by marcp
by jessesmith on Thu 6th Dec 2012 13:55 UTC in reply to "Comment by marcp"
jessesmith Member since:
2010-03-11

I looked at a bunch of Linux cert and Linux pre-installed options recently. They were all quite a bit more expensive than buying a computer with Windows and wiping the drive. Ranging in price difference from 50% up to 300%. With the price factor so much against Linux it's much more appealing for most consumers to simply pay the MS tax.

Reply Score: 3

RE[2]: Comment by marcp
by marcp on Thu 6th Dec 2012 20:18 UTC in reply to "RE: Comment by marcp"
marcp Member since:
2007-11-23

As you've already mentioned, regular user pays "MS tax" [or Apple tax] anyway. Isn't it better to pay this tax as an extra cost of the hardware? OS is free [as in cost] anyway, so you don't really loose that much. In fact, you gain freedom, independence, etc.
I think it's worth the game. Besides: we don't buy computers THAT often. And we don't HAVE TO buy them that often - FLOSS doesn't make you upgrade everytime there's new version of some software package.

Reply Score: 2

RE[3]: Comment by marcp
by zima on Thu 13th Dec 2012 23:54 UTC in reply to "RE[2]: Comment by marcp"
zima Member since:
2005-07-06

we don't buy computers THAT often. And we don't HAVE TO buy them that often - FLOSS doesn't make you upgrade everytime there's new version of some software package.

That's not really the case, FLOSS also participates in update treadmill, you're expected to run the latest versions (which might not work that well on old hardware).

Firefox even requires more powerful GPUs (for GPGPU use) on Linux than on Windows, for the same effect. Driver situation doesn't help...

Meanwhile Opera (closed software) is lighter, better suited for really old computers. Opera Mini gives good web access to millions of basic feature phones - while Mozilla said, after two abortive attempts, ~"we'll wait for better hardware"

Reply Score: 2

RE: Comment by marcp
by Doc Pain on Thu 6th Dec 2012 14:43 UTC in reply to "Comment by marcp"
Doc Pain Member since:
2006-10-08

Just don't buy computers that don't work with your OS of choice or wasn't even designed to work with it.
Apple users buy Apple hardware. Microsoft wants you to buy Microsoft hardware. If you're using GNU/Linux or *BSD, Haiku OS, just buy hardware certified for GNU/Linux.


There will be a problem: If you divide the hardware into Apple / MICROS~1 / GNU/Linux -- three parts! -- you do not take into account that there are several other operating systems that would usually run on general purpose computers. Even though you could argue that "certified for GNU/Linux" means that the hardware will be compatible with BSD, Haiku or other "niche operating systems", they are not explicitely mentioned. Certification might also add costs that those who provide (let's say) an educational OS for free cannot bear.

So if there is a 3 part division, why not use this: Apple / MICROS~1 / standard, where "standard" means that the hardware will not be limited in any way, so the chances that a non-Apple and non-"Windows" OS will be able to utilize it properly will be high.

Just imagine the trouble that prior to purchasing a new computer, be it a desktop, laptop, server, whatever, you'd have to research compatibility to a specific operating system, maybe even one of its distributions or flavours, or version number. That simply looks overcomplicated.

Of course in a consumer-oriented marketing and sales approach, that would look reasonable. People value their time, and if a somehow crippled "Windows" PC is sold cheaper (and free of initial trouble) than "competitors" like one that could possibly run Linux, then what will the customer deceide for? Especially when he doesn't know and doesn't care?

On the other hand, there might be a market developing for the growing amount of Linux users. If more people insist on being able to run the OS they choose on the hardware they're willing to pay money for, maybe manufacuters will also offer non-crippled computers (means: normal general purpose computers without artificial limitations) to obtain money from that specific market segment (with the potential of growth).

That way you will:
- show your disagreement to the practices of MS


Sadly, that means it's not possible to simply ignore them...

- save quite some cash


Except when there's subvention from MICROS~1 to make the "Windows" versions cheaper than the non-"Windows" version, or they charge some kind of licensing fees or royalties for patent use of the non-"Windows" (as they have done in the smartphone market, making more money through the competitor's sales than their own ones).

- get perfect hardware support, things will just run


This is as it should always be. Standard compliance is an important step. Free specs for devices is even better. But of course every manufacturer is free to not publish his secrets. It's also okay when one says: "No, I don't want you to use this printer with Linux."

- invest in [your own/others'] freedom, openness and independence [open hardware is getting more popular]
[...]
- give yourself future option [you'll have more FLOSS-compatible hardware vendors as a result of your choice]


This is very important, but won't be noticed by the masses who don't care.

Of course, you can also do nothing, buy random crap and keep whining it doesn't support your OS. But you are the one who made that choice. Be wise, vote with your wallet.


In a free market, with participants thinking prior to buying, that would be the default. With enough momentum, things would change. But I sadly don't see this happening. Hopefully I'm wrong.

Reply Score: 3

RE[2]: Comment by marcp
by marcp on Thu 6th Dec 2012 20:35 UTC in reply to "RE: Comment by marcp"
marcp Member since:
2007-11-23

I'm perfectly aware of the existence of other operating systems. I use many operating systems, usually OpenBSD, GNU/Linux distros and Haiku OS.
But yes - you're right. I did this assumption about the "markets", because - usually - FLOSS operating systems have that option to share drivers. That makes just one "market" for all of them - just by the nature of FLOSS. Of course, I won't mention problems with communication between GPL and BSD guys when it comes to drivers. That's a whole different story and I think It can be sorted out.

When I say "certified" I mean: "checked to run with FLOSS". It means that such hardware would just work with FLOSS operating systems. The actual "certification" is not really needed. FLOSS is not [only] about "markets" anyway. It's about freedom and independence. We don't need costly certifications and other things that come from the corporate world. We only need working example of hardware that runs FLOSS operating system [like those that some companies sell in bundles - HW + GNU/Linux or OpenSolaris - as I've never seen anything with *BSD on board - yet! <I'm not talking about Soekris, OpenBSD, routers>].
It's "open source" that's more dependant from the "market" model. Libre software doesn't share that dependance [again: not talking about Linux kernel development being sponsored in some parts by commercial companies].

I agree with you that "standardized" hardware would be the best thinh to get, but we live in kinda different reality, when there are even more an more closed ecosystems around us, everyday. Why not use that <flawed> model to create 100%-FLOSS compatible hardware [and thus - STANDARDS COMPLIANT!] rather then fight with some closed-minded corporate folks and "markets"? That's just WAY more efficient and safe [for the future]. Let those FLOSS-compatible hardware makers arise. Vote for such hardware, show your interrest in such solutions, and there will be more of it. Use the "free market" to your own purpose - standarization.

As a side note - don't think about the price alone. Think about other things:
- you don't buy your hardware that often
- you are not forced to upgrade your hardware that often when you use FLOSS operating system
- you can pay few extra bucks to get it all, can't you? I do it and I'd recommend it to everyone. Our freedom is worth it.

You seem to be pessimist on it all, but just think about it: is there any other way to make the things we are talking about a reality? we need to act and vote with our wallets right now. Not in the future. Don't look at others. Just do what's right and explain it to people. Some people will get it, and will explain it to other people, and so it goes.

Reply Score: 1

RE[3]: Comment by marcp
by zima on Thu 13th Dec 2012 23:59 UTC in reply to "RE[2]: Comment by marcp"
zima Member since:
2005-07-06

As a side note - don't think about the price alone. Think about other things:
- you don't buy your hardware that often
- you are not forced to upgrade your hardware that often when you use FLOSS operating system

People generally don't "upgrade hardware" for an OS - they use it until it starts to die, and then some... (maybe not in some more lavish places, but an OS won't change that)

And, looking at mobile, Android being OSS doesn't prevent huge upgrade woes (especially if on not-high-end handset); it's playing catchup to iOS.

Reply Score: 2

RE[2]: Comment by marcp
by zima on Tue 11th Dec 2012 01:06 UTC in reply to "RE: Comment by marcp"
zima Member since:
2005-07-06

>Of course, you can also do nothing, buy random crap and keep whining it doesn't support your OS. But you are the one who made that choice. Be wise, vote with your wallet.

In a free market, with participants thinking prior to buying, that would be the default. With enough momentum, things would change. But I sadly don't see this happening. Hopefully I'm wrong.

Oh it's worse - Linux fans keep whining about having to buy Windows ...even when they really do have plenty of choice with "no-OS" or even "Linux" machines ( http://www.osnews.com/permalink?544628 ) from big vendors.

Reply Score: 2

RE: Comment by marcp
by mistersoft on Sat 8th Dec 2012 04:45 UTC in reply to "Comment by marcp"
mistersoft Member since:
2011-01-05

no personal offence but that argument's Bull really

-As has been already pointed out, not only is the market for os-free or alternative-os-certified machines relatively small to begin with, but it's artificially further deflated by the current de facto 'choice' (esp with laptops) alt-os lovers make which is to buy windows, sometimes os x machines wipe the pre-installed os and go from there.

It's disingenous to suggest the alternative and preferable scenario you suggest of such purchasers holding out for certified or even specifically designed linux bsd haiku whatever- products. Because we all know they probably wouldn't never even have 'good android'/google/microsoft, let alone Apple level of fit and finish. and that's just the truth.

One day -if there's anything fair and truthful to our competition laws, there needs to be some legislative forced opening up of hardware or hardware-software lock-ins, from secure boot setups be they UEFI or locked mobile boot-loaders to the walled garden APP-o-spheres currently in vogue.

So everyone and anyone has the chance to 'run what they want' on a device that they 'own'. We might 'license' the software but we 'own' the hardware (even if we don't have right to reimplement it of course)

That's that. That's the fair end game - which is possible if people collectively give a shit.

Forced provision of open boot loaders is more likely than people really effecting change by 'voting with their wallets' - that never works! it's like boycotts, if a reasonable % don't care, which they never will, it's not a boycott. If people have some low rent but extant options for running their alt-os of choice, well they'll probably plump for that rather than the X million linux users in the world all coming together in a huge crowd-funding campaign and literally BUYING the rights to one of those we'll-never-release-the-source-code-from-our-cold-dead-grasp and putting together a really good /decent totally open source laptop and tablet pair ; would be ace, but it's dreaming.

edit - spelling

Edited 2012-12-08 04:47 UTC

Reply Score: 2

RE[2]: Comment by marcp
by marcp on Sun 9th Dec 2012 10:39 UTC in reply to "RE: Comment by marcp"
marcp Member since:
2007-11-23

I beg to differ.

-As has been already pointed out, not only is the market for os-free or alternative-os-certified machines relatively small to begin with, but it's artificially further deflated by the current de facto 'choice' (esp with laptops) alt-os lovers make which is to buy windows, sometimes os x machines wipe the pre-installed os and go from there.

You're not going behind diagnosing the actual state. I'm going beyond that with suggestion on how this problem can be fixed. Besides: you're trying to say that this "market" for FLOSS computers will never succeed, because it's ... small. You can't really try to explain one thing with itself. The market is small, because people believe in the things you write about. They don't give a damn, because they don't understand and they don't understand, because they don't give a damn. They don't have the knowledge, so they can't really vote with their wallets. They just accept the things they are. Not very wise.

It's disingenous to suggest the alternative and preferable scenario you suggest of such purchasers holding out for certified or even specifically designed linux bsd haiku whatever- products. Because we all know they probably wouldn't never even have 'good android'/google/microsoft, let alone Apple level of fit and finish. and that's just the truth.

And when did you last check on that kind of hardware? System76, anyone? Just take a look around and you'll find plenty of good hardware. In fact, most of the Windows-related hardware is cheap-ass crap that isn't even worth its price, and Apple hardware is just overpriced hardware to make your ego feel more "premium".

Reply Score: 2

RE[3]: Comment by marcp
by mistersoft on Mon 10th Dec 2012 10:09 UTC in reply to "RE[2]: Comment by marcp"
mistersoft Member since:
2011-01-05

Thanks for the mention of System76 they look fairly useful actually, I'd never heard of them.

I agree with some of your points actually.

But I have to disagree still with the 'voting with your/their wallets' argument -- I like the idea and the simplicity of [a bunch of potential customers] voting with there wallets and going elsewhere instead where they can get more open, or better supported systems etc but (and it's got zero to do with their intelligence or level of informedness) (a) people are too lazy to follow through with their convictions a lot of the time, even if they believe it might be the right thing to do. A mix convenience, and yes I still say design and build too - forgot the ego massaging, I'm certainly not into that anyway, I'd still take an apple laptop to run non apple OSes on though - I'm no fanboy at all. (b) I completely believe not a big enough swathe of alt-OS users/customers are actually interested enough if buying into or even actually creating a new bigger 'certified-hardware' ecosystem to allow it to REALLY thrive - yes I know you mentioned system76, and I know there's a bunch of other providers ..but they're not big-players versus the majority who repurpose systems originally with win/mac installed or off the shelf PC boxes.

only my 2 pence worth.

Reply Score: 1

ugly failure....
by project_2501 on Thu 6th Dec 2012 10:56 UTC
project_2501
Member since:
2006-03-20

What a mess. The whole clunking effort will fail as hacks/bypasses are developed. And the cost of the whole enterprise will be borne by the customer.

Looking for specific OS names.. how ugly is that. If I was that BIOS/EUFI developer I would be so ashamed.

I think the real worry is that on ARM systems certified for Win8 you as the customer can't unlock the UEFI.

Where is the EU Commission when we need them .... Neelie ..?!

In 100 years we'll all look back at this period and be amazed at the controlling antics of the corporations .. secureboot, DRM, locked bootloaders, dvd region codes, ... how 20th century!

Reply Score: 5

RE: ugly failure....
by UglyKidBill on Thu 6th Dec 2012 11:01 UTC in reply to "ugly failure...."
UglyKidBill Member since:
2005-07-27

Nah... we'll be amazed at the 'anarchy' of society... "circumventions, workarounds, hacks... and no jail time?... omg!!!"

Reply Score: 6

RE[2]: ugly failure....
by howitzer86 on Thu 6th Dec 2012 11:55 UTC in reply to "RE: ugly failure...."
howitzer86 Member since:
2008-02-27

Exactly. It shouldn't be long before we start asking for Congressional exemptions for rooting PCs. We'll get those for a few years... then as the Linux scene withers up they'll stop coming. Bypassing UEFI will become a crime.

Edited 2012-12-06 11:56 UTC

Reply Score: 5

RE[3]: ugly failure....
by TechGeek on Fri 7th Dec 2012 02:30 UTC in reply to "RE[2]: ugly failure...."
TechGeek Member since:
2006-01-14

The Linux scene is not going to die. The number of devices that run Linux is climbing exponentially. Sure, it hasnt made a whole lot of inroads on the x86 desktop, but thats a very small part of the overall OS universe.

Reply Score: 4

Disable it?
by Z_God on Thu 6th Dec 2012 11:57 UTC
Z_God
Member since:
2006-06-11

Isn't it possible to just flash a regular BIOS onto these mainboards or switch to it? I can't really imagine a secureboot-only mainboard.

Reply Score: 1

RE: Disable it?
by moondevil on Thu 6th Dec 2012 13:01 UTC in reply to "Disable it?"
moondevil Member since:
2005-07-08

There are already a few without legacy mode available.

The scenario that people were saying it wouldn't happen.

Reply Score: 2

RE[2]: Disable it?
by Z_God on Sat 8th Dec 2012 16:49 UTC in reply to "RE: Disable it?"
Z_God Member since:
2006-06-11

Ah yeah, I indeed wouldn't expect that. I guess I would try to buy mainboards with a normal BIOS available for as long as possible. The real reason being that UEFI BIOSes are probably going to be buggy as hell the coming years.

Reply Score: 1

RE: Disable it?
by Alfman on Thu 6th Dec 2012 14:50 UTC in reply to "Disable it?"
Alfman Member since:
2011-01-28

Z_God,

As I recall, the secure boot specs specifically block flash updates which are unsigned by a secure boot key. So unless you find an exploit or can disable secure boot, you cannot flash away secure boot.

I am so thankful that, amid all the criticism, MS found it in their heart to force windows 8 machines to add a user accessible override for secure boot on x86. There was probably an internal fight at MS between lawyers worried about antitrust lawsuits and business suits wanting all computers to be locked down. It sucks that ARM computer users are still being shafted and that owner control still isn't in the UEFI spec, but at least x86 users have a way to take control back.

Reply Score: 6

RE: Disable it?
by ssokolow on Thu 6th Dec 2012 18:12 UTC in reply to "Disable it?"
ssokolow Member since:
2010-01-21

Isn't it possible to just flash a regular BIOS onto these mainboards or switch to it? I can't really imagine a secureboot-only mainboard.


Motherboard firmware is like Android but worse as far as driver support goes. Even if you disable secure boot and then re-flash it, you need a replacement firmware image that knows how to talk to all the different chips.

CoreBoot is your best bet... but the list of supported mobo models has a long way to go.

http://www.coreboot.org/

Reply Score: 5

RE[2]: Disable it?
by Z_God on Sat 8th Dec 2012 16:38 UTC in reply to "RE: Disable it?"
Z_God Member since:
2006-06-11

Yep, but I'd imagine the original vendor would make such a BIOS available for its mainboards.

Reply Score: 1

Generic
by Drunkula on Thu 6th Dec 2012 13:49 UTC
Drunkula
Member since:
2009-09-03

While the hardware may be nice from the big OEMs I prefer to build my own computers (desktops at least) with parts I choose. Not always an option for Joe Consumer, sadly.

Reply Score: 2

How about motherboards.
by Bennie on Thu 6th Dec 2012 14:44 UTC
Bennie
Member since:
2012-06-14

Because i usually build my own computers from lose components: What i would like to know is if secureboot is also standard set in newly manufactured motherboards?

Reply Score: 1

RE: How about motherboards.
by zaine_ridling on Fri 7th Dec 2012 13:29 UTC in reply to "How about motherboards."
zaine_ridling Member since:
2007-05-13

Yes, almost all of them. I've bought two since March and both had UEFI on them. I disabled it easily in the BIOS settings and was able to install openSUSE (and Fedora) on them, although I had to wait until Fedora 16 to get it to work. openSUSE blew right past it since there was no other OS on the HD.

Reply Score: 1

Comment by kaiwai
by kaiwai on Thu 6th Dec 2012 15:55 UTC
kaiwai
Member since:
2005-07-06

I am assuming this is x86/x64? if so, open up your bios, disable the secure boot and there you have it. I know, how difficult that is! next week on 'pointing out the obvious' we'll have another super tip for all you kids!

Reply Score: 4

RE: Comment by kaiwai
by Morgan on Thu 6th Dec 2012 16:15 UTC in reply to "Comment by kaiwai"
Morgan Member since:
2005-06-29

That will work right up until the board manufacturers choose to (or are forced to) remove the ability to do so. It is coming, and it's only a matter of time.

Reply Score: 4

RE[2]: Comment by kaiwai
by moondevil on Thu 6th Dec 2012 17:22 UTC in reply to "RE: Comment by kaiwai"
moondevil Member since:
2005-07-08

As I mentioned in another comment, there are already boards available where you cannot turn it off.

Reply Score: 3

RE[3]: Comment by kaiwai
by zlynx on Thu 6th Dec 2012 17:53 UTC in reply to "RE[2]: Comment by kaiwai"
zlynx Member since:
2005-07-20

Then how do they get their Windows 8 certification?

Reply Score: 2

RE[4]: Comment by kaiwai
by moondevil on Thu 6th Dec 2012 22:33 UTC in reply to "RE[3]: Comment by kaiwai"
moondevil Member since:
2005-07-08

It is a motherboard, why would it get Windows 8 certification?

Just read the thread.

http://mjg59.dreamwidth.org/20187.html#comments

One such motherboard is the MSI A55M-P35.

While Lenovo Thinkcentre M92p only allow Red-Hat Linux besides Windows.

Reply Score: 3

RE[5]: Comment by kaiwai
by zlynx on Fri 7th Dec 2012 00:43 UTC in reply to "RE[4]: Comment by kaiwai"
zlynx Member since:
2005-07-20

Because MSI claims their boards are certified. See http://event.msi.com/mb/2012/win8/

And Microsoft is supposed to require that for Windows Certification a system has to allow disabling Secure Boot.

Reply Score: 4

RE[6]: Comment by kaiwai
by moondevil on Fri 7th Dec 2012 07:48 UTC in reply to "RE[5]: Comment by kaiwai"
moondevil Member since:
2005-07-08

Then it is a very fishy certification process.

Reply Score: 2

RE[7]: Comment by kaiwai
by kaiwai on Sat 8th Dec 2012 01:19 UTC in reply to "RE[6]: Comment by kaiwai"
kaiwai Member since:
2005-07-06

Then it is a very fishy certification process.


The certification process says nothing about whether a particular piece of firmware is buggy or not. It is one thing to say, "must have this feature" and another thing to say as part of the certification process, "oh, and btw make sure your firmware isn't buggy as hell to the point that non-MS operating systems cannot run".

Reply Score: 3

RE[5]: Comment by kaiwai
by kaiwai on Sat 8th Dec 2012 01:07 UTC in reply to "RE[4]: Comment by kaiwai"
kaiwai Member since:
2005-07-06

It is a motherboard, why would it get Windows 8 certification?

Just read the thread.

http://mjg59.dreamwidth.org/20187.html#comments

One such motherboard is the MSI A55M-P35.

While Lenovo Thinkcentre M92p only allow Red-Hat Linux besides Windows.


I'm confused because I read the first post and the issue has nothing to do with secure boot and everything to do with a buggy as hell firmware that is causing problems. It has nothing to do with conspiracy theories regarding Windows trying to 'undermine Linux on the desktop' and everything to do with a motherboard vendor failing to properly test their firmware for their motherboards. Btw, this isn't new given that there are many issues that Linux users face off the back of lazy motherboard vendors and buggy firmware.

Regarding the Lenovo issue, he has received a reply from a Lenovo rep as follows: "Thanks for the well written article. It is unclear exactly why this was implemented as is, but we are aware of the concerns expressed here and are working on a BIOS update to address this."

Btw, worse case scenario you can always drop back legacy mode if you want and avoid any of the problems in the mean time. I have the exact computer here (Lenovo M92p, 2999CTO) and haven't had any problems so far but then again I'm running in pure UEFI mode with Windows 8 Pro 64bit so I guess I haven't tripped up over any of the bugs related to compatibility with alternative operating systems.

Edited 2012-12-08 01:13 UTC

Reply Score: 3

RE[6]: Comment by kaiwai
by Morgan on Sat 8th Dec 2012 09:43 UTC in reply to "RE[5]: Comment by kaiwai"
Morgan Member since:
2005-06-29

Btw, worse case scenario you can always drop back legacy mode if you want and avoid any of the problems in the mean time.


My apologies, I didn't see your post before I replied to the same comment.

Reply Score: 2

RE[5]: Comment by kaiwai
by Morgan on Sat 8th Dec 2012 09:38 UTC in reply to "RE[4]: Comment by kaiwai"
Morgan Member since:
2005-06-29

While Lenovo Thinkcentre M92p only allow Red-Hat Linux besides Windows.


Unless you switch to legacy BIOS mode, which my M92p at work allows (soon to be my home workstation, thanks boss!!). From what I can tell, the M92p units now sold with Windows 8 still have a legacy BIOS option.

I must say, an Arch-based distro on a quad-core i5 with 8GB RAM is beyond bliss.


Edit: Instructions to fix the issue for anyone with a ThinkCentre with hybrid EFI/BIOS:

http://forums.lenovo.com/t5/Linux-Discussion/ThinkCentre-M92p-Linux...

Edited 2012-12-08 09:40 UTC

Reply Score: 3

RE[2]: Comment by kaiwai
by kaiwai on Sat 8th Dec 2012 00:58 UTC in reply to "RE: Comment by kaiwai"
kaiwai Member since:
2005-07-06

That will work right up until the board manufacturers choose to (or are forced to) remove the ability to do so. It is coming, and it's only a matter of time.


Then don't buy motherboards or computers off dodgy vendors who do such things in the first place. You know, the whole concept of 'putting ones money where ones mouth is". I guess I'll have to book mark this statement as well to see whether your horror story comes true in 2-4 years time just as a certain other person on this website claimed that OS X will be locked down and become 'AppStore only' in the future.

Reply Score: 3

RE[3]: Comment by kaiwai
by Alfman on Sat 8th Dec 2012 01:30 UTC in reply to "RE[2]: Comment by kaiwai"
Alfman Member since:
2011-01-28

kaiwai,

"Then don't buy motherboards or computers off dodgy vendors who do such things in the first place."

But if it doesn't get advertised, how would you know which models do it? That's one of the points made by the article, he went back to look at the specs to confirm that UEFI wasn't even listed at all, so there's no way he could have made an informed decision for one product based on the merchant specs, much less scanning through hundreds of product listings.

Hopefully someone will come up with a public database for this kind of information. If anyone knows of one, please link!

That said, I think MS backed away from enforcing secure boot on x86 because they feared the legal outcomes of that battle. Like you, I don't think they'll be reversing this decision. Even so, they've still managed to put an end to the proliferation of trouble-free linux live boot media in the hands of newbies, which could be considered a partial victory for MS.

Edited 2012-12-08 01:40 UTC

Reply Score: 3

RE[4]: Comment by kaiwai
by kaiwai on Sat 8th Dec 2012 02:44 UTC in reply to "RE[3]: Comment by kaiwai"
kaiwai Member since:
2005-07-06

kaiwai,

"Then don't buy motherboards or computers off dodgy vendors who do such things in the first place."

But if it doesn't get advertised, how would you know which models do it? That's one of the points made by the article, he went back to look at the specs to confirm that UEFI wasn't even listed at all, so there's no way he could have made an informed decision for one product based on the merchant specs, much less scanning through hundreds of product listings.

Hopefully someone will come up with a public database for this kind of information. If anyone knows of one, please link!

That said, I think MS backed away from enforcing secure boot on x86 because they feared the legal outcomes of that battle. Like you, I don't think they'll be reversing this decision. Even so, they've still managed to put an end to the proliferation of trouble-free linux live boot media in the hands of newbies, which could be considered a partial victory for MS.


1) Stop conflating UEFI with secure boot - they're not interchangeable.
2) The issue is a crappy/buggy firmware which can occur in ANY motherboard and not just some nefarious evil doer rubbing their hands with glee dreaming up new ways to screw over the 'growing Linux user base'.
3) Buggy firmware impacts on Windows users just as it impacts on alternative operating systems as well - it is just that Microsoft has the time and resources to spend working around the crapnastic nature of many motherboard vendors out there.
4) I just had a check out of the MSI motherboard in question and they made no secret that it uses UEFI - all you have to do is download their manual and read it. Again, the issue isn't with UEFI but its poor implementation and like any horrible product you make the decision based on reviews, feedback from family and friends, asking online forums etc. Microsoft is in no way responsible for MSI's lack time and effort when it comes to putting out a motherboard with a well tested and debugged firmware.

Reply Score: 3

RE[5]: Comment by kaiwai
by Alfman on Sat 8th Dec 2012 05:03 UTC in reply to "RE[4]: Comment by kaiwai"
Alfman Member since:
2011-01-28

kaiwai,

"1) Stop conflating UEFI with secure boot - they're not interchangeable."

I've conflated them? I've reread that quote and the instances of "UEFI" and "secure boot" were both correct and intentional. Secure boot is a subset of the UEFI standard that's required now by microsoft. I think we both already know this, so please let us not fuss.

"2) The issue is a crappy/buggy firmware which can occur in ANY motherboard and not just some nefarious evil doer rubbing their hands with glee dreaming up new ways to screw over the 'growing Linux user base'."

I'm sorry but I don't know what this is in response to?

"3) Buggy firmware impacts on Windows users just as it impacts on alternative operating systems as well - it is just that Microsoft has the time and resources to spend working around the crapnastic nature of many motherboard vendors out there."

Ditto here. But I'd add that manufacturers go out of their way to explicitly make their wares compatible with windows. Linux doesn't get the same attention.


"4) I just had a check out of the MSI motherboard in question and they made no secret that it uses UEFI - all you have to do is download their manual and read it. Again, the issue isn't with UEFI but its poor implementation and like any horrible product you make the decision based on reviews, feedback from family and friends, asking online forums etc. Microsoft is in no way responsible for MSI's lack time and effort when it comes to putting out a motherboard with a well tested and debugged firmware."

I'm taking the article's claims at face value. I'd be disappointed if the author lied and the specs were listed at his merchant's website, but it doesn't really change his conclusion about secure boot: "Software freedom requires vigilance and I fear that is more true now than it was a year ago. Be careful when shopping for new computers, it is easy to purchase more trouble than one bargained for."

Reply Score: 2

RE[6]: Comment by kaiwai
by kaiwai on Sun 9th Dec 2012 14:39 UTC in reply to "RE[5]: Comment by kaiwai"
kaiwai Member since:
2005-07-06

I've conflated them? I've reread that quote and the instances of "UEFI" and "secure boot" were both correct and intentional. Secure boot is a subset of the UEFI standard that's required now by microsoft. I think we both already know this, so please let us not fuss.


The incompatibility therefore has nothing to do with 'secure boot' so why is the issue even raised in the first place? a crappy UEFI implementation - join the list of crappy motherboard vendors doing the same thing purely out of laziness rather than some sort of 'evil master plan' to 'screw over Linux users'.

I'm sorry but I don't know what this is in response to?


The implication that is at least implied by your posts (and others) that motherboards vendors are going out of their way to screw over Linux users.

Ditto here. But I'd add that manufacturers go out of their way to explicitly make their wares compatible with windows. Linux doesn't get the same attention.


Why should it receive the same attention when such a miniscule number of Linux users make up their customer base?

I'm taking the article's claims at face value. I'd be disappointed if the author lied and the specs were listed at his merchant's website, but it doesn't really change his conclusion about secure boot: "Software freedom requires vigilance and I fear that is more true now than it was a year ago. Be careful when shopping for new computers, it is easy to purchase more trouble than one bargained for."


It doesn't say it on the product page itself but if you go to the downloads section and read through the manual it makes several references to UEFI, how to get access to the UEF command line, how to UEFI boot off a USB thum drive etc. The issue ISN'T UEFI at all given that we've finally got a firmware that is properly documented and designed rather than a hacked together mess BUT if a vendor fails to test and debug their firmware then the issue has nothing to do with UEFI but the poor implementation of UEFI byt he said vendor and in all due respects the same thing can and has happened with traditional BIOS - I'm sure you remember not too long ago the Foxconn motherboard fiasco in reference to ACPI being deliberately incompatible with Linux. Having a traditional BIOS doesn't some how give you the magic of being protected from not being screwed over by lazy companies.

Reply Score: 3

RE[7]: Comment by kaiwai
by Alfman on Sun 9th Dec 2012 18:07 UTC in reply to "RE[6]: Comment by kaiwai"
Alfman Member since:
2011-01-28

kaiwai,

"The incompatibility therefore has nothing to do with 'secure boot' so why is the issue even raised in the first place? a crappy UEFI implementation"

It confusing as hell to understand who or what you are actually responding to here with these "incompatibilities". The OP (which is you ironically), was explicitly talking about disabling secure boot to run another OS. The second poster (Morgan) said that might not always remain an option. My posts brought up the point made in the article that secure boot restrictions aren't likely to be listed when consumers buy their hardware.

"The implication that is at least implied by your posts (and others) that motherboards vendors are going out of their way to screw over Linux users."

I still have no idea what you are talking about. *I* don't think manufacturers are going out of their way to screw over linux users.

"Why should it receive the same attention when such a miniscule number of Linux users make up their customer base?"

Well that's my point. Linux is a niche, most manufacturers don't bother supporting it explicitly.


"It doesn't say it on the product page itself..."

That's what the author said, but I don't think he specified where he bought the product? Anyways the point was that consumers need to be more vigilant, which is true even when secure boot is in the manual. Some potential linux users won't know why their live linux media stopped working and they might even blame linux itself without even being aware of the secure boot restrictions on their machine.



Edit:
Doing some detective work here, if I'm not mistaken, your comments are actually referring to this sub-thread. Well that makes a bit more sense, even if it's not related to my posts.

http://www.osnews.com/thread?544479

I don't think it's a bug so much as something erroneously having slipped through the certification process. If you want to view bugs as a legitimate way of bypassing certification requirements...well I'm not going to argue with you about it.

Edited 2012-12-09 18:26 UTC

Reply Score: 2

RE[3]: Comment by kaiwai
by ssokolow on Sat 8th Dec 2012 02:38 UTC in reply to "RE[2]: Comment by kaiwai"
ssokolow Member since:
2010-01-21

Then don't buy motherboards or computers off dodgy vendors who do such things in the first place. You know, the whole concept of 'putting ones money where ones mouth is". I guess I'll have to book mark this statement as well to see whether your horror story comes true in 2-4 years time just as a certain other person on this website claimed that OS X will be locked down and become 'AppStore only' in the future.


I think the point is that there are a lot of people who, either due to budget or due to circumstance, might no longer be able to learn Linux on an old clunker of a PC that someone gave them, they pulled out of an electronics recycling bin, or they bought for $100 from a liquidator/refurbisher.

Reply Score: 2

RE[4]: Comment by kaiwai
by kaiwai on Sun 9th Dec 2012 14:44 UTC in reply to "RE[3]: Comment by kaiwai"
kaiwai Member since:
2005-07-06

I think the point is that there are a lot of people who, either due to budget or due to circumstance, might no longer be able to learn Linux on an old clunker of a PC that someone gave them, they pulled out of an electronics recycling bin, or they bought for $100 from a liquidator/refurbisher.


All you have to do is research into how good the vendor actually are at providing updates and fixing bugs - how much proprietary tweaks do they add or do they give up that customisation in favour of conforming to open standards? these are questions a purchaser should ask when purchasing a motherboard or a computer. I'm assuming that if you do have an interest in non-Microsoft operating systems that you also have a reasonable level of IT knowledge as well.

Reply Score: 3

RE[5]: Comment by kaiwai
by ssokolow on Sun 9th Dec 2012 18:17 UTC in reply to "RE[4]: Comment by kaiwai"
ssokolow Member since:
2010-01-21

"I think the point is that there are a lot of people who, either due to budget or due to circumstance, might no longer be able to learn Linux on an old clunker of a PC that someone gave them, they pulled out of an electronics recycling bin, or they bought for $100 from a liquidator/refurbisher.


All you have to do is research into how good the vendor actually are at providing updates and fixing bugs - how much proprietary tweaks do they add or do they give up that customisation in favour of conforming to open standards? these are questions a purchaser should ask when purchasing a motherboard or a computer. I'm assuming that if you do have an interest in non-Microsoft operating systems that you also have a reasonable level of IT knowledge as well.
"

As a hypothetical geeky teenager with little or no money (like I used to be), how do you propose I affect the buying decisions of people who, years down the road, will either throw out or give me a PC?

As a computer tech who refurbs old PCs using Linux and LXDE and gives them to needy families as a charity thing (what I actually do right now), how do you propose I affect the buying decisions of random strangers who, years from now, will give away their old PCs so they can be useful for more than obsolete scrap?

This isn't about PCs bought new. It's about used PCs for people who can't afford to buy them new.

(Actually, this sort of reminds me of how big game publishers are trying to destroy or seriously cripple the used video game market with day-1 DLC under the misguided belief that they can force large numbers of people to pay full-price... or how textbook publishers are pushing e-textbooks as a way to save money because they know DRMed eBooks can't be resold and can be revoked at the end of the course.)

Edited 2012-12-09 18:28 UTC

Reply Score: 2

RE[6]: Comment by kaiwai
by Alfman on Mon 10th Dec 2012 07:03 UTC in reply to "RE[5]: Comment by kaiwai"
Alfman Member since:
2011-01-28

ssokolow,

I worry about that too. It is how most of us linux users picked it up originally: We either started by dual booting on an existing machine, or by completely wiping an old one. Without the option of trying linux on a "microsoft" computer, most of us would have never had the opportunity to start learning linux.

I'm thankful it hasn't come to that yet (on x86). But there's no doubt we are slowly loosing rights on our own machines, which few of us would have believed a few years ago. We cannot afford to let our guard down.

Reply Score: 2

RE[3]: Comment by kaiwai
by Neolander on Sat 8th Dec 2012 08:06 UTC in reply to "RE[2]: Comment by kaiwai"
Neolander Member since:
2010-03-08

Then don't buy motherboards or computers off dodgy vendors who do such things in the first place. You know, the whole concept of 'putting ones money where ones mouth is". I guess I'll have to book mark this statement as well to see whether your horror story comes true in 2-4 years time just as a certain other person on this website claimed that OS X will be locked down and become 'AppStore only' in the future.

Please do so, I am ready to bet. I could even add some extra items to the prediction if you like:

The Linux scene, as of today, is too big to disappear in one day in the event of a Secure Boot apocalypse. There are too much professional interests invested on it. So what would likely happen is that we'd see more hardware manufacturers designing specifically for Linux support, kind of like what happens with Android phones and all these credit-card sized ARM computer projects that have popped up recently.

Since Windows is a clunky beast that requires lots of support from hardware manufacturers, it won't run properly on such machines, even in a VM. The Linux community will thus lose all these users who like and use the OS, but still have to run Windows from time to time because they need some piece of software at work or want to play better games. What will remain will thus be a mix of die-hard zealots and people who need Linux for work and solely use it there.

And even if some that are nostalgic about the C64/Amiga era could perhaps see such a scenario as a good thing ("OMG ! Integration !") , I personally think that it would be a disaster. Without the presence of "regular users" that report bugs, voice their opinion, and attempt to calm things down a bit, the developers would likely tend much more often to go completely overboard, Poettering-style. That is, they would change whatever part of the stack they think is ugly without much concern for stability, compatibility, and everyday usability. This would, in turn, irritate entreprise customers, who would become even more protective of whatever software version works, and stick with 10-year old software with long-solved bugs to this end. And, in turn, reduce the amount of testing that new software gets, perpetuating this vicious circle.

And the zealot population wouldn't care, they are ready to spend money in hardware that only runs Linux, know how to fix their stuff and can remove/replace whatever is released in a broken state anyway. Perhaps they would be the only ones that would be happy in such a scenario, since at last Linux would get the recognition that it deserves instead of perpetually living in the shadow of Windows.

I would estimate that things would become noticeably unbearable for new users at most 10 years after full UEFI lockdown, so 12-14 years after now, if UEFI lockdown does happen, you'll be able to tell me if I was wrong.

As for OSX, the extended prediction is simpler. Considering the attitude of most Mac fans around me when I express my concerns about the path Apple is currently heading, I'll predict that a technically skilled minority (10-25%) will try alternatives to see if they can match their needs and moral convictions better, while the vast majority will just consider the lockdown as some sort of divine punishment for humanity's sins and accept it as a fact of life without much complaining.

Edited 2012-12-08 08:11 UTC

Reply Score: 2

RE[3]: Comment by kaiwai
by Morgan on Sat 8th Dec 2012 09:47 UTC in reply to "RE[2]: Comment by kaiwai"
Morgan Member since:
2005-06-29

Believe me, I hope it doesn't come true, but I have to be realistic. Now that I'm getting a proper workstation next week (M92p with EFI/Legacy BIOS I mentioned earlier) I'm going to hang onto it and upgrade it as much as I can over the next several years, just in case I'm right.

But I still hope I'm wrong.

Reply Score: 3

class action ?
by bnolsen on Thu 6th Dec 2012 19:54 UTC
bnolsen
Member since:
2006-01-06

I wonder if there's some way to class action lawsuit this or even try to push it into anti trust. Too bad it's a bit too late.

Reply Score: 4