A big issue right now in the world of operating systems - especially Linux - is Microsoft's requirement that all Windows 8 machines ship with UEFI's secure boot enabled, with no requirement that OEMs implement it so users can turn it off. This has caused some concern in the Linux world, and considering Microsoft's past and current business practices and the incompetence of OEMs, that's not unwarranted. CNet's Ed Bott decided to pose the issue to OEMs. Dell stated is has plans to include the option to turn secure boot off, while HP was a bit more vague about the issue.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2009-08-18
tl;dr;
Read the f--king article.
UEFI doesn't allow any OS interaction with it. That is the whole idea there isn't an OS API to interact with it .. which is why it is secure.
There are manufacturers (big ones) that say they aren't going to be dicks and not give you the option. Even the BIOS guys are saying "We want you do to it not piss people off". WTF more do you guys want?
You can boot your precious Operating System (I am an OpenBSD/Win 7 user).
GPL is incompatiple with secure boot (thanks to RMS, but BSD is alright).
WTF more do you want?
Edited 2011-11-03 23:58 UTC
Member since:2011-01-28
Member since:2007-02-17
That would be good, if true. However, to this point in time, it is just CNet's Ed Bott saying this, not manufacturers (big ones).
Not a problem anyway, FOSS guys have their own BIOSes.
GRUB is GPL
http://en.wikipedia.org/wiki/GNU_GRUB
... but LILO isn't
http://en.wikipedia.org/wiki/LILO_%28boot_loader%29
... and Splashtop is proprietary.
http://en.wikipedia.org/wiki/Splashtop
Control over hardware that we purchase. "Sovreignity", if you will. If the hardware has UEFI with secure boot, then the owner of the hardware (the person who pays for it) should be the one to have control over keys. Not OEMs.
Edited 2011-11-04 03:39 UTC
Member since:2010-03-08
Hi,
Did you have a look at the proposal made to the UEFI standards body to allow installing new signing keys from live media ? It's linked to somewhere in the first 30 comments of this article. Although not yet full user control on keys (can users revoke the Microsoft key if they want to ?), it would already be something...
Member since:2011-01-28
Neolander,
I think there are a number of possible remedies, the Linux Foundation's suggestion is good but toothless. Prompting the user about new media keys is good for choice, but admittedly somewhat dangerous. Ideally there needs to be a mechanism where a user can easily explicitly define the chain of trust (like going into the BIOS and configuring it), but accidental approval (like a y/n prompt) might be avoided. Of course now that the spec and windows certification requirements are in place, there isn't much room left for re-engineering.
The only engineering reason not to explicitly put the owner at the top of the secure boot trust model is for DRM. Either the engineers failed to anticipate the user restriction/control issues (in which case they deserve to loose their jobs), or they knew exactly what they were doing (in which case they knowingly committed a huge disservice for the personal computing community).
There is one subtle, but major technical issue with the current spec which means OEMs won't be able to transfer control over shared OEM platform keys to individual end users even if they wanted to in the future (using the mechanisms in the spec). Resetting the PK requires the a token signed by the old private platform key, however this token would be effective on any system, which means whoever possess this reset token could incorporate it into malware and therefor compromise the secure boot security of every other computer sharing the same platform key. This ultimately means OEMs will not be able to release PKs in the future unless they explicitly engineer some alternate backdoor mechanisms up front.
Hopefully there is enough public criticism to make a difference and force secure boot to be fixed.
Official Apple statement on PRISM and privacy: "Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it." This is basically Apple re-publishing their earlier statement in a more official manner. You either believe it, or you don't.
The open source Contiki operating system and its commercial Thingsquare distribution are making strides towards the connected home. According to a Computerworld article, a new LED light bulb manufacturer is putting small computers into their light bulbs. Each computer runs the Contiki OS, which gives each bulb an IP address and allows them to be controlled with a smartphone application. To connect the bulbs to the application, the bulbs use both Wi-Fi and the much lower power IEEE 802.15.4 mesh technology.
"Google asked the secretive Foreign Intelligence Surveillance Court on Tuesday to ease long-standing gag orders over data requests it makes, arguing that the company has a constitutional right to speak about information it's forced to give the government. The legal filing, which cites the First Amendment's guarantee of free speech, is the latest move by the California-based tech giant to protect its reputation in the aftermath of news reports about sweeping National Security Agency surveillance of Internet traffic." Draining the ditch after the cow has drowned in it."I can't find one person who has been using the Nexus 7 for an extended period of time, and hasn't seen a massive downgrade in performance. Just what kind of downgrade are we talking here? I cannot pick up my Nexus 7 without experiencing problems like a lag of ten seconds, or more, just to rotate the display; touches refusing to acknowledged; stuttering notification panel actions; and unresponsive apps." Fully and utterly agreed. My Nexus 7 was blazing-fast and awesome for a few months, and at some point, it just started sucking. Just like that. I've tried loads of ROMs, and nothing helps.A new release of the hobby operating system MenuetOS! The release notes are a bit non-descript, but you'll have to take what you can get: "updates and improvements (picview, httpc, ehci, ...)"."The Internet is one of the most transformative technologies of our lifetimes. But for 2 out of every 3 people on earth, a fast, affordable Internet connection is still out of reach. And this is far from being a solved problem. There are many terrestrial challenges to Internet connectivity - jungles, archipelagos, mountains. There are also major cost challenges. Right now, for example, in most of the countries in the southern hemisphere, the cost of an Internet connection is more than a month's income. Solving these problems isn't simply a question of time: it requires looking at the problem of access from new angles. So today we're unveiling our latest moonshot from Google[x]: balloon-powered Internet access." Insane.
"MineAssemble is a tiny bootable Minecraft clone written partly in x86 assembly. I made it first and foremost because a university assignment required me to implement a game in assembly for a computer systems course. Because I had never implemented anything more complex than a 'Hello World' bootloader before, I decided I wanted to learn about writing my own kernel code at the same time. Note that the goal of this project was not to write highly efficient hand-optimized assembly code, but rather to have fun and write code that balances readability and speed. This is primarily accomplished by proper commenting and consistent code structuring." Just cool.
Jon Rubinstein, former CEO of Palm: "Well, I'm not sure I would have sold the company to HP. That's for sure. Talk about a waste. Not that I had any choice because when you sell a company you don't get to decide that. Obviously, the board and shareholders decide that. If we had known they were just going to shut it down and never really give it a chance to flourish, what would have been the point of selling the company? I think the deal we had with Verizon really hurt us, but who knew that at the time? These things are all hindsight.""And so it is with Dell's Alienware X51 R2, a small form factor gaming PC in console digs. It's shaped similar to Microsoft's Xbox 360 Slim, and though it's slightly larger than either a 360 or PlayStation 3, the X51 R2 would be right at home in a living room setting nestled next to a large screen TV. Indeed, it's adept at running Steam's Big Picture mode, and if your primary objective is to play games in the living room, go ahead and consider the X51 R2 a hybrid game console." This is obviously not the only machine like this - still, these are very valid console alternatives even for those that don't like being hunched over with a cramped WASD-claw. Also, PC gamers among us: could you get away with the $699 model for gaming?
From Bloomberg: "Microsoft, the world's largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes." The lid has officially been blown off.
Member since:
2011-01-28
lucas_maximus,
"But you guys keep chanting the same shit again and again and again."
Until our concerns are addressed, I'm afraid your going to have to continue listening this same shit again and again... You haven't addressed them either by the way, I welcome answers from you or anyone else (although I need official sources in order to take them seriously), but it seems the details are being kept behind closed doors.
These are the same questions you haven't answered before, but feel free to take a stab at them this time:
Will duel booting be possible without switching bios settings back and forth and without crippling windows?
Will users be able to use system utilities like barepe or utlimate boot cd?
Will owners be able to control the platform keys out of the box?
Will owners be able to get access to keys by contacting manufacturers?
Will manufacturers use shared or individual platform keys? If shared, then how can they transfer control for some machines while maintaining secure ownership of all the others? If individual, then how will they verify the ownership of the person requesting the transfer?
Will independent operating systems (smaller than linux) be able to get their keys signed in practice?
Will owners have the ability to not trust microsoft on their personal system?
How will manufacturers who hold the platform keys verify that independent operating systems (like Neolander's here) aren't in fact malware?
If an exploit is found in the installation media for a signed OS, will that key be revoked? If so, how will people reinstall their OS?
How will vendors convey these restrictions at the point of sale?
Will people be entitled to refunds if they find secure boot giving them trouble?
Will the manufacturers continue updating OS keys for older systems after warranties expire?
Can we trust that vendors won't tighten their grip over secure boot restrictions as time goes by and more and more systems have it installed?
You may find some of these questions irrelevant to you, but they are extremely relevant to anyone who believes in the merits of open computing.