Linked by Thom Holwerda on Sat 29th Dec 2012 16:37 UTC
Linux It's sad that we need this, but alas - Matthew Garret has made a list of Linux distributions that boot on Windows 8 PCs with Secure Boot enabled. Tellingly enough, the list is short. Very short. Can someone hack this nonsense into oblivion please?
Thread beginning with comment 546594
To read all comments associated with this story, please click here.
Comment by Drumhellar
by Drumhellar on Sat 29th Dec 2012 18:56 UTC
Drumhellar
Member since:
2005-07-12

What about the list of distros that boot on Windows 8 PCs with secure boot disabled, because, you know, Microsoft acquiesced to pressure and makes the ability to disable secure boot a requirement for the Windows 8 logos...

Oh, this list is just as long as every other PC?

Then what is the problem? There are multiple valid ways to use secure boot with Linux, one of which is getting your kernel signed for $99 (Verasign will do this, if you go through Microsoft). Or, you can install your own keys and sign kernels yourself on many systems.

Or, do what Red Hat does, and have a signed loader load a kernel with it's own keys.

Or, disable Secure Boot, and it operates as it always has, because, you know, any computer with a Windows 8 logo will have this capability. Let me say this again, because apparently, a lot of people have problems understanding this:
The ability to disable secure boot is a requirement for the Windows 8 logo program. You may not ship a system with the Windows 8 logo unless the user can disable secure boot.

I really don't see the problem.

Edited 2012-12-29 19:01 UTC

Reply Score: 4

RE: Comment by Drumhellar
by WereCatf on Sat 29th Dec 2012 19:22 in reply to "Comment by Drumhellar"
WereCatf Member since:
2006-02-15

What about the list of distros that boot on Windows 8 PCs with secure boot disabled, because, you know, Microsoft acquiesced to pressure and makes the ability to disable secure boot a requirement for the Windows 8 logos...


Well, the thing is, they do not mandate how one must be able to disable secure boot -- OEMs are free to use whatever means they want. This could include a physical switch on the motherboard or having to call up the OEM for an unlocking - key or whatever they feel like.

It all makes it quite a bit more difficult for novice users to try Linux, and it makes development of custom OSes even harder.

Reply Parent Score: 4

RE[2]: Comment by Drumhellar
by Drumhellar on Sat 29th Dec 2012 19:55 in reply to "RE: Comment by Drumhellar"
Drumhellar Member since:
2005-07-12

Any of those solutions requires added complexity that an OEM will likely not add. A physical switch? That's an extraordinarily expensive solution (It would be useful in specific situations, and if an OEM does implement this, would likely be as a value-add option). A phone call to retrieve an unlock code? Again, that's extra complexity in the support side. OEMs have no reason make this more difficult; They don't benefit when users DON'T install Linux.

No, the simplest way to implement this is just an on/off in the firmware setup, right next to all the other options that are usually available. There are few reasons NOT to implement it this way.

Reply Parent Score: 7

RE: Comment by Drumhellar
by flypig on Sat 29th Dec 2012 19:33 in reply to "Comment by Drumhellar"
flypig Member since:
2005-07-13

The ability to disable secure boot is a requirement for the Windows 8 logo program. You may not ship a system with the Windows 8 logo unless the user can disable secure boot.


This is true for x86, but on ARM systems the opposite is true: a Windows 8 logo means that secure boot can't be disabled and no new certificates can be added.

From what I can tell, the article was about x86 distributions, and in this case you have a good point, but I thought it worth highlighting that there are exceptions (unless something changed and I missed it).

Reply Parent Score: 8

RE: Comment by Drumhellar
by stabbyjones on Sat 29th Dec 2012 21:38 in reply to "Comment by Drumhellar"
stabbyjones Member since:
2008-04-15
RE[2]: Comment by Drumhellar
by kurkosdr on Sat 29th Dec 2012 22:03 in reply to "RE: Comment by Drumhellar"
kurkosdr Member since:
2011-04-11

This is a real problem. ARM devices are often sold with locked bootloaders, and the ones that ship unlocked don't have open-spec hardware which makes writing drivers difficult.

Reply Parent Score: 4

RE: Comment by Drumhellar
by segedunum on Sun 30th Dec 2012 13:36 in reply to "Comment by Drumhellar"
segedunum Member since:
2005-07-06

What about the list of distros that boot on Windows 8 PCs with secure boot disabled, because, you know, Microsoft acquiesced to pressure and makes the ability to disable secure boot a requirement for the Windows 8 logos...

Where are you getting this load of claptrap from?

Reply Parent Score: 2

RE[2]: Comment by Drumhellar
by Drumhellar on Mon 31st Dec 2012 01:04 in reply to "RE: Comment by Drumhellar"
Drumhellar Member since:
2005-07-12

From Wikipedia:

Microsoft's certification requirements eventually revealed that UEFI firmware on x86 systems must allow users to re-configure or turn off secure boot, but that this must not be possible on ARM-based systems (Windows RT). Microsoft faced further criticism for its decision to restrict Windows RT devices by using this functionality, despite it being consistent with other consumer electronics with similar protection measures. No mandate is made regarding the installation of third-party certificates that would enable running alternative software.

http://en.wikipedia.org/wiki/Windows_8#Secure_boot

It was in a few news articles when the whole kerfuffle came out, and this has been known for a while. Wikipedia links to those articles.

Reply Parent Score: 2

RE: Comment by Drumhellar
by chemical_scum on Sun 30th Dec 2012 21:39 in reply to "Comment by Drumhellar"
chemical_scum Member since:
2005-11-02

The ability to disable secure boot is a requirement for the Windows 8 logo program. You may not ship a system with the Windows 8 logo unless the user can disable secure boot.


Has any one here actually disabled secure boot on a Windows 8 system? If so, they have can they describe their experiences and tell us what hoops they had to jump through.

Reply Parent Score: 3