# Windows 8 Secure Boot: Designed to Lock Out Linux?



## qubit (Sep 21, 2011)

Proposed changes to the Unified Extensible Firmware Interface (UEFI) firmware specifications would mean PCs would only boot from a digitally signed image derived from a keychain rooted in keys built into the PC. Microsoft is pushing hard to make this mandatory, so that users cannot override it. This feature would have the handy benefit of excluding alternative operating systems such as Linux and FreeBSD. This is according to Professor Ross Anderson of Cambridge University and other industry insiders. Also, it's not at all clear that it actually secures against viruses and other malware and appears to be solely designed to appease corporate self interests for unbreakable Digital Restrictions Management (DRM).

UEFI supercedes the 30 year old veteran BIOS found in most PCs today, which is very inefficient and slow for modern PCs, carrying a lot of old, legacy compatibility baggage that's just not needed in today's PC. UEFI, a key component of Windows 8, is designed to work on several CPU architectures, such as ARM and is streamlined and efficient. It also includes a much improved graphical interface that replaces the keyboard-driven menu system of the BIOS.



If the changes are adopted, then any system that ships with only OEM and Microsoft keys will _not_ boot a generic copy of Linux. Tech blogger Matthew Garrett explains that while a signed version of Linux would work, this poses problems:


> Firstly, we'd need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It's a grey area, and exploiting it would be a pretty good show of bad faith.
> 
> Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it's still necessary to get our keys included by ever OEM.
> 
> There's no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code. However, experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market.



However, there's no need to panic just yet, concluded Garrett.

The effect of all these changes is to return to the dark days of 2003, when the Trusted Computing platform was being pushed as a way to completely DRM your entire PC to satisfy the content industries. However, this version will be far worse:



> These issues last arose in 2003, when we fought back with the Trusted Computing FAQ and economic analysis. That initiative petered out after widespread opposition. This time round the effects could be even worse, as 'unauthorised' operating systems like Linux and FreeBSD just won't run at all. On an old-fashioned Trusted Computing platform you could at least run Linux - it just couldn't get at the keys for Windows Media Player.
> 
> The extension of Microsoft's OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate.



Anderson concludes that this restrictive technology might violate EU competition law, on Cambridge University's Light Blue Touchpaper blog.

*View at TechPowerUp Main Site*


----------



## Sean8 (Sep 21, 2011)

Doesn't mac osx have this? and you can dual boot it.


----------



## qubit (Sep 21, 2011)

No, it has UEFI, but not this digital signing. This is something new - well, resurrected.


----------



## v12dock (Sep 21, 2011)

It would be cracked before launch anyways


----------



## qubit (Sep 21, 2011)

v12dock said:


> It would be cracked before launch anyways



Nah, don't be silly - just look at all the other secure and successful DRM solutions out there.


----------



## DannibusX (Sep 21, 2011)

Interesting read.


----------



## OneMoar (Sep 21, 2011)

Way to add some sensationalism there qubit 
a sniplet from > http://arstechnica.com/business/new...tured+Content)&utm_content=Google+Feedfetcher < 
*Disabling secure boot*

“Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled,” Red Hat developer Matthew Garrett writes on his blog in reference to a recent presentation by Microsoft program manager Arie van der Hoeven. The Microsoft exec notes that UEFI and secure boot are “required for Windows 8 client” with the result that “all firmware and software in the boot process must be signed by a trusted Certificate Authority.”

Microsoft has a good reason for this. A “growing class of malware targets the boot path [and] often the only fix is to reinstall the operating system,” van der Hoeven said. “UEFI and secure boot harden the boot process [and] reduce the likelihood of bootkits, rootkits and ransomware.”

Importantly, though, Garrett writes that “there’s no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code.”

For many (and hopefully most) Windows 8 machines, this means that users have a good chance of successfully entering the UEFI settings interface to turn off secure boot. But this will depend on the hardware vendor.

“Experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market,” Garrett writes. “It's almost certainly the case that some systems will ship with the option of disabling this. Equally, it's almost certainly the case that some systems won't. It's probably not worth panicking yet. But it is worth being concerned.”

Technically, vendors can ship Windows 8 PCs without meeting Microsoft's "designed for Windows 8" logo requirements, but major OEMs typically would not do that.

The Windows 8 developer tablet Microsoft handed out at this month’s recent BUILD conference did include the ability to turn off the secure boot process. This is reminiscent of Google’s Cr-48 Chromebook, which allowed users to turn off the Verified Boot process and install another operating system, though this involved flipping a physical switch instead of changing a software setting.


----------



## btarunr (Sep 21, 2011)

The only "DRM" that ever actually worked is Casino security.


----------



## OneMoar (Sep 21, 2011)

its not really DRM its no different the driver signature  enforcement its there to keep bad people from doing bad things and it has a "off switch"


----------



## qubit (Sep 21, 2011)

OneMoar said:


> Way to add some sensationalism there qubit


Thanks, I'll take that as a complement.  My writing style is a combination of irreverent, humourous and at times cynical and sarcastic. I particularly liked my headline "Customer Agony over Netflix's Price Rises & New Split Personality". I loved the "Customer agony" bit. 



OneMoar said:


> a sniplet from > http://arstechnica.com/business/new...tured+Content)&utm_content=Google+Feedfetcher <
> *Disabling secure boot*
> 
> “Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled,” Red Hat developer Matthew Garrett writes on his blog in reference to a recent presentation by Microsoft program manager Arie van der Hoeven. The Microsoft exec notes that UEFI and secure boot are “required for Windows 8 client” with the result that “all firmware and software in the boot process must be signed by a trusted Certificate Authority.”
> ...


Of course Microsoft are gonna dress it up as something positive and benign, they're trying to get it established! People like the prof and the blogger however, can see right through it. As you see in the article, it was only widespread opposition eight years ago that stopped this restrictive practice from becoming standard. This stuff is like Apple lock-ins on steroids; you ain't seen nothin' yet, baby!

Personally, I think once more it will fail, because it's too blatant an attempt at shutting out the competition, but society must remain eternally vigilant against such abuses.


----------



## OneMoar (Sep 21, 2011)

qubit said:


> Thanks, I'll take that as a complement.  My writing style is a combination of irreverent, humourous and at times cynical and sarcastic. I particularly liked my headline "Customer Agony over Netflix's Price Rises & New Split Personality". I loved the "Customer agony" bit.
> 
> 
> Of course Microsoft are gonna dress it up as something positive and benign, they're trying to get it established! People like the prof and the blogger however, can see right through it. As you see in the article, it was only widespread opposition eight years ago that stopped this restrictive practice from becoming standard. This stuff is like Apple lock-ins on steroids; you ain't seen nothin' yet, baby!
> ...



typical foss user ranting lulz  people like you are why linux has less then a 5% share of the desktop market


----------



## Katanai (Sep 21, 2011)

This article: Designed to start a flamewar?


----------



## EastCoasthandle (Sep 21, 2011)

I have to wonder if this would have any effect on 3rd party software that is not driver signed?
And would we need to update our bios if we want win8?


----------



## qubit (Sep 21, 2011)

OneMoar said:


> typical foss user ranting lulz  people like you are why linux has less then a 5% share of the desktop market



Thanks for the personal attack.  I would have appreciated an intelligent response to my intelligent (and pleasant) response.


----------



## OneMoar (Sep 21, 2011)

Katanai said:


> This article: Designed to start a flamewar?



pretty much its your typical twist the facts and bend words to make it looks like the big evil corporation has it out for them
not what I like to see on tpu


----------



## OneMoar (Sep 21, 2011)

qubit said:


> Thanks for the personal attack.  I would have appreciated an intelligent response to my intelligent (and pleasant) response.



there was nothing intelligent or pleasant about your post its badly edited and copypasta and its  apparently made to look like OMG Microsoft is evil and disregards both the fact that A: if Microsoft wanted to _block linux_ they could have done so years ago b: thats not what this is intended for


----------



## qubit (Sep 21, 2011)

OneMoar said:


> there was nothing intelligent or pleasant about your post its badly edited and copypasta and its  apparently made to look like OMG Microsoft is evil and disregards both the fact that A: if Microsoft wanted to _block linux_ they could have done so years ago b: thats not what this is intended for



You are really becoming blatantly insulting now. And you really need to stop. How about you just unsub from this thread and stop crapping in it?


----------



## FordGT90Concept (Sep 21, 2011)

qubit said:


> Also, it's not at all clear that it actually secures against viruses and other malware and appears to be solely designed to appease corporate self interests for unbreakable Digital Restrictions Management (DRM).


On the surface, I reach the same conclusion.  This is bad joo joo.


----------



## OneMoar (Sep 21, 2011)

OneMoar said:


> there was nothing intelligent or pleasant about your post its badly edited and copypasta and its  apparently made to look like OMG Microsoft is evil and disregards both the fact that A: if Microsoft wanted to _block linux_ they could have done so years ago b: thats not what this is intended for



and no I was making a generalization  not a _personal attack_
THIS is a personal attack
[example] qubit is the stereotypical FOSS zelot that doesn't know his  carriage returns from his brackets  and should go burn in the fiery pits of mordor [example/]


----------



## Fx (Sep 21, 2011)

I didnt see this coming but it doesnt surprise me either

smh


----------



## bear jesus (Sep 21, 2011)

This sounds like it may suck for pre built computers, i know it does not seam like much of an issue for most of us but that would include laptops, netbooks and other things that people like us would buy pre built.

Oh and qubit i must say i have been enjoying your news posts, one of the reasons is the late night posing, well late night for users like me in britland.


----------



## micropage7 (Sep 21, 2011)

so
because this the user of cracked windows will rise high than before? 
i guess this is interesting


----------



## Fx (Sep 21, 2011)

bear jesus said:


> Oh and qubit i must say i have been enjoying your news posts, one of the reasons is the late night posing, well late night for users like me in britland.



aye, +1 for qubit


----------



## OneMoar (Sep 21, 2011)

the lot of you keep overlooking the point that it HAS a off button AND its A uEFI foundation spec NOT a Microsoft one its not any different the SLIC embedded in most oem bios's 
http://mjg59.dreamwidth.org/5552.html


----------



## DrPepper (Sep 22, 2011)

OneMoar said:


> typical foss user ranting lulz  people like you are why linux has less then a 5% share of the desktop market



Actually it's more to do with the fact Linux is a niche OS that is only used by professionals and techies since the average user doesn't want to go through all the hoops to get what they want out of software.


----------



## RoutedScripter (Sep 22, 2011)

Microsoft trying to turn PC into iMac, if so ... over my dead body.

Microsoft has no authority to do that for the whole industry, if so it could shape out to be a conspiracy, imo


----------



## Arctucas (Sep 22, 2011)

For the average user, who, in most likelihood, is not even aware operating systems other than Windows exist and only buys pre-built PCs, this is basically a non-factor. Ignorance is bliss, after all.

I, personally, would not purchase a motherboard if it had no way to override or disable this type of restriction. When enough people feel the same, and the enthusiast market segment manufacturers begin to lose money, you can bet it will become an 'option'.


----------



## OneMoar (Sep 22, 2011)

Arctucas said:


> For the average user, who, in most likelihood, is not even aware operating systems other than Windows exist and only buys pre-built PCs, this is basically a non-factor. Ignorance is bliss, after all.
> 
> I, personally, would not purchase a motherboard if it had no way to override or disable this type of restriction. When enough people feel the same, and the enthusiast market segment manufacturers begin to lose money, you can bet it will become an 'option'.



ofc but when people start pointing fingers and spinning-words logic and common sense go out like the trash


----------



## A Cheese Danish (Sep 22, 2011)

Silly question: Does this mean any PC shipped with W8 will not allow another OS to be installed?


----------



## qubit (Sep 22, 2011)

A Cheese Danish said:


> Silly question: Does this mean any PC shipped with W8 will not allow another OS to be installed?



If this came to pass, yes. That kind of lockout it exactly what it's for.

That wasn't such a silly question.


----------



## A Cheese Danish (Sep 22, 2011)

qubit said:


> If this came to pass, yes. That kind of lockout it exactly what it's for.
> 
> That wasn't such a silly question.



I kinda figured. Basically screws the business world.


----------



## happita (Sep 22, 2011)

If this becomes a reality, EVEN if it is as an option, or if it has a "switch" you can damn well guarantee that when enough non-enthusiasts have adopted this....or forced to adopt I should say.....Microsoft, Trusted Computing, or whoever is behind this will charge a fee and say that "Hey, we're not going to let this 'technology' go for free anymore....we don't have the capacity or resources to help continuing this endeavor."
So this price that is charged has to go somewhere....and what better way NOT to incur the cost than to tack on the extra expense onto us customers? OS prices will go up....as if they aren't high enough? Pretty soon it will be an "option" at a price, then it will be standard in all PCs with an "on/off switch" with a price, and finally we will have no more say in it....oh and the price is one with the total cost and can no longer be negotiated. Plain and simple, this all comes down to control. More control, more certainty.


----------



## DannibusX (Sep 22, 2011)

You know, I'm on the fence about this.  On one hand, it's a great idea to keep people from infecting their systems with malware and viruses.  At least until someone figures out how to bypass it over the internet.  On the other hand, it could lead to some systems only allowing (essentially) Microsoft Windows to be installed.

If it were to be implimented it would definitely have to be regulated with an option in the BIOS/UEFI.  There's no way Microsoft should be allowed to have a defacto monopoly like that.


----------



## D4S4 (Sep 22, 2011)

DannibusX said:


> monopoly



cuz dat just be the way microsoft rolls.


----------



## TRWOV (Sep 22, 2011)

qubit said:


> Proposed changes to the Unified Extensible Firmware Interface (UEFI) firmware specifications would mean PCs would only boot from a digitally signed image derived from a keychain rooted in keys built into the PC. Microsoft is pushing hard to make this mandatory, so that users cannot override it.



This is only for OEM PCs that want to carry the "Designed for Windows 8" logo. This will only affect people buying a Dell and wanting to dual boot it. *The lock can be turned off* if desired although_ it will be up to the OEM if the option is included or not_.






Katanai said:


> This article: Designed to start a flamewar?


+1


----------



## enaher (Sep 22, 2011)

Probably has an off switch, lawsuits anyone?


----------



## caleb (Sep 22, 2011)

Lucky us there is MSDN/AA


----------



## Saidrex (Sep 22, 2011)

Dont care, im not going to use Windows 8 anyway, high price - same shit, only uglier inteface.


----------



## _JP_ (Sep 22, 2011)

Saidrex said:


> Dont care, im not going to use Windows 8 anyway, high price - same shit, only uglier inteface.


This guy gets it!
For now, I fell the same way about Win8.


----------



## Bundy (Sep 22, 2011)

Well I hope Win 8 is totally malware free then...because I use a linux boot distro to recover files. 

Also, how are all the school boys going to access their porn now?


----------



## NdMk2o1o (Sep 22, 2011)

OneMoar said:


> typical foss user ranting lulz  people like you are why linux has less then a 5% share of the desktop market



No, Windows users like YOU are why Linux has 5% share of the market


----------



## Shihab (Sep 22, 2011)

MS looking for another Lawsuit ?
 If they really include an option to turn it off, and give the buyer the choice whether to use it or not when buying a new Laptop/ Prebuilt Desktop, I don't see it being much of a problem. If anything, if there claims that it stops viruses from completely ruining the system, it might prove to be a very useful utility.



DrPepper said:


> Actually it's more to do with the fact Linux is a niche OS that is only used by professionals and techies since the average user doesn't want to go through all the hoops to get what they want out of software.



...and the two types of users mentioned above won't have a problem running Linux on a Win8 machine, even if there is no _off button_


Edit: wait a sec, does that mean Win 8 will only run on a UEFI equipped system ?


----------



## ron732 (Sep 22, 2011)

Microsoft up to no good yet again.


----------



## Static~Charge (Sep 22, 2011)

Rule #1 when dealing with Microsoft: Do not ascribe their actions with altruism, especially where competition is involved.

Microsoft is trying to kill two birds with one stone here. First, they want to stop malware infecting the boot record, and Secure Boot will certainly do that. Second, they want to discourage people from using other operating systems, and Secure Boot will put a damper on that, too. Naturally, Microsoft doesn't say anything about item #2, because that would draw the unwanted attention of Federal regulators for anti-trust behavior.

Deny it all you want, OneMoar, but that won't make it go away.


----------



## Captain.Abrecan (Sep 22, 2011)

Isn't this rather benign?  This bios feature thing is supported in linux too, has been for years.  If you turned it on, you wouldn't be able to install windows on a linux box.

It is the device manufacturer's responsibility to allow you to unlock the device, not Microsoft.


----------



## PCpraiser100 (Sep 22, 2011)

Shouldn't be an issue, just prioritize your hard drives with the Linux one first if this is the case. If you can't afford a second hard drive, YOU CAN'T AFFORD LINUX!


----------



## m4gicfour (Sep 22, 2011)

Since I'd be infracted if not more for posting a photoshopped GIF of a microsoft logo bukkake-ing a pc.. well you'll just have to make do with that colorful description.

This sort of stuff makes my skin crawl. Regardless of who's behind it - Microsoft or otherwise -  It's only acceptable in my mind if the "off" button is a REQUIRED part of the specification. Furthermore, having it turned off should have no effect on any part of the OS. If this is about hardening the boot path against damage like they seem to be saying it is, there's no reason why it should effect anything to be off. I know corporate politics far to0 well (unfortunately) to think that *anything* of this sort offered up by the guys in the money making spots is anything but a thinly veiled attempt at making *more* money.


----------



## Ahhzz (Sep 22, 2011)

OneMoar said:


> the lot of you keep overlooking the point that it HAS a off button AND its A uEFI foundation spec NOT a Microsoft one its not any different the SLIC embedded in most oem bios's
> http://mjg59.dreamwidth.org/5552.html



_Microsoft is pushing hard to make this mandatory, so that users cannot override it. _


yup, you're right... M$ has NOTHING to do with it, and are perfectly fine with users turning it off.....


----------



## WhiteLotus (Sep 22, 2011)

Don't worry everyone who lives in Europe, our master overlords will make sure that Microsoft will release a different product to comply with their/our competition laws.


----------



## erocker (Sep 22, 2011)

Due to the cleaning up I've had to do here any off topic, insulting, flaming posts will be given points. No warnings, as this is your warning. That includes responding to this post.

Stay on topic and behave.


----------



## DrPepper (Sep 22, 2011)

Shihabyooo said:


> ...and the two types of users mentioned above won't have a problem running Linux on a Win8 machine, even if there is no _off button_
> 
> 
> Edit: wait a sec, does that mean Win 8 will only run on a UEFI equipped system ?



It will run on older hardware but the issue is that hardware won't be carrying a Windows 8 certified sticker I believe which is hardly an issue.


----------



## qubit (Sep 22, 2011)

DrPepper said:


> It will run on older hardware but the issue is that hardware won't be carrying a Windows 8 certified sticker I believe which is hardly an issue.



I guess it depends what you mean by "older". Take a look at my E8500 rig for example. It's hardly cutting edge now, but it still feels very fast and runs at over 4GHz. However, will it be "certified" for Windows 8, or is it gonna be locked out just because it lacks the very latest TPM DRM chip in it?


----------



## erocker (Sep 22, 2011)

qubit said:


> I guess it depends what you mean by "older". Take a look at my E8500 rig for example. It's hardly cutting edge now, but it still feels very fast and runs at over 4GHz. However, will it be "certified" for Windows 8, or is it gonna be locked out just because it lacks the very latest TPM DRM chip in it?



Doubt it. Microsoft is in the business of making money, of course they want you and everyone else to buy and use their new product regardless of the hardware you own.


----------



## streetfighter 2 (Sep 22, 2011)

_UEFI, a key component of Windows 8, is designed to work on several CPU architectures, such as ARM and is streamlined and efficient._ - FTA
LOL. The Register should probably hire a technical editor.
http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface

This really sucks for cheap, exceedingly cheap, OEM boards that don't allow you to flash your BIOS/EFI . . . For everyone else, _meh_

Also, Microsoft is going to have to bribe the pants off the Unified EFI Forum to get them to make this change.  I'm not saying they won't-- but they will have to.

Furthermore, I guess Microsoft won't be allowing virtualization of Windows 8?  That should go over well with corporate consumers.


----------



## TRWOV (Sep 23, 2011)

qubit said:


> I guess it depends what you mean by "older". Take a look at my E8500 rig for example. It's hardly cutting edge now, but it still feels very fast and runs at over 4GHz. However, will it be "certified" for Windows 8, or is it gonna be locked out just because it lacks the very latest TPM DRM chip in it?



The UEFI requirement is for OEMs that want to enter the "Designed for Windows 8" logo program. Boutique vendors and self builders don't have to worry about this stuff.

The only problem I foresee is with laptops but I'm sure that some enterprising users or even a manufacturer or two will make sure that some models come with the option to turn off the signature.


----------



## Dr. Nick (Sep 23, 2011)

One thing I'm wondering about is how some antivirus software will be affected by this.
Some of the software I've used and set up for friends and family on their PCs make use of a run-at-boot program to more efficiently clean the system. I hope this isn't going break that.

Also other things like DBAN or Memtest86+.


----------



## digibucc (Sep 23, 2011)

if anything individual parts will be "certified"  if only the motherboard bios has the chip, then only that will require it to be certified.  so you can buy all certified components, or all but a motherboard.
there will surely be "enthusiast" motherboards that aren't "certified", they may come up with a moniker, like "windows 8 guaranteed" or  "ready" or something.

this is really more for the likes of dell, gateway, acer, etc.  who you know do care about being "certified".

it does show the direction microsoft is headed. i see them eventually only allowing hardware with drm to run windows.


----------



## micropage7 (Sep 23, 2011)

DrPepper said:


> It will run on older hardware but the issue is that hardware won't be carrying a Windows 8 certified sticker I believe which is hardly an issue.


so we 'push' to trash our rig and buy newer which has uefi by ms.to run win8


----------



## qubit (Sep 23, 2011)

*Casio pays Linux protection money to Microsoft*

To those of you that think I'm overreacting about Microsoft using BIOS signing to lock out Linux and other operating systems, check out this little extortion racket they're playing on Casio. Yeah, it's my belief that the whole SCO saga was orchestrated by Microsoft to try and make Linux illegal, it's just a shame that the cover-up was so good that the smoking gun wasn't found.



> *Microsoft Convinces Yet Another Company to Cough Up 'Protection' Money*
> 
> from the you-wouldn't-want-something-bad-to-happen,-would-you? dept
> 
> ...



Techdirt


----------



## OneMoar (Sep 23, 2011)

http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx


----------



## digibucc (Sep 23, 2011)

from the article:


> Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows



translation:


> Microsoft mandates and controls the settings on PC firmware that controls or enables secured boot from Windows



so if an oem manufacturer wants their firmware to enable secure boot with windows, it will be controlled and mandated by microsoft.

in order to allow secured boot, they will need to follow msofts rules. since the signed os bit is part of UEFI anyway, i'm not sure what rules microsoft will impose, but this is fancy speak trying to hide the fact that they WILL mandate and control firmwares that enable secured boot for windows.

not saying that does or doesn't make sense, they just deliberately tried to hide that point.


----------



## OneMoar (Sep 23, 2011)

hoooooooook now this is just turning into a anti-Microsoft thread again ... and no digi your wrong .. 
it is NOT required to Run windows 8 its only Required IF you want they fancy "designed  for windows 8 cert"
so here we go again people are over analyzing and creating dots to connect 
tl;dr >
if a OEM Wants to have there machines labeled "made for windows 8" then they need to ship the board with Secure-boot Capable and it _enabled by default_  now this doesn't mean they WILL bother to include a option to disable it in the uEFI setup but thats not microsofts or the uefi.org 's problem 
k we are done here


----------



## digibucc (Sep 23, 2011)

i'm not wrong, and i already said that last night!



digibucc said:


> there will surely be "enthusiast" motherboards that aren't "certified", they may come up with a moniker, like "windows 8 guaranteed" or  "ready" or something.
> 
> this is really more for the likes of dell, gateway, acer, etc.  who you know do care about being "certified".



i don't even know what else to say.  you had a prepared statement and were ready to direct it at whoever posted last.  please explain how i am wrong with real thoughts this time, if you so choose.


----------



## OneMoar (Sep 23, 2011)

digibucc said:


> i'm not wrong, and i already said that last night!
> 
> 
> 
> i don't even know what else to say.  you had a prepared statement and were ready to direct it at whoever posted last.  please explain how i am wrong with real thoughts this time, if you so choose.



[“Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled,” Red Hat developer Matthew Garrett writes on his blog in reference to a recent presentation by Microsoft program manager Arie van der Hoeven. The Microsoft exec notes that UEFI and secure boot are “required for Windows 8 client” with the result that “all firmware and software in the boot process must be signed by a trusted Certificate Authority.”] >unless you turn it off 

- you where late to the party on that one that was part of the ORIGINAL unedited announcement 
[/offtopic]
and no I didn't prepare any _statements_ what I wrote is what I meant and its what ill stand by 
the problem I have with the foss community in general has nothing todo with my posts I know Microsoft has a darkside and that has ZERO bearing on my post until its said and DONE all that exists is unfounded FUD and misunderstanding 
I FULLY understand  HOW IT COULD be used and it doesn't mean it WILL so jumping on the ideological lets-hate-microsoft bandwagon   just because some of the foss community is BUTTHURT that there "Product doesn't have a 50% desktop market share does not give people the right to ASSUME that ""this is this and this will be used like this""
and to wander a bit more off the topic path since that seems to be the point of this thread ... the only one at fault for linux/GNU's lackluster "market-share" are the the coders and community that are responsible


----------



## Drone (Sep 23, 2011)

tl dr. So iz teh skyz fallin'? Monopoly and monoculture will rule?


----------



## OneMoar (Sep 23, 2011)

Drone said:


> tl dr. So iz teh skyz fallin'? Monopoly and monoculture will rule?



hardly but at least someone gets my point
its all about the dollars and linux/GNU is no different 
I could guarantee  if that is Linux was as big and windows and was on every desktop pc
there would be ungodly amounts of cash involved and all kinds of corporate-reindeer-games 
if Microsoft was GNU-linux and Linux was Microsoft then it would still be the same deal
back room deals and law suites up the yang hole


----------



## Drone (Sep 23, 2011)

OneMoar said:


> hardly but at least someone gets my point
> its all about the dollars and linux/GNU is no different
> could't guarantee  if that is Linux was as big and windows and was on every desktop pc
> there would be ungodly amounts of cash involved and all kinds of corporate-reindeer-games
> ...



Ah. I see. In our age big corporations "rule" and the end user gets less and less freedom and choice. And it's painful because the further we go the more we depend on software (than on hardware). And god forbid if hardware and software will both be controlled by someone.


----------



## qubit (Sep 23, 2011)

OneMoar said:


> hardly but at least someone gets my point
> its all about the dollars and linux/GNU is no different
> I could guarantee  if that is Linux was as big and windows and was on every desktop pc
> there would be ungodly amounts of cash involved and all kinds of corporate-reindeer-games
> ...



Yeah, I have to agree with this. Wherever there's big dollars involved the system will be corrupted.  Still, it doesn't mean that we should sit back complacently and let it happen without any resistance. MS absolutely want to lock the PC down and shut out all competition, just like every other big corp, which is why we need these checks and balances in place.

As someone said, the price of freedom is eternal vigilance, or something like that.  It was somebody famous, I might google it later, lol.


----------



## digibucc (Sep 23, 2011)

qubit said:


> Wherever there's big dollars involved the system will be corrupted.  Still, it doesn't mean that we should sit back complacently and let it happen



+1000



OneMoar said:


> I FULLY understand  HOW IT COULD be used



so that means I am not allowed to point it out?  that's basically what you have said.  i said nothing about open source software or microsoft being evil, i even disclaimed it because truthfully, there is no reason they shouldn't be able to set restrictions on what type of hardware can run it. that doesn't mean i like the change, or think it's good for consumers - but there is no reason they shouldn't be allowed to do that imo.

and everyone else does it. that's your argument? that makes it all the more essential to stand up to every instance of it, not to berate people for recognizing it - as you have.


----------



## OneMoar (Sep 23, 2011)

digibucc said:


> +1000
> 
> 
> 
> ...


 THERE NOT SETTING Restrictions thats what you are NOT getting 
it IS A OPTIONAL UEFI.org SPEC NOT A Microsoft one 
http://www.uefi.org/learning_center/
http://www.uefi.org/learning_center/UPFS11_P2_SecureBoot_Insyde.pdf
Microsoft is making use of a OPTIONAL Tech  and yall are having a panic attack
how much fking clearer can I be and according to the nice fking pdf that no one has seemed to rtfm'd in-order for a vender to be fully UEFI 2.3.1 compliant there needs to be a option to _disable secure boot_


----------



## digibucc (Sep 23, 2011)

OneMoar said:


> THERE NOT SETTING restrictions thats what you are NOT getting
> it IS A OPTIONAL UEFI.org SPEC NOT A Microsoft one
> http://www.uefi.org/learning_center/
> http://www.uefi.org/learning_center/UPFS11_P2_SecureBoot_Insyde.pdf



you really have a hard time reading and responding to what someone says, don't you?

again:


digibucc said:


> * since the signed os bit is part of UEFI anyway,* i'm not sure what rules microsoft will impose, but this is fancy speak trying to hide the fact that they WILL mandate and control firmwares that enable secured boot for windows.
> 
> not saying that does or doesn't make sense, they just deliberately tried to hide that point.



my comment, was about the wording of that statement. (Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows  )

that's it.  the statement is intentionally worded to make it sound as though microsoft will not enforce any restrictions, while actually saying they can enforce any restrictions on any hardware that uses secureboot and windows.  i was wrong to say WILL, when CAN is the length of reason - however it's not far off to assume they WILL enforce control should it suit their interests.

as i said, you had a canned response that actually had no bearing on my post.  but because you didn't take the time to read my post you missed that.  you also seem to have a hard time admitting that, and so continue to argue with me about things i did not say, or what you think i do not know (though both times i have shown i stated it before you).


----------



## OneMoar (Sep 23, 2011)

again its back to people "reading the empty space between the lines" you don't KNOW that the Microsoft statement was intentionally worded that way. when I read that statement I don't see that

and no THEY CANT ENFORCE SHIT Microsoft does NOT have any control over UEFI at best all they could do would be to change the windows boot loader to be incompatible with GRUB or what ever 
you seem to be under the impression that Microsoft has direct control over what is signed and NOT signed by UEFI they don't uEFI.org DOES. 
All Microsoft can do is supply a kms/cert and say here you go here are the keys for windows 8 used these to the authentication of boot loader ;else no windows 8 certification for you  > require user to turn the "secure boot off" to boot unsigned code, also since a lot of UEFI based boards have "embedded Linux's the chance of UEFI NOT supporting GRUB on boards running " THERE" 
firmware is low to nonexistent either way microsoft has no direct control over what UEFI.org signs or doesn't sign


----------



## digibucc (Sep 23, 2011)

have a good day. ::hattip::


----------



## [H]@RD5TUFF (Sep 23, 2011)

I read about this, if it's true I will no be upgrading, also I don't see how this can be legal!


----------



## TRWOV (Sep 24, 2011)

[H]@RD5TUFF said:


> I read about this, if it's true I will no be upgrading, also I don't see how this can be legal!



Because it is, there is nothing illegal about it. It's included in the UEFI 2.3.1 specification.


----------



## [H]@RD5TUFF (Sep 24, 2011)

TRWOV said:


> Because it is, there is nothing illegal about it. It's included in the UEFI 2.3.1 specification.



I sure do hope there will be a workaround, I enjoy running linux, it's more stable more responsive and aside from not being able to run a few of my games, does everything I need it to.


----------



## TRWOV (Sep 24, 2011)

It's akin to joining a club. If you want to enter the "Designed for Windows 8" logo club you have to use UEFI 2.3.1 which provides the secure boot feature.



To recap:
- The UEFI 2.3.1 specification includes the secure boot option
- Microsoft mandates that OEMs whom want to enter the "Designed for Windows 8" logo program have to use UEFI 2.3.1 on their boards
- It's up to the OEM if the disable feature is included
- If the option to disable the secure boot isn't present you can still install linux but it would have to be signed.


----------



## digibucc (Sep 24, 2011)

TRWOV said:


> It's akin to joining a club. If you want to enter the "Designed for Windows 8" logo club you have to use UEFI 2.3.1 which provides the secure boot feature.
> 
> 
> 
> ...



perfectly explained!


----------



## The Jedi (Sep 24, 2011)

For one, with whitelisting and blacklisting of keys can be an anti-piracy measure.  I believe in buying Windows, so have no problem with that, and most people would just get Windows with their new pre-built computer.

Also, with Windows 8 being able to boot to a virtualized OS, or like a .VHD virtual hard drive file like Windows 7 Ultimate/Enterprise, MS may want extra protection for security purposes for a corporate PC.

The "Windows 8 Certified" is only for a mass produced computer with the Designed for Windows 8 logo, and DIY'ers need not concern themselves that their PC is not certified.  It's a formality in some respects.  A PC can be built with Windows 8 Logo'ed components and use official release WHQL drivers and be the same as certified.  A Certified PC however means that I can't ship you a PC with beta drivers, so there is some intent to ensure the quality in a PC that gets Microsoft's logo sticker.

I doubt any company will ship a PC with an EFI BIOS that doesn't allow the secure boot to be disabled.  I would imagine there would be options like Secure Boot: On/Off/Off for Next Boot

Then an IT department can just set a BIOS password for security, and no big deal.  The actual PC designers surely have the sense that alternate OSes should be able to be installed like Knoppix or booting to anti-virus scanners and such.  Also with a company like Dell, they sell PC's with Linux to certain customers, so often I think it'd be inappropriate to built in limitations into the PC.  But HP for example locks their BIOSes on Pavilions so it will only work with the CPU model that it ships with - so you not only can't overclock, you can't upgrade your CPU, you'd need to buy a new PC for more CPU power.  At least this was my experience several years ago.  So sometimes depending on the company they have different model lines and different support agendas.  I notice that with BIOS activation of Windows, Dell will ship a Linux PC with a different BIOS than the same model with Windows.  And if you're an enthusiast who's buying pre-built and certain stuff matters to you, either do a little research before you buy or return it within 30 days and go with a better company.

I don't see this as a credible threat to Linux or DIY'ers, it's just more modernizing with the move to UEFI and the new things they can do now.  If it were real Microsoft anti-competitiveness I think it'd surely get shot down one way or the other.  As stated above, surely MS would want to avoid another confrontation with the governmental regulators.


----------



## [H]@RD5TUFF (Sep 24, 2011)

The Jedi said:


> I don't see this as a credible threat to Linux or DIY'ers, it's just more modernizing with the move to UEFI and the new things they can do now.  If it were real Microsoft anti-competitiveness I think it'd surely get shot down one way or the other.  As stated above, surely MS would want to avoid another confrontation with the governmental regulators.



I currently use WUBI to boot Ubuntu, if I can't do so I have serious issue with that!


----------



## Drone (Sep 24, 2011)

I've read that MS replied to this and said that secure boot can be opt in/out and they posted this screen


----------



## Shihab (Sep 24, 2011)

Drone said:


> I've read that MS replied to this and said that secure boot can be opt in/out and they posted this screen
> 
> http://www.maximumpc.com/files/u138055/secure_boot.jpg



Thank you !

Now we just have to hope that OEMs won't disable this option in their products. But if you ask me, I think some -of not most- laptops will come without this option. At least it won't be MS's fault. Unless someone digs out a document showing MS paying OEMs to remove this "off button" from their products.


----------



## Drone (Sep 24, 2011)

^ yes, anything is possible


----------



## Solaris17 (Sep 24, 2011)

/angry face.


----------



## [H]@RD5TUFF (Sep 24, 2011)

Drone said:


> I've read that MS replied to this and said that secure boot can be opt in/out and they posted this screen
> 
> http://www.maximumpc.com/files/u138055/secure_boot.jpg



Oh thank jebus, I was legitimately worried for a little bit.


----------

