Linux Foundation Releases Document On UEFI Secure Boot 318
mvar writes "The Linux Foundation today released technical guidance to PC makers on how to implement secure UEFI without locking Linux or other free software off of new Windows 8 machines. The guidance included a subtle tisk-tisk at Microsoft's Steven Sinofsky for suggesting that PC owners won't want to mess with control of their hardware and would happily concede it to operating system makers and hardware manufacturers."
Canonical and Red Hat have also published a white paper (PDF) suggesting that all OEMs "allow secure boot to be easily disabled and enabled through a
firmware configuration interface," among other things.
Let me guess (Score:5, Interesting)
As I look into my crystal skull through the mists of time I see Microsoft release a white paper saying that OEMs will get $10 off the cost of Windows if they don't allow users to turn off 'Windows boot'?
Re:Antitrust but verify (Score:4, Interesting)
the US does not bite the hand that feeds it.
corporations feed the US. people don't matter anymore.
there are only going to be lawsuits in your dreams, my friend. big business is 'too big to fail' - no matter how large they actually are.
the OWS guys are complaining about this very kind of thing, in fact. but it won't change. the system is already in the hands of the 1% and that's that until the next bloody revolution comes.
Re:OEM can use this to lock in to there video, hdd (Score:5, Interesting)
Re:Antitrust but verify (Score:4, Interesting)
Being able to shut off "secure boot" doesn't do a thing to make Windows 8 less secure. In order to boot Windows 8, secure boot has to be turned on. If being able to run the computer with secure boot turned off somehow compromises the integrity of the Windows 8 installation, then the entire concept is broken before it started. (Hint... You can always remove the hard drive and put it in a non-UEFI computer as a secondary drive. That's essentially equivalent to booting another OS on the same machine.)
At this point, I'd have to say that the first screwup is that from what I've heard, Microsoft messed up the kernel signing process and hasn't signed their kernels the "correct" way supported by general tools. One piece of correct solution is to allow RedHat and others to sign their kernels and LiveCDs. For this reason, Microsoft should NOT be the signing authority - they should just be another company submitting their software for signing.
I suspect that the real/better solution to this problem would be a little more smarts in the UEFI itself. I get a signed Gentoo LiveCD image which, because it's properly signed, will boot. I then install my Gentoo onto the hard drive and tell the UEFI-aware GRUB about the kernel I just compiled.
Then I restart the machine back to BIOS and tell it to talk to GRUB, find my new kernel, and "approve" it - I guess a local signing. After that, I can boot my kernel. It's more pain than it is today, but probably less pain than the old days of lilo and forgetting to run lilo after building a new kernel. When that happened I had to boot a LiveCD to fix it. With this the fix involves at most booting my old kernel and using UEFI BIOS.
Re:Antitrust but verify (Score:4, Interesting)
Microsoft faced those lawsuits because they were not yet politically savvy enough to buy off politicians. Now that they are, it's not happening again.