Forgot your password?
typodupeerror
DRM Microsoft Operating Systems Portables Linux

Why Linux On Microsoft Surface Is a Tough Challenge 561

Posted by timothy
from the 5-feet-high-and-risin' dept.
hypnosec writes "With Linux enthusiasts and distro publishers eagerly waiting for a solution to Microsoft's UEFI SecureBoot, there are those who have already looked at the viability of Linux on Microsoft Surface tablet. Matthew Garrett, a.k.a. UEFI-guru, has revealed that those who are keeping their fingers crossed and hoping to find run Linux on Microsoft's tablet are on an uphill walk and it doesn't seem to be an easy one. So why is this? The answer is in the manner in which Microsoft has restricted the Surface from loading non-signed software / binaries by implementing UEFI SecureBoot. Microsoft has loaded on the ARM based tablet its private key instead of the 'Microsoft Windows UEFI Driver Publisher' key, which is needed to sign non-Microsoft software like Linux distributions or loaders. So, no publisher key = no signed non-Microsoft binary = no Linux."
This discussion has been archived. No new comments can be posted.

Why Linux On Microsoft Surface Is a Tough Challenge

Comments Filter:
  • by turkeyfeathers (843622) on Sunday December 30, 2012 @06:57PM (#42428847)
    As if you needed another reason.
    • by Frosty Piss (770223) * on Sunday December 30, 2012 @07:36PM (#42429117)

      As if you needed another reason.

      Exactly. Solution? Don't buy a Surface if you want to run Linux / Android on it.

      It's so deliciously simple.

      I don't like Win8 either.

      Guess what? I haven't bought it.

      Another thing I haven't bought:

      http://en.wikipedia.org/wiki/File:Cadillac_CTS_front.JPG [wikipedia.org]

      It's an ugly car... I don't want one.

      • by Anonymous Coward on Sunday December 30, 2012 @09:33PM (#42429951)
        I've tried to put the Linux on my CTS. I think they've restricted the bootloader or something because it doesn't go. I also am outraged that my 4-slice toaster seems to be restricted, it will NOT run Linux. This is clearly M$0ft's doing.
      • by mysidia (191772) on Sunday December 30, 2012 @11:05PM (#42430411)

        Hackers were able to get Android running even on an iPhone. I don't think the Surface will be a technical impossibility getting Android running on it... the only question will be if hackers are willing to devote the time and energy to it.

        IMO it's just not worth it. Don't buy the crap from MS :)

        • by sg_oneill (159032) on Sunday December 30, 2012 @11:16PM (#42430467)

          Apple haven't really put a lot of effort into locking out jailbreaks. Just a token effort really to appease the devs and itunes lawyers worried about piracy. UIltimately apples money isnt really derived from software but hardware.

          Microsoft on the other hand are all about software. They are much more in need of a lockout to ban competition from their hardware.

          Compare the two approaches: Apple;- No competing hardware (But we dont really care if you install windows on your mac, we'll just think your daft). Microsoft;- No competing software (We dont care if you install us on a competing tablet, surface is just a marketing tool)

          • by mysidia (191772)

            We dont care if you install us on a competing tablet, surface is just a marketing tool

            As long as you pay for the software.

            If you bought the surface, you already paid for the software too, so no, they shouldn't care what you installed on it; their profit is already made with the sale, and doesn't rely on you keeping their software on the unit.

            • by roc97007 (608802)

              But someone might see Linux on a surface and it would raise their expectations on what a Surface could do. I could see where that might cause problems.

    • Apple angle? (Score:3, Insightful)

      by csumpi (2258986)
      You can't run linux on an ipad either. So linux users don't buy ipads either? Do linux users boycott apple and not run linux on overpriced apple laptops because they can't run linux on apple's tablet?

      Why is Microsoft the only evil one for making a tablet that can't boot linux?

      This is just plain silliness. There are a bunch of win8 tablets where secure boot can be disabled and linux installed.
      • by DeathElk (883654)

        [Choke] You must be new here. I always come to Slashdot when I want to read irrational anti-apple guff.

      • Re: (Score:3, Informative)

        by Elldallan (901501)
        Because Microsoft has a dominant market share by EU standards and therefore this sort of behavior is illegal, Microsoft has been up in the courts over monopoly abuse before so that they have a "dominant market share" has been clearly established, Apple is more of a grey area, whether they have a "dominant market share" has not yet been determined yet by the EU courts so they are free to act as they choose until they are found to be abusing their "dominant market share".

        Hence Microsoft is evil and breaking
        • by Joe U (443617)

          Because Microsoft has a dominant market share by EU standards and therefore this sort of behavior is illegal

          In the PC market. Not in the ARM consumer tablet market.

  • Solution (Score:5, Insightful)

    by Anonymous Coward on Sunday December 30, 2012 @06:57PM (#42428849)

    Don't buy a surface?

    • Re:Solution (Score:5, Insightful)

      by Anonymous Coward on Sunday December 30, 2012 @07:06PM (#42428919)

      Eventually all hardware will be like this. What will be your solution then? Don't buy a computer?

      The trend is clear. Not so long ago, ALL hardware was yours after you bought it. Now, only a fraction is, and the ones that are not, are in the process of being locked down. In 10 years, 15 tops, you won't be able to buy an unlocked device, not a desktop, not a mobile. There will be some way to run Linux still, such as your vendor buying a key, but it's all going to be at someone else's permission.

      Have fun with that world.

      • by CAIMLAS (41445)

        Eventually all hardware will be like this. What will be your solution then? Don't buy a computer?

        On the contrary, smartphones have been getting more open as time has gone on - specifically, as Android has gained traction. It used to be that pretty much any portable device was locked down and took a copious amount of time to even get a working chainload; now, many (most) of the high quality phones ship "open" and unhindered.

        All hardware will be like this - locked down and inaccessible - only if we end up with an antitrust-worthy monopoly controlling the industry, like the one Apple and Microsoft both wa

    • Re:Solution (Score:4, Insightful)

      by Anachragnome (1008495) on Sunday December 30, 2012 @07:07PM (#42428921)

      "Don't buy a surface?"

      AC, or not, mod up please. Simplest solution possible.

  • Well then ... (Score:5, Insightful)

    by King_TJ (85913) on Sunday December 30, 2012 @06:57PM (#42428851) Journal

    no publisher key = no signed non-Microsoft binary = no Linux = NO SALE!

    Honestly, I have no real interest in the Microsoft Surface anyway. I played with one at the store for a little while, and walked away thinking, "Pretty looking, but ultimately adds no value for me." Obviously though, others feel differently.

    Still, if you're someone actually interested in a Surface but NOT to run Windows on it? The fact Microsoft has it this locked down should tell you to move along and not vote for this product with your wallet. It's great to see people enabling hardware to do new things it wasn't intended to do originally.... but where do we draw the line?

    • Re:Well then ... (Score:4, Insightful)

      by martin-boundary (547041) on Sunday December 30, 2012 @07:00PM (#42428873)
      The line is where it's always been: you buy the product, it's yours, you can do whatever you like with it. It's unreasonable for a manufacturer to try to take those rights away from you.
      • Re: (Score:3, Insightful)

        by Andrewkov (140579)

        Yet millions and millions of locked cell phones are sold every year.

      • The line is where it's always been: you buy the product, it's yours, you can do whatever you like with it. It's unreasonable for a manufacturer to try to take those rights away from you.

        If the product was sold to you in this state without trying to hide it then they haven't "taken" anything away from you.

        • Re:Well then ... (Score:4, Insightful)

          by martin-boundary (547041) on Sunday December 30, 2012 @07:48PM (#42429223)
          If it's a gratuitous addition specifically to prevent you from doing something that you otherwise could, then they have. For example, if you buy a book and find out the pages have been glued together, that's unreasonable. If you buy a computer and you find out it could run third party software, but the loading system has been disabled, that's unreasonable.
      • Re:Well then ... (Score:4, Insightful)

        by vlad30 (44644) on Sunday December 30, 2012 @08:37PM (#42429601)

        The line is where it's always been: you buy the product, it's yours, you can do whatever you like with it. It's unreasonable for a manufacturer to try to take those rights away from you.

        No the manufacturer sold it to you "as is" and "fit for purpose" if you want to do something else with it either buy a product that does what you want or go make it yourself. I personally don't like "restricted-boot" so I don't buy a product that has it - exception if the product is well designed and needs no modification

  • by Jmc23 (2353706)
    I hope the surface tanks. Linux users are probably more likely to want keyboards than windows users.
    • I hope the surface tanks. Linux users are probably more likely to want keyboards than windows users.

      ....but that is not the point. Linux users that do *keyboard intensive tasks* want keyboards...whether they want undersized candy coloured keyboards is dubious, or them attached to an undersized tablet is a another matter, but implying that the average user uses the keyboard more that any other OS is simply a little strange X pre-dates Windows :). Those that do you can see on here flaming each other about which one is best...although I believe in that knife fight the IBM Model M wins.

  • by EdZ (755139) on Sunday December 30, 2012 @07:03PM (#42428895)
    So in the same camp as every iPad made, and the majority of Android tablets, then?
    • Which tablets? (Score:2, Informative)

      by Anonymous Coward

      I can think of only a few major brand Android tablets that have locked bootloaders, and all of these have been defeated:

      * Nook Tablet
      * Nook HD
      * Nook HD+
      * Kindle HD 7"
      * Kindle HD 8.9"

      All use u-boot [www.denx.de] an open-sourced bootloader, and all had implementation flaws. (Actually, the flaws WERE their implementation in the first place. Let's say both had "available fixes".)

      Other tablets such as the Nexus 7 and 10 have locked bootloaders too, but they are unlockable via fastboot and the command "fastboot oem unlock".

      • Re:Which tablets? (Score:5, Interesting)

        by CajunArson (465943) on Sunday December 30, 2012 @08:22PM (#42429505) Journal

        So basically you are assuming that the Microsoft locked-down bootloader is impervious to hacking while all the Android ones suck and can be circumvented easily. Without knowing it, you've just complimented Microsoft's software engineering ability.

        If the Surface doesn't just bomb out in the market, there will very probably be some hacks that make it possible to load on a new OS. Frankly, my Android phone is much harder to install a new OS on that any other piece of hardware that I've ever owned even though it theoretically isn't "locked down" so I'm not going to point fingers at Microsoft for copy-catting everybody else in this space.

        • by ancientt (569920)

          I hope that it becomes reasonably simple to add a signed GPL system to computers using the Secure Boot system. For now I haven't seen much to give me confidence, so I'm looking for workarounds. What puzzles me is that I haven't seen anybody discussing booting Grub using the Windows boot configuration data store (BCDEdit.) That's what I do now. My computer boots to the Windows boot loader which I modified from Windows to load the IPL for Grub. Grub then takes over and boots Linux. It isn't even hard to set u

  • Primary reason (Score:5, Insightful)

    by KiloByte (825081) on Sunday December 30, 2012 @07:05PM (#42428903)

    SecureBoot was never about security If it was, Microsoft would put at least some token effort towards blacklisting drivers with ring 0 holes. The point since day one was to hinder the spread of non-commercial alternatives.

    • Re: (Score:3, Insightful)

      by YukariHirai (2674609)

      The point since day one was to hinder the spread of non-commercial alternatives.

      More accurately, to hinder non-Microsoft alternatives on their hardware... it's not like Microsoft would tell Apple "sure, we'll let you put iOS on the Surface" even if Apple had any interest in doing that. It just so happens that the only software that people try to put on Microsoft-branded hardware are non-commercial projects.

    • by dimeglio (456244)

      Agreed. Given how long it's taking to get the UEFI code from Microsoft, it's not surprising. Shame that hardware vendors are bending over backwards to Microsoft's wishes, not that they have much of a choice.

  • Unbelievable. (Score:5, Insightful)

    by Anonymous Coward on Sunday December 30, 2012 @07:07PM (#42428925)

    Stop. Just stop.

    It's a Microsoft device. It was designed to run Win RT. This is quite clearly marked on the box and the device itself.

    There are a thousand other things wrong with Linux right now and nobody seems interested in fixing them (yes, I'm doing my part, but I only have so much free time to spend fixing random issues and maintaining my own packages). No, instead, we're going to dump all our time and effort into making a device that was NEVER DESIGNED TO RUN LINUX, well, run Linux.

    Sooner or later you just have to say enough is enough. This is almost as stupid as buying an iPad or iPhone and attempting to run Android on it. Just because you're buying "hardware" doesn't mean you're getting the privilege of installing whatever the hell you want on the device. Mobile equipment like this is marketed and sold as an end-to-end solution, you're not buying hardware- you're buying software tied to hardware. Making the mistake of thinking that the hardware is there for you to do whatever you wish with is silly. If you want a tablet to run Linux on, buy a tablet that runs Linux.

    Trying to shoehorn the 'tux onto the ARM Surface is stupid. No shit Microsoft has locked the thing up, they're subsidizing the damned hardware by assuming that you'll run Windows on it and buy applications through the Windows App Store.

    This is almost as dumb as buying a set of kitchen utensils then wondering why you can't build a shed with them. If you wanted to buy a shed, why didn't you invest in a set of proper tools? What on earth made you think a few forks, spoons, and knives were going to let you do the same thing?

    • The two most rational posts in this thread so far are from ACs and no mod points for either.

      What gives?

    • by symbolset (646467) * on Sunday December 30, 2012 @07:24PM (#42429025) Journal
      The problem is that it was designed to never run linux.
      • by jedidiah (1196)

        > The problem is that it was designed to never run linux.

        Short of some bogus barrier, there is no such thing.

        If it can run some proprietary OS then by definition it can run Linux. Linux runs everwhere including hardware that other desktop operating systems can't touch.

        If it's a general purpose machine Linux can run it. If it's a Turing machine then Linux can run it.

        The idea that it's "not designed for" is just clueless nonsense.

    • by tuppe666 (904118) on Sunday December 30, 2012 @07:40PM (#42429151)

      Just because you're buying "hardware" doesn't mean you're getting the privilege of installing whatever the hell you want on the device.

      See ignoring the massive flag waving response. I have this belief that if I buy something I can do what the hell I want with it. When did I start hiring/licensing my computer!! Can Microsoft really not effective compete with Linux the OS you claim in not ready (It is has been for years) I believe the Android variant is set to eclipse Windows Next Year.

    • Specious logic (Score:5, Interesting)

      by Mr. Underbridge (666784) on Sunday December 30, 2012 @07:44PM (#42429185)

      There are a thousand other things wrong with Linux right now and nobody seems interested in fixing them (yes, I'm doing my part, but I only have so much free time to spend fixing random issues and maintaining my own packages). No, instead, we're going to dump all our time and effort into making a device that was NEVER DESIGNED TO RUN LINUX, well, run Linux.

      Until relatively recently, no device was *ever* designed to run linux. If the Linux community accepted that approach, Linux wouldn't run on anything.

      I think it's important, and sends a message to big companies, that Linux run on everything. It tells them, you will not avoid us. You cannot lock your shit down. No matter what you do, we'll be there.

      If I was more clever, I'd do a rendition of a Police song to accentuate the point.

    • Chevrolet car, that can only use Chevrolet gas.
    • by hawguy (1600213)

      Trying to shoehorn the 'tux onto the ARM Surface is stupid. No shit Microsoft has locked the thing up, they're subsidizing the damned hardware by assuming that you'll run Windows on it and buy applications through the Windows App Store.

      Are you sure they are subsidizing it? Apple supposedly makes obscene profits from the similarly priced (with similar, if not better, specs) iPads.

      They are certainly throwing a lot of marketing dollars behind it - but that's more to promote Win 8, not the hardware.

    • Re:Unbelievable. (Score:5, Insightful)

      by codepigeon (1202896) on Sunday December 30, 2012 @08:21PM (#42429483)
      I was right there with you until: 'just because you buy the hardware, you think you have the privilege to install what you want'.

      what!!! What has happened to this world?! I bought it. If I want to install DOS 6.2 on it, that is nobody's business but mine. I cant believe the corporations have managed to convince people like you otherwise.
    • by ewhac (5844)

      Just because you're buying "hardware" doesn't mean you're getting the privilege of installing whatever the hell you want on the device.

      Incorrect.

      When I buy a Chevy Volt, I am not forced to fill up with only one vendor's gas. I am not forced to charge up with electricity from a particular utility.

      When I buy a Sony TV, I am not forced to watch content only from Sony/Columbia/VEVO.

      When I buy a Sansa MP3 player, I am not forced to buy and load only music from Sansa's "content partners." Hell, on many of

    • by sjames (1099)

      It's actually more like buying a Stanley hammer and wondering why you can't use it to drive Ace brand nails...OH WAIT! You absolutely can! The very idea of rigging a hammer to only work with one brand of nail is laughably stupid.

      Consider, you claim that doing whatever legal thing I want with my own possessions would be a "privilege"?!? Under what legal or moral theory is it anything but a natural right?

      It's also worth considering that the PC Linus first installed Linux on wasn't intended to run Linux either

  • Expected (Score:3, Insightful)

    by Anonymous Coward on Sunday December 30, 2012 @07:12PM (#42428961)

    Had Microsoft tried to sell a PC that was similarly locked-down in the late 1990s, I expect they would've gotten sued by the government. However, mobile phones (and game consoles) have traditionally been locked-down, and no regulatory agency seems to mind.

    Now the line is blurring between the two, with the tablet borrowing from both laptops and mobile phones. I assume soon either it'll be OK for any device to be locked down, or all devices will have to be "openable".

    I wonder how that's gonna turn out...

    • by BlueStrat (756137)

      I assume soon either it'll be OK for any device to be locked down, or all devices will have to be "openable".

      I wonder how that's gonna turn out...

      Depends on how many MS/Apple/Sony etc executives and politicians that we test for flammability and high-velocity impact resistance.

      Strat

  • by fermion (181285) on Sunday December 30, 2012 @07:22PM (#42429011) Homepage Journal
    Before surface, MS WIndows ran on commodity hardware. If you needed a cheap *nix box you could go down to the store, but a MS Windows machine, through away the MS license, and load your favorite *nix.

    If you want a *nix that runs on MS Surface caliber hardware and aren't worrying about licensing, get an iPad. You can fill it up with important apps for under $100.

    If you want a cheap *nix pad, get an android. It still has licensing issues, but is the commodity hardware that was the MS Windows machine.

    The reality is that OSS is going to be a few years behind MS, which is a couple years behind Apple. Look at the office app. Openoffice.org was possible only because the office application is now legacy and MS did little to keep the product unique. While the GUI was available in high end Unix machines since it was available for Apple, commodity machines did not have graphic coprocessors that made GUIs efficient until the early 90's.

    So it is an advancement that we had a functional *nix tablet, in the form of android, before we had a functional MS tablet, in terms of surface. So I am not sure why we would want to make MS Surface anything other than a marginal device by standardizing it as a *nix device. I mean, one thing about windows is it was the standard for writing memos and the like, so if you could get the MS Windows applications running in *nix, then you would not have to have a MS license. But what Apps does MS Surface have? I mean MS is so desperate that they are buying banner ads on /. begging developers to write apps.

    Just let the MS Surface die a graceful death. Don't glorify it by even suggesting it should run and *nix.

  • Does it make your machine any more secure?

    Very dubious, because I think I can prove historically security is not a hardware issue, it is a human issue. I am not pulling this out of my arse either, I can site a huge list of failed hardware security solutions, which DO NOT WORK.

    So what has it accomplished so far?

    That is easy, unless you get essentially permission from Microsoft, you can't use GNU software.

    I won't buy a UEFI motherboard. Period.

    If motherboard manufacturers are STUPID ENOUGH to install UEFI ind

    • by Microlith (54737) on Sunday December 30, 2012 @07:39PM (#42429149)

      Whether Secure Boot makes your system more secure is still up in the air.

      What does UEFI do? It lets us move past many of the ancient holdovers from 30 years ago that imposed silly limits on PCs, like 2TB limits on the boot drive, the MBR and associated partitioning scheme (GPT is much cleaner.) It also removes all the 16-bit, 1MB memory window limitations at boot time, moving the processors directly into 64-bit on startup and never leaving. All the archaic stuff moved into a compatibility module that can be turned on and off as you see fit.

      I won't buy a UEFI motherboard. Period.

      Best of luck to you, I hope you enjoy MIPS. Every x86 board vendor has moved to UEFI.

  • by rueger (210566) * on Sunday December 30, 2012 @07:28PM (#42429059) Homepage
    I'm assuming that the same folks that root iPhones and Android phones, and seemingly every other bit of hardware on the planet will defeat this pretty fast as well. So yeah, let's buy up all of those cheap MicroSoft tablets and install Cyanogenmod!
    • by Rockoon (1252108)

      I'm assuming that the same folks that root iPhones and Android phones, and seemingly every other bit of hardware on the planet will defeat this pretty fast as well.

      Surely they can do it faster than the others, since its Microsoft and they dont know how to do security, right?

      • Re: (Score:3, Informative)

        Unfortunately Microsoft has learned a lot over the decades. The Xbox 360 is very secure (per CPU keys in ROM internal to the CPU, RAM encryption, a small, lean, and easy-to-secure hypervisor) and has yet to have a modding solution available that doesn't require tweaking the hardware. This is in contrast to the original Xbox which was a massive failure from a security standpoint.

  • Why bother? (Score:4, Insightful)

    by fufufang (2603203) on Sunday December 30, 2012 @07:31PM (#42429071)

    Why would you even bother to put Linux on Microsoft hardware? You have chosen hardware that's crippled by design, you have chosen to get yourself shafted. There are plenty other Linux friendly hardware out there...

  • by maccodemonkey (1438585) on Sunday December 30, 2012 @07:33PM (#42429093)

    Microsoft has made clear they don't want Linux on Surface. Nothing is that unique about the Surface hardware. So stop trying and concentrate on Linux on any number of more popular and more open tablets.

  • Ha! (Score:4, Insightful)

    by ickleberry (864871) <web@pineapple.vg> on Sunday December 30, 2012 @07:49PM (#42429233) Homepage
    Back when UEFI came out people were saying how things weren't so bad. Now MS has done exactly what 'tinfoil hat wearing alarmists' said they would.

    Next time, "things will be alright"-folk, dont tell us we didn't tole you!
  • by thegarbz (1787294) on Sunday December 30, 2012 @08:04PM (#42429345)

    All 5 of them.

  • by davydagger (2566757) on Sunday December 30, 2012 @08:08PM (#42429385)
    Why not just use an android tablets which already work with linux.

    also, the android patches have been included into 3.3 and 3.4 and later kernels, so a stock linux kernel can work.

    also, linux 3.8 will run on multiple arm cpus with one binary kernel.

    There are far far far more android tablets. Why even bother with a windows tab?
  • by WillyWanker (1502057) on Sunday December 30, 2012 @08:20PM (#42429469)

    It's almost as if they purposefully want to create products that will fail. Can anyone say "Zune", "Vista", or "Windows 8"? Do they somehow make more money doing things this way (perhaps a tax writeoff) than actually making something that sells tens or even hundreds of millions of units???

    Locked bootloaders are so last decade.

  • by tkrotchko (124118) on Sunday December 30, 2012 @08:38PM (#42429615) Homepage

    Microsoft Surface is not the name of a particular tablet, but a line of tablets which includes Windows RT & Windows 8 Pro

    Windows 8 Pro Surface does not require signed binaries, it is simply Windows Pro.

    They're talking specifically about Windows RT, and its not any better or worse than an iPad.

All great ideas are controversial, or have been at one time.

Working...