How Microsoft Can Lock Linux Off Windows 8 PCs 899
Julie188 writes "Windows 8 PCs will use the next-generation booting specification known as Unified Extensible Firmware Interface (UEFI). In fact, Windows 8 logo devices will be required to use the secure boot portion of the new spec. Secure UEFI is intended to thwart rootkit infections by using PKI authentication before allowing executables or drivers to be loaded onto the device. Problem is, unless the device manufacturer gives a key to the device owner, it can also be used to keep the PC's owner from wiping out the current OS and installing another option, such as Linux."
What an over sensationalist title (Score:3, Insightful)
Boot rootkits are a real problem. Microsoft is improving security here. In fact, Linux has had the capability to use (U)EFI for years. Now Microsoft is just making it default in their system, because quite frankly most people aren't that intelligent with computers and the OS needs to decide some security for them. It's funny how in other news Microsoft gets bashed for bad security, and then in other news they get bashed for implementing those security features.
If you don't get the key when buying your computer, complain to your manufacturer. It's their fault. I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway, you're just throwing away money. And nowadays there's lots of computers available without Windows, or you can just build it yourself.
Re:What an over sensationalist title (Score:4, Insightful)
And why would a device manufacturer lock the device to a particular OS? Maybe for the same reason they could be coaxed to only sell the device with a particular OS?
You're absolutely right, if you completely ignore history.
Re:What an over sensationalist title (Score:5, Insightful)
They don't have to be coaxed, it's in their best interests to lock it out from the purchaser. It's the same reason they lock you out of android phones. Installing your own OS is something they don't want you to do because they think it drives up support costs and makes their built in advertisements go away.
Re:What an over sensationalist title (Score:5, Insightful)
"Try it again?" They haven't stopped.
Re: (Score:2, Insightful)
Re:What an over sensationalist title (Score:4, Informative)
Maybe you're just ignorant. I've asked three computer stores in my area, and they all say that they are contractually obligated to install Windows on every PC they sell. I asked if I could buy one with no OS, or with another OS installed, and they said their Microsoft contract forbids it. That was this year, not 15 years ago.
Re:What an over sensationalist title (Score:4, Informative)
Maybe you should buy online. There are places that sell barebones systems with no os. TigerDirect is one.
And if the place you are buying from is not in your state, you can avoid the sales tax as well as the microsoft tax
And you save a trip to the vets^Wstore too, they are delivered free right to your door.
Re:What an over sensationalist title (Score:5, Informative)
Disclaimer: I'm in the PC retail business.
There are no "Microsoft contracts" up here in Canada, certainly not with the individual shops as that would be a logistical nightmare to administer, even for MS. What does happen is skeevy shop owners like to sell an overpriced OS with every PC, because it's often the only profitable part of the deal on low-end machines. They make up these ominous sounding "contractual obligations", to which the alternative is to buy the PC unassembled with only a 30-day (in-store) warranty rather than the usual 1-to-3 year deal. A lot of customers don't know any better, so they fork over an extra $150-200 for an OEM license of W7HP.
With the big-box brands it's a bit different, because they love the preloading business. They still get paid to put bloatware on your machine - McAfee and MS Office trials - and of course they get a deep "volume" discount on the OS itself. There's still nothing that can legally force them to shove an OS down your throat, but since they don't list a price for an OEM license of the OS, nor many of the core components in the machine, they can argue that it's included in the base price, so there is no point in asking them to remove it since it's "free". They really could sell you a machine without Windows if they so wanted, and for larger corporate purchases you can specify that (or provide your own ghost image), but for the consumer stuff they would much rather sell you a preloaded PC that's ready for the average casual user. Just the support calls alone, from clueless users who bought a naked machine and don't know what to do with it, would be a PR nightmare and a huge cost sink. I've lost count of the times people bought naked machines from me, claiming they didn't need an OS, then returned a day later to buy the damn disc.
Think back a few years, when Dell briefly offered Linux-ready PCs. They cost more than the Windows-loaded versions of the same machines. Now you can run up and down with your conspiracy theories about MS bribes and whatnot, but the reality is that charging a little bit more for the Linux-ready variant ensured that the average Joe Random would buy the cheaper Windows one, even if the difference was only $30 or so, it's sufficient. This, in turn, probably saved them countless frustrating support calls from irate morons. Then a bit later they started preloading Ubuntu on there, to at least have the machine boot to an internet-ready OS.
Re:What an over sensationalist title (Score:5, Insightful)
I'm sick of hearing that crap. How do you vote with your feet if there is barely any choice in the so-called "marketplace"? And if you vote with your wallet, will that count against the votes of others whose wallets are rather thicker than yours?
All these "vote with" phrases make a mockery of democracy. Here is my suggestion: vote with your vote. I know, it's pretty damn bold.
Microsoft = the only reason you can have alt os (Score:5, Insightful)
The sad fact is, that microsoft was the great innovator in this space. IBM, who came before them, didn't allow any os but their own to use any hardware they produced, nor did they allow any competition on the hardware side of things. They were like apple's iphone business.
Microsoft is the reason that you can install alternative operating systems in the first place. Everyone else managed to blow themselves up, despite having a really strong opportunity. DR-DOS, Concurrent PC-DOS, CP/M, FreeDOS, PTS-DOS, ROM-DOS, Novell DOS, OpenDOS and I'm not even providing a full list here. Geos, PC/Geos, GeoWorks, MAC/OS, OS/2, Amiga/OS, BeOS, Iris, NextStep, RISC OS, Visi On... Microsoft openly competed with all of them and won, mostly on technical merit. Apple was one of the companies that used the courts to prevent alternative operating systems from becoming possible, and has always been openly hostile to competition. Along with that, Microsoft created the market for hardware innovations (my apologies to any lisp/c64/... machine addicts, but ... even you know what I man). You should give them credit for that, even if that credit mostly belongs to Bill Gates, and little claim can be laid to it by the current microsoft crew.
Microsoft is the canonical example of a company that faced lots and lots of competition and won mostly on technical merits.
Besides, I'm kinda starting to hate this anti-microsoft bashing. It's been years since I've used any form of windows on my own machines, or at work. There is no anti-competition behavior microsoft might be doing of that apple isn't doing 10x worse. Compatibility with iWork ? Just try it. Yet apple is not just forgiven for being anti-freedom, but actually revered for it. "A curated experience is better" and so on. And on apple machines, you really can't install the software you want, because there are actual, technical control measures in place that actually try to prevent it.
In this case, people are afraid of what microsoft *might* at some point, try to do. Great. Microsoft, today, isn't the problem. Apple is the big enemy of software freedom today. Microsoft is mostly becoming less free by imitating apple.
So please, let's shelve this discussion until apple has been broken up into a hardware business entirely separate from the software business. Including on the iPhone front.
IBM opened the PC wide, not MS (Score:4, Informative)
Yes, IBM's enterprise machines, up until recently, let you run no alternative OS. But the IBM PC has been open from day one. You've always been allowed to run alternate OS'es on your PC. You thought Microsoft "let" you run alternate OS'es? They did not then, and do not now, own the PC HW architecture. It was IBM's openness that let you do this, not Microsoft's.
(IBM did try to keep some of the particulars of the BIOS secret to prevent PC clones, but it was swiftly reverse-engineered and IBM did not stop it, despite the long-demonstrated ability to have their lawyers crush the opposition.)
Re: (Score:3)
"IBM did try to keep some of the particulars of the BIOS secret to prevent PC clones, but it was swiftly reverse-engineered..."
That's not right. IBM published, in full, in the
technical reference manual, the commented BIOS
source code. It wasn't SECRET, it was COPYRIGHT.
The third-party BIOS'es were reverse engineered, by
clean-room techniques where the authors never saw
the IBM publication, but only the formal specification.
The formal-specification team DID read the source.
Re: (Score:3)
Re:What an over sensationalist title (Score:4, Insightful)
Re: (Score:3)
The secure BIOS won't allow booting/installing of unsigned binaries. From the second linked article:
The UEFI secure boot protocol is part of recent UEFI specification releases. It permits one or more signing keys to be installed into a system firmware. Once enabled, secure boot prevents executables or drivers from being loaded unless they're signed by one of these keys.
So, we'll need to find a way to install keys that have been used to sign Linux installers (and kernels, apparently). Not sure how possible that is.
Re: (Score:3)
Load the Windows boot loader with Grub, instead.
Windows 8 is the iPhoning of the PC (Score:3)
I also dual boot Win7 and Fedora on this Thinkpad and Grub is the one in the MBR. However, I haven't succeeded in getting SP1 to download and install. Until now I just figured, "That's just Windows" and didn't care since I only boot it when I'm doing the 'well does this damned site even work on Win+IE?" test and that doesn't happen often anymore.
But I have been saying for a couple of years that while before Microsoft's future vision was to make the PC into an XBox that it changed recently. Now they are c
Re: (Score:3)
It did take a while to find that fix however, and during the interim I cursed MS up and down
Re:moron. (Score:4, Insightful)
Why would you need to find a job? Make a good business plan or come up with an innovative idea, get some financial backing behind it and there's your success. That's what I meant with working hard, not some dead-end McDonalds job.
Oh, I'm sorry, I thought we were talking about reality here. You're right, everyone should just be an entrepreneur, what was I thinking?
There's nothing, absolutely nothing stopping you from trying so.
Well, except for that whole "lack of money" thing. Oh yeah, and a lack of time since you already work 2 full-time jobs just to continue living at a first world level. And the kids, yeah, we'll have our nanny take our kids off our hands for a few weeks while we hammer out a business plan and shop it around to investors (I mean, we all know venture capitalists, amirite?). If we blow off our annual trip to the Caribbean we should have enough to cover the mortgage and car payments for a month while we get our new business off the ground, and once the money from our business starts rolling in (it'll have to, there's no way a business could crash and burn!), we'll be on easy street!
You've been reading too much pro-Capitalism propaganda. It's a game, and the game is rigged...it has been for at least a hundred years.
Re:moron. (Score:4, Insightful)
Ah, the "I know a person that can do it, so that means everyone can" argument. I know it well, I hear it a lot when talking to people about the cyclical nature of poverty and wage slavery. "[Insert name here] made it out of the ghetto and became a multimillionaire, that means that everyone in the ghetto is there by their own choice!" "[Insert name here] started in the mail room and worked his way up to CEO, therefore everyone can do it if they really want it bad enough!"
The reason why that is notable is because of the extremely long odds they beat to get where they ended up. For every person that made that climb from entry level to CEO, there are 99,999 that never made it beyond entry level, not because they were necessarily any less qualified or driven, but because they just weren't in the right place at the right time. You think the best man for the job gets promoted in today's business world? LOL
For every person that is able to make it out of the ghetto and become successful, there are thousands more that try just as hard and don't make it. Once social services get severely curtailed, if not axed entirely, due to this carefully engineered economic crisis, even fewer people will be able to make it. Are they all lazy? I mean, it certainly sounds like that's what you're saying, 85% of people are lazy. Couldn't it be that they're trapped in a dead end job because they lack the resources required to go out and get a better one? That's even ignoring the health care aspect, you know, the people that are stuck in a shitty job because they need health insurance for their sick spouse or child, insurance they will lose when they change employers. What should they do? Throw caution to the wind and bet on "making it?" Those with money can afford to take risks, hell, we just got done handing trillions of dollars to banks to cover the losses of their speculation. Those working at Walmart can not, and even if they could, you think a bailout is waiting for them?
If you're unable to see how much of this game relies on luck then you're either blind or willfully ignorant.
Re:moron. (Score:4, Insightful)
Excuses are like butt holes. Everybody has them. "Oh my... I can't do X because of rich/capitalism/white man" BS. My next door neighbor is a single mother working two jobs and going to school to become a RN. She doesn't think working as a waitress it a good long term career option, so she is making the required changes in her life. Capitalism is all about how much you are willing to put into life. Period. Stop blaming society on your problems and do something about it. The USA is the great country it is, because of the entrepreneur spirit.
That's a delightful story up to the point where something outside her control goes wrong. Let her get sick and see how well that dream plays out. What sort of medical benefits package does a waitress going to nursing school have? All it takes is one such event and the "American Dream" can easily fall to pieces because the societal safety nets aren't sufficient to cover the sorts of problems that the majority of Americans run into. I truly wish that capitalism was all about how hard one is willing to work, but I'm not naive enough to think that's the case in reality.
Oh, and I wish your neighbor all the best, but considering that I know several nurses who have no trouble getting jobs but couldn't get a nursing job sufficient to pay for their student loans, I suspect her American Dream just might not have a happy ending, unless you count working two jobs (one of them as a nurse) to be success.
Virg
Re:What an over sensationalist title (Score:4, Interesting)
Why waste your time inventing conspiracy theories, when a very good reason to do this is obvious: Malware is a real problem, and this is a good measure to take against it.
No, this is a really, really BAD measure to take against it, just as locking down the Internet and requiring a national ID number to connect a device to it would be. With such a system you could lock up or even execute all the black hats and there would be no malware within a year, does that make it a GOOD solution because it's effective?
And yes I think that's a fair comparison, both ridiculously bad for the freedom of average citizens and the overall freedom of computing.
"Required for Windows 8 client" -- Microsoft (Score:4, Informative)
Then they get a device that doesn't require it. It's an OPTIONAL security addition
The article I read claimed that Microsoft might require this lockdown on all machines preloaded with Windows 8. The Network World article cites a Microsoft presentation with a slide stating that UEFI Secure Boot will be "Required for Windows 8 client".
Re: (Score:3)
No, even the summary states that it is only required if you want to get the Windows 8 logo on the product.
And what brand-name laptops not made by Apple will be sold without the Windows logo?
Sensationalist? I strongly disagree (Score:4, Insightful)
In my opinion neither the title nor the article are overly sensational as claimed by you. While it is technically true that the device vendor does the lock out, this is nothing more than a smoke grenade tampering with the truth.
The fact is that Microsoft will require the manufacturers to support this technology if they want to sell devices on which windows will run. Even more the fact is, that this means that they will have to include keys by Microsoft which will prevent the device from running unsigned code like Linux.
And while it is still a rumor it can probably be taken as a fact that disabling this feature (if made possible by the manufacturers) will likely cause Windows to not start because this is what malicious software would do as well and allowing this would circumvent the security improvement.
So cut the crap. Yes, it will be the device manufacturers who will effectively bring this restriction into life. But it will be Microsoft who forces them to do so.
Re: (Score:2)
Can you imagine having to change the uefi setup every time you switch OS?
Re: (Score:3)
Can you imagine having to change the uefi setup every time you switch OS?
Yes, this inconvenience would be a good reason never to switch back to Windows... but do you really believe they will actually give you the option of switching this off?
Re:Sensationalist? I strongly disagree (Score:5, Insightful)
I'll be in the market for a new laptop soon, and I've already decided to use a thin Linux server install with a VMware installation, and just run any desktop, Microsoft, or "other" OS as a VM. That way I'm not having to screw with dual booting. Yes, I will have a bit of constant system overhead, but I'll have some serious flexibility and system security. This is the same strategy used on servers, yes?
Re:Sensationalist? I strongly disagree (Score:4, Interesting)
On the other side.. The SAME complaint was made 6 months ago (or is it a year now) about google's ChromeOS for notebooks doing the same exact thing..
Re: (Score:3)
So how did it go in practice? Can you install Linux on a Chromebook?
Re: (Score:3)
Not an issue.
It doesn't lock it to windows 8.
It locks it to people who have the proper key to sign their executables.
As only microsoft and the hardware maker will have this, microsoft can easily sign windows 9 so it will boot on this system.
Re:Sensationalist? I strongly disagree (Score:4, Interesting)
This really doesn't require Microsoft to force it, it will happen anyway.
I have an HP machine of a certain age with a chip with perfectly good VM extensions that are locked out by the BIOS. They can't be enabled. Sony also did this on 'consumer' machines.
There's no good reason to lock it out. It saves them implementing one option in the BIOS setup and that's it. Frankly, there's no obvious reason why you would disable it at all, but hey.
So, Microsoft aside - and their decision, aside from possible and so-far unfounded concerns, is a technically sensible one - we will still see machines that are incapable of booting 3rd party OSes, and the support lines will simply say they're unsupported.
(Better still, this will encourage people to crack MS's install key. Criminals will want to anyway, but it's much more likely to happen i the wider hacking community puts its might behind it.)
Re: (Score:3)
Maybe I'm naive, but if I were a BIOS manufacturer, I would just have an option to "disable trusted boot" or "enable installation of new operating system" both with appropriate warnings about malware and lack of support. ...
Or, even better, provide have the BIOS provide a UI for key management. This way, before installing an OS, you need to go into the BIOS, install the new OS's bootloader key, and then fire it up. Ideally, this functionality should only be available from the ROM setup program before an OS is loaded, to make it more difficult (hopefully impossible) for malware to install its own keys programatically.
Re: (Score:2)
Oh right, this is slashdot
Get off my lawn!
Re:What an over sensationalist title (Score:5, Insightful)
If you don't get the key when buying your computer, complain to your manufacturer. It's their fault. I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway, you're just throwing away money.
What about those people who buy Windows now, because they don't know any better, but then learn about Linux, and want to install it on their then old computer several years from now? This is not only a plausible scenario for installing Linux on a computer which had Windows initially, but it is also a scenario where complaining to the manufacturer won't help: he may no longer be in business by them, or not longer have the keys for obsolete machines.
O, and another reason to buy a computer with Windows if you're going to install Linux anyways: maybe Microsoft is still so good at bribing most manufacturers that it is difficult to find computers of the desired spec without Windows.
What's a boot time rootkit? (Score:4, Interesting)
Re: (Score:2)
Re:What an over sensationalist title (Score:5, Insightful)
I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway,
Even if we ignore the new Linux installs, how about re-purposing an old PC, second hand PCs, corporate computers that are sold off for cheap, huge blocker for people wanting to migrate/test Linux and so on. Laptops pretty much all come with the OS preinstalled and the desktop market is dominated by OEMs. The volume of "virgin" hardware that's never been touched by Windows is just a few percent of the market (excluding Macs, but Apple might decide to do the same).
Re: (Score:3)
Most workstations are bought with an OS pre-installed simply because it is legislated.
What legislation would that be, then?
Re:What an over sensationalist title (Score:4, Interesting)
The net effect is that you cannot buy a Dell PC without Windows. If you could, this would be Dell's admission that they were breaching Australian Trade Practices. Not sure who is more evil in this scenario, Aus govt or Dell... shall leave it to you to decide.
Re: (Score:2)
Some devices just cannot be bought without MS Windows installed on them. I could not source a new laptop without it, for instance.
Re: (Score:2)
Purely architecturally, the cryptographic mechanisms are vendor-agnostic. They could as easily be used to enforce the tyrannical rise of a BeOS monoculture! Except, of course, that there is zero likelihood of that ever happening....
In practice, it can reasonably be expected that OEMs will adopt th
Re:What an over sensationalist title (Score:5, Insightful)
I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway, you're just throwing away money.
Maybe because many manufacturers actually sell PCs with Windows installed for less than they sell PCs with Linux (or no OS).
Re: (Score:3)
There are two reasons for that. One is that hardware compatible with Linux might cost more. Case in point: In the dial-up era, winmodems were cheaper than modems with the full controller and DSP onboard. This was because they were glorified sound cards, and all the modem work was done by a driver specific to one operating system. A PC with a full hardware modem would cost more than a PC with a winmodem. Winmodem makers released a few drivers for specific Linux kernels, but there wasn't enough demand to get
Re: (Score:3)
Ok, so I was starting to write a rant disagreeing with you and pointing out some links so where I've seen Dell offer a Linux machine for cheaper...then I proved myself wrong. They give you the choice of two computers with lame specs for maybe 50 bucks cheaper than their Windows counterpart. WTF.
Sigh, fanboy much (Score:3)
MS is thinking of REQUERING any device maker that wants to use the windows logo on their product to secure the boot process so no other system can interfere with it, it is MS making these demands, not the device makers. No device maker cares about what you do with their product but MS cares about people installing another OS on hardware.
And if you think everyone who runs their own software can afford to buy a key from a registar, you are just a dumb fuck Windows user trading security for freedom.
Re:What an over sensationalist title (Score:5, Informative)
Re:What an over sensationalist title (Score:5, Insightful)
Because if you RTFA
RTFA, indeed:
there's nothing in there about "all manufacturers". it's a logo requirement, nothing more. windows 8 will run fine on my homebrew PC and i'll still be able to dual-boot debian.
Re: (Score:3)
The solution, if Microsoft wants to be the non-Evil (if not actually "good") guys, would be to require UEFI secure boot AND require that the key be furnished to end users for logo compliance. If they're worried about social engineering, they can put it someplace where it won't stop anyone who's likely to care about Linux, but be a substantial barrier to clueless end users who'd be a danger to themselves and others if they had it. Say, a sticker on the motherboard (or, for laptops and factory-built PCs, unde
Re: (Score:2)
As for whether he actually is, a lot of us dislike the groupthink here and will typically only post when we feel that the initial post is rather too slanted. This will typically make some people come across as pro-MS because a lot of their posts simply disagree with those who are strongly anti-MS
Re:What an over sensationalist title (Score:4, Insightful)
Its amusing to see that a preference for Linux is fine, you can make any comment you like and no one bats an eyelid - but a preference for Microsoft is absolutely verboten, there is no one who could have a positive preference for Microsoft without them having to be paid by Microsoft for their efforts.
Caveat Emptor (Score:2, Informative)
Re: (Score:2)
Buyer Beware.
Seriously we moved passed "Caveat Emptor" centuries ago. Hence rulings on product safety, reasonable quality, being as described and not facilitating uncompetitive practices.
Re: (Score:3)
in essence, your life is rented to you at birth. Fail a payment and your body is repoed and used for medical spare parts...
Re:Caveat Emptor (Score:5, Insightful)
Re: (Score:3)
Yes, you'll have the choice to stay in the technological stone age.
Actually, the way I see it, if you build your own, you will certainly have a choice; how can someone selling you a motherboard not give you the "key" to install whatever OS you want?
It's companies like DELL I would be worried about - I'm sure they'd be happy as clams to lock you into the OS they put on the computer when they sold it to you.
In the words of the Farnsworths:
Prof. Farnsworth: Oh God! I clicked without reading!
Cubert: And I sli
(*_*) (Score:2)
I'm sure that's really going to stop linux nerds from doing what they do... which is installing linux on anything and everything.
This will be cured by a boot disk, ala iBoot.
Re:(*_*) (Score:5, Informative)
Trusted Boot prevents the use of alternative boot disks. It is controlled from chips soldered onto the motherboard and PKI keys.
No key, no boot. Replacing drives or using external drives does not help. There is no "BIOS Reset" option and you can't short jumpers to clear it.
Google uses it on the CR-48 Chromebooks, but also includes a little switch under the battery to turn it off. With it turned on, the system boots only Google-signed images and nothing else. Period.
Re:(*_*) (Score:5, Interesting)
it's not a bad idea in general as long as the owner of the device holds the key.
Re: (Score:2)
Chances are, if they "secured" hard disk boot in such a way, they made booting from removable media impossible as well...
Re: (Score:2)
But will it boot at all from removable disks?
Chances are, if they "secured" hard disk boot in such a way, they made booting from removable media impossible as well...
but will it blend - sorry I had to do that..
Re: (Score:3)
This would be illegal in the EU (Score:3, Insightful)
Because it is anti-competitive. Unless the device manufacturers want their PCs and mainboards to be barred from being sold in the EU, they better find a way to make Linux installation possible.
Re:This would be illegal in the EU (Score:4, Insightful)
Are iPads legal in the EU?
Re:This would be illegal in the EU (Score:5, Interesting)
Are iPads legal in the EU?
If you think they should be, make your case to the EU. You never know. The existing rulings against Microsoft were made because companies complained. The way Apple is going, with a chance of achieving a monopoly in the tablet market, I suspect they'll cross swords with the EU at some point.
However, the issue here is not whether Microsoft should be able to market their own-brand locked down tablet - its the hypothetical idea that MS could use its leverage with OEMs (i.e. the cost of MS software licenses, and other incentive schemes) to encourage them all to lock out non-MS operating systems. Hypothetical, but a plausible extrapolation from their past practices...
But do not fret, you can still install whatever OS you like on an Apple Mac.
Re: (Score:3)
That distinction seems scarily thin.
If Microsoft demands it, I imagine PC's could quickly go from "general purpose" to "entertainment device".
Re: (Score:3)
And the IBM PC was largely successful because it was a general purpose and relatively open device...
There were plenty of less open but otherwise superior hardware designs around at the time, and yet they largely failed... Apple is the only one thats still around, they nearly died and are still a small player in the market.
The iPad is not Turing complete (Score:4, Insightful)
Re: (Score:3, Insightful)
Re: (Score:3)
DejaVu (Score:4, Informative)
From one [lwn.net] of TFAs
This reminds me of the way keys are used to protect DVDs and we all remember what happened.
This is news? (Score:3)
Ten years ago, "Trusted Computing", or whatever it was, was sort of news. And it was not unexpected back then either.
But PKI isn't going to be enough, really. They're going to have to find some people to make examples of and sic the lawyers on 'em.
Of course, real security, in the form of a physical switch, is too simple, and too easy for the owner to, well, switch.
Wow the masses, cow the masses.
The RIAA saying they wanted something like this (Score:2)
I suspect there would be some sort of setting... (Score:3)
...to enable or disable this. If you buy a name brand machine, then yes, you might expect it to be locked down, so if that is the case, then the Linux crowd will simply stick to machines they build themselves, or have built for them that are not locked down. Simple solution really.
market penetration (Score:5, Interesting)
Stopping dual boot or changing the OS by users would stop the market penetration by Linux. Maybe the knowledgeable Linux crowd might build their own computers but this is beyond the capacity of probably 99% of computer users. Market penetration by a competing OS would be stopped cold which is what MS wants. They want to stop the downward slide of Windows. Yes, Linux has a very small share of the OS market, but what about some new and different OS that is developed in the future. This would stop them from even starting. It's not just about Linux.
Re:I suspect there would be some sort of setting.. (Score:5, Insightful)
I must say you are not getting the way of the future here. There won't be any machines you can build yourself. The best and newest mobos will not support anything but Windows. You've been outmaneuvered - they've been working on this for over ten years.
Just as you can't shut off GPS tracking on your phone, or the mic for that matter, you will not be able to bypass the switch on the mobo. Try to deactivate it, and the encrypted embedded software will prevent the board from booting, period.
And remember this: any encryption on that subsystem will enable Microsoft to invoke the Digital Millenium Copyright Act against anyone who "breaks" the encryption. You might have rights to mod the hardware, but you have *no* right to break the DMCA and decrypt the bootup blocking software. This is a trap sixteen years in the making. Welcome to the future we warned you about.
Only an annoyance (Score:2)
Ten years ago this might have been a viable threat to Linux. Today, however, Linux is worth too much money to too many people for this to be used to wipe it out. At worst, it will mean that cheap hardware will be locked down.
Re:Only an annoyance (Score:4, Informative)
Yes, cheap hardware will be locked down and your only options will be $5K-$10K workstations and servers.
That's exactly what they want: to push open computing outside the affordable range and outside the reach of most people. Thus they can keep people trapped in the Windows monopoly.
They're not *that* evil (Score:5, Informative)
Re: (Score:3)
LoB
The key comes from the MANUFACTURER, not MS (Score:5, Informative)
MS wants to take advantage of UEFI, which has obvious benefits. Chromebooks work the same way, but we don't read any heated /. articles about it because Google is charmed and MS is "evil".
It is up to the device manufacturers to figure out a way to let the end-user ultimately take control of their own PCs. They could do that Chromebooks style -- a hardware switch -- or by distributing the key in a secure manner, such as mailing it to the owner's registered home address. Consumers who care about this issue should look for this feature in whatever device they purchase. What's all the fuss?
Re:The key comes from the MANUFACTURER, not MS (Score:5, Interesting)
As for the best news of all; (Score:3)
Windows will be very hard to pirate properly now.
Why is this great news?
Because now people who can't pirate will switch to Linux instead! :D
White Box Makers (Score:4, Insightful)
I fail to see how this new tech will become a problem. The hardware makers want to sell hardware. Given their already thin margins, it would be stupid of them to agree to limit their boards to any one particular OS.
That said, maybe Dell might try that in the name of security, but that is an end-product seller decision. There will always OTHER makers. You can buy new motherboards from the likes of Intel and Asus, build your own systems.
IF this conspiracy theory did come true, the number of lawsuits and investigations into unfair business practices would drown a the targeted company into oblivion. I guess that is one benefit to be such a litigious country now.
Re: (Score:3)
I fail to see how this new tech will become a problem. The hardware makers want to sell hardware. Given their already thin margins, it would be stupid of them to agree to limit their boards to any one particular OS.
...of course, those thin margins make any sort of branding/incentive scheme (a better deal on software licenses, a kickback for qualifying for and displaying some sort of "Works with Gizmos" badge...) awfully attractive. Fortunately, our tech firms are ethical and law abiding and would never resort to [wikipedia.org] using such schemes [wikipedia.org] to obtain an anti-competetive advantage.
So that's all right then.
I have trouble seeing this work well. (Score:5, Insightful)
Pardon me as I ramble.
As a guy in the phone support trenches for a certain OEM, I just have trouble seeing this work well for everyone.
I see often enough that businesses will buy a brand new machine with Windows 7 pre-installed, then blow away the OS load to immediately try to install Windows XP.
I have a hard enough time trying to teach these people that they NEED to include the Intel RST driver bundle in their image so that they stop getting STOP: 0x7B on their attempt to install or boot.
I have a hard enough time trying to teach these people that they need to make sure their image is aligned on the new Advanced Format hard drives that are going in some of the smaller form factor machines (usually it's a 2.5" drive), since they want to install XP on the damn thing, then complain a week later that the machine is very slow and almost unusable.
I don't speak to customers too often that aren't running some flavor of Windows, but the few I do run into seem happy when they get someone who understands the issue they've got, and will help them despite this OEM's general policy of not assisting with an OS that the OEM did not ship. These calls are usually large corporations that run Red Hat or SUSE or something else in their corporate environment, and prefer to pay for hardware support from the OEM I work for, just so they can have coverage for all of their users in nearly any country they visit.
Keeping that last bit in mind: An OEM that implements a lockout 'feature' that prevents an operating system other than Windows 8 from being installed had better have a backup plan that keeps businesses happy, or else they've just committed suicide. It's business sales, more so than consumer sales that keep OEMs going, because businesses buy big damn contracts. Piss off the big damn contracts, and you piss off your paycheck.
help me... (Score:4, Interesting)
Re: (Score:3)
It's a chain of trust.
A unrewriteable loader checks the UEFI image, confirms it is unmodified. Starts UEFI.
UEFI checks the bootloader, confirms it is unmodified. Starts the bootloader.
Bootloader checks the kernel and system files, confirms they are unmodified. Starts the kernel.
Kernel boot process confirms an integrity checker is unmodified, which then scans the entire OS to ensure the state of the system and all drivers.
If at any point it fails, it either attempts recovery (overwriting files with a failed
There are two issues regarding your question (Score:3)
Issue 1:
The OS can be subverted by a rootkit:
The system is designed such that it is not possible to change the core of the OS, except by patches from the OS vendor. This could be used to pull off other dirty tricks, for example to install DRM that makes it impossible to output music in decent quality, unless the music player identifies itself with a key. One could imagine that this could also interfere with your ability to record your own music, e.g. a birthday song.
Issue 2:
Assume the OS core somehow IS sub
Stop the Madness and Sit-in (Score:3)
This is getting ridiculous. First the game consoles are locked down, then the phones, then the tablets and not they are ready to lock down the PCs too. How long did it take open source (Linux) to make headway? It never would have happened if this was in place.
I say, if this goes down, then a big "open sit-in" at Redmond is in order. It would be great, like a OSS conference/protest all wrapped into one. And it would send a a nice message to the rest of industry too!
Re: (Score:3)
/.'ers are so ambiguous. uhhh..Windows is so unsecure it's pathetic..ohh man..they are trying to secure my device, who do they think they are?
I don't think "ambiguous" is the word you were looking for.
If you're accusing folks of hypocrisy, you have to be specific about who you're addressing. It's not "Slashdotters", it's not "Linux users" - both are groups so large that they include a wide range of opinions on any given subject. These opinions you cite are held by specific individuals in each group. Subsets of one group may not agree with each other on every issue. If you lump them all together, it looks like hypocrisy, but that's just becaus
Simple solution (Score:3)
Dont buy any computer with a Windows 8 logo.
Its not just linux that is blocked its also unsigned versions of windows.
Who makes all the generic motherboards we use?...China.
Who pirates software more than anyone else?...China
Do you honestly think the Chinese mobo makers are gonna make motherboards that wont run windows 7 (or pirated Windows 8)
No microsoft cant block their import... "No sir, these motherboards are made for running linux...not pirated windows!!!"
remember this term "Substantial non-infringing uses"
Virtualbox? (Score:3, Funny)
Richard Stallman was right again (Score:3)
Seriously, every time he opens his mouth he sounds like a conspiracy nut but he is so fucking on the ball that almost everything he says eventually comes true. His 1997 article The Right to Read [gnu.org] may have seemed ridiculous fourteen years ago, but reading it now it seems masterfully prophetic:
Re: (Score:2)
Maybe future versions will come from the app store, like with macos.
Re: (Score:3)
As long as the upgrade is signed, why would that be a problem? This is like tivoization for PCs, they can upgrade but nobody else can modify it.
Re: (Score:3)
Outside of a few embedded applications, I'd assume that the latter would be the one that sees more general-purpose-computer use. OSes get patched and updated all the time; but so long as the vendor signs the update the way they signed version n-1, everything will just work...
Re: (Score:3, Funny)
Windows 8 logo devices will be required to use the secure boot portion of the new spec.
Totally not Microsoft's fault!
I'm sure Microsoft will encourage handing out these keys. No way they'd try to hinder distribution of these keys. After all, Microsoft are the good guys and would never do anything bad to hinder competition and increase their market share. Nossir, not Microsoft. They are saints!
Re: (Score:3, Insightful)
Re: (Score:3)
But is it a case of explicitly locking you out, or a case of linux simply not having support for the hardware yet?