Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Microsoft Security Software Linux

How Microsoft Can Lock Linux Off Windows 8 PCs 899

Posted by Soulskill from the if-only-penguins-were-secure-enough dept.
Julie188 writes "Windows 8 PCs will use the next-generation booting specification known as Unified Extensible Firmware Interface (UEFI). In fact, Windows 8 logo devices will be required to use the secure boot portion of the new spec. Secure UEFI is intended to thwart rootkit infections by using PKI authentication before allowing executables or drivers to be loaded onto the device. Problem is, unless the device manufacturer gives a key to the device owner, it can also be used to keep the PC's owner from wiping out the current OS and installing another option, such as Linux."
This discussion has been archived. No new comments can be posted.

How Microsoft Can Lock Linux Off Windows 8 PCs More

How Microsoft Can Lock Linux Off Windows 8 PCs

Comments Filter:

  • Re:What an over sensationalist title (Score:4, Interesting)

    by GameboyRMH ( 1153867 ) <gameboyrmh&gmail,com> on Wednesday September 21, 2011 @08:38AM (#37466626) Journal

    Why waste your time inventing conspiracy theories, when a very good reason to do this is obvious: Malware is a real problem, and this is a good measure to take against it.

    No, this is a really, really BAD measure to take against it, just as locking down the Internet and requiring a national ID number to connect a device to it would be. With such a system you could lock up or even execute all the black hats and there would be no malware within a year, does that make it a GOOD solution because it's effective?

    And yes I think that's a fair comparison, both ridiculously bad for the freedom of average citizens and the overall freedom of computing.

  • Re:(*_*) (Score:5, Interesting)

    by Lehk228 ( 705449 ) on Wednesday September 21, 2011 @08:47AM (#37466718) Journal
    If trusted boot is used to deny people's right to hardware they lawfully purchased I expect to see attacks of both technical and legal natures succeeding against trusted boot.

    it's not a bad idea in general as long as the owner of the device holds the key.

  • Re:Sensationalist? I strongly disagree (Score:4, Interesting)

    by QuantumRiff ( 120817 ) on Wednesday September 21, 2011 @08:59AM (#37466846)

    On the other side.. The SAME complaint was made 6 months ago (or is it a year now) about google's ChromeOS for notebooks doing the same exact thing..

  • help me... (Score:4, Interesting)

    by Charliemopps ( 1157495 ) on Wednesday September 21, 2011 @09:08AM (#37466976)
    Help me understand... all this does is provide keys and such... does it actually prevent anything from happening? My understanding of the tech is that it simply provides keys that allow the OS to know that it was booted cleanly and from the secure environment and also allows it to tell if the devices it's connecting to are really the devices they say they are and not rogue DLLs. Even if this system is in place, what's to stop Linux (or any other OS) from booting on the device and just ignoring the keys? Does the system itself actually prevent startup?

  • Re:This would be illegal in the EU (Score:5, Interesting)

    by itsdapead ( 734413 ) on Wednesday September 21, 2011 @09:10AM (#37467020)

    Are iPads legal in the EU?

    If you think they should be, make your case to the EU. You never know. The existing rulings against Microsoft were made because companies complained. The way Apple is going, with a chance of achieving a monopoly in the tablet market, I suspect they'll cross swords with the EU at some point.

    However, the issue here is not whether Microsoft should be able to market their own-brand locked down tablet - its the hypothetical idea that MS could use its leverage with OEMs (i.e. the cost of MS software licenses, and other incentive schemes) to encourage them all to lock out non-MS operating systems. Hypothetical, but a plausible extrapolation from their past practices...

    But do not fret, you can still install whatever OS you like on an Apple Mac.

  • What's a boot time rootkit? (Score:4, Interesting)

    by tepples ( 727027 ) <tepples.gmail@com> on Wednesday September 21, 2011 @09:10AM (#37467022) Homepage Journal
    Can you give a precise definition of "boot time rootkit" that does not include a competing operating system, along with a way for a computer to distinguish between the two? If I boot Linux and then run Windows in VirtualBox, is that a "boot time rootkit"?

  • Re:Sensationalist? I strongly disagree (Score:4, Interesting)

    by Froggie ( 1154 ) on Wednesday September 21, 2011 @09:29AM (#37467348)

    This really doesn't require Microsoft to force it, it will happen anyway.

    I have an HP machine of a certain age with a chip with perfectly good VM extensions that are locked out by the BIOS. They can't be enabled. Sony also did this on 'consumer' machines.

    There's no good reason to lock it out. It saves them implementing one option in the BIOS setup and that's it. Frankly, there's no obvious reason why you would disable it at all, but hey.

    So, Microsoft aside - and their decision, aside from possible and so-far unfounded concerns, is a technically sensible one - we will still see machines that are incapable of booting 3rd party OSes, and the support lines will simply say they're unsupported.

    (Better still, this will encourage people to crack MS's install key. Criminals will want to anyway, but it's much more likely to happen i the wider hacking community puts its might behind it.)

  • Grub needs the keys to be public (Score:2, Interesting)

    by Anonymous Coward on Wednesday September 21, 2011 @09:33AM (#37467382)

    And that could be a problem. More info:
    http://www.itworld.com/it-managementstrategy/205255/windows-8-oem-specs-may-block-linux-booting?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+blogspot%2Fitworldvoices+%28Voices%29

  • Re:What an over sensationalist title (Score:4, Interesting)

    by Wolfling1 ( 1808594 ) on Wednesday September 21, 2011 @09:34AM (#37467404) Journal
    Australia has some interesting Trade Practices legislation that says it is illegal to bundle products together unless it is 'impossible to unbundle them'. This effectively means that Dell's policy of selling every workstation with a copy of Windows is illegal - unless it is impossible for Dell to sell a PC without Windows 7 - which (while untested in a court) is what Dell is saying.

    The net effect is that you cannot buy a Dell PC without Windows. If you could, this would be Dell's admission that they were breaching Australian Trade Practices. Not sure who is more evil in this scenario, Aus govt or Dell... shall leave it to you to decide.

  • Re:The key comes from the MANUFACTURER, not MS (Score:5, Interesting)

    by NJRoadfan ( 1254248 ) on Wednesday September 21, 2011 @10:27AM (#37468100)
    The real fun will begin when Microsoft decides to EOL your hardware by not releasing keys for newer versions of Windows, even if the machine has the specs to run it.

  • market penetration (Score:5, Interesting)

    by wfstanle ( 1188751 ) on Wednesday September 21, 2011 @10:36AM (#37468234)

    Stopping dual boot or changing the OS by users would stop the market penetration by Linux. Maybe the knowledgeable Linux crowd might build their own computers but this is beyond the capacity of probably 99% of computer users. Market penetration by a competing OS would be stopped cold which is what MS wants. They want to stop the downward slide of Windows. Yes, Linux has a very small share of the OS market, but what about some new and different OS that is developed in the future. This would stop them from even starting. It's not just about Linux.

Slashdot Top Deals

Always draw your curves, then plot your reading.

Close