Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Microsoft Red Hat Software Windows Linux Hardware

Red Hat Will Pay Microsoft To Get Past UEFI Restrictions 809

ToriaUru writes "Fedora is going to pay Microsoft to let them distribute a PC operating system. Microsoft is about to move from effectively owning the PC hardware platform to literally owning it. Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux. Technically Fedora didn't have to go down this path. But, as this article explains, they are between a rock and a hard place: if they didn't pay Microsoft to let them onto the PC platform, they would have to explain to their potential users how to mess with firmware settings just to install the OS. How long before circumventing the secure boot mechanism is considered a DMCA violation and a felony?" Note that the author says this is likely, but that the entire plan is not yet "set in stone."
This discussion has been archived. No new comments can be posted.

Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

Comments Filter:
  • by nurb432 ( 527695 ) on Thursday May 31, 2012 @03:09PM (#40170853) Homepage Journal

    How can this be legal and not an abuse of their monopoly power?

    Aside from the fact you can turn it off ( for now ) it still sounds like a clear case of abuse to me and someone should be talking to an attorney about this.

  • by eagee ( 1308589 ) on Thursday May 31, 2012 @03:09PM (#40170857)
    ...is about the only thing that might turn me into an Apple user.
  • Re:That's it... (Score:3, Insightful)

    by vux984 ( 928602 ) on Thursday May 31, 2012 @03:11PM (#40170895)

    RTFA. Then comment.

  • by EmagGeek ( 574360 ) <(gterich) (at) (aol.com)> on Thursday May 31, 2012 @03:11PM (#40170899) Journal

    ... how the FUCK this passes the slightest hint of anti-trust scrutiny?

  • by WrongSizeGlass ( 838941 ) on Thursday May 31, 2012 @03:11PM (#40170907)

    I don't understand how Microsoft is as fault here. Isn't it the hardware manufacturers that are locking out everyone but Microsoft? Shouldn't the hw people be the ones to make the platform open?

    You have to do it MS's way or they won't let you sell hardware with Windows on it. MS controls the certificates used in the secure UEFI boot process. You either do it MS's way or you do it your own way ... without any MS products to pre-install.

  • by shentino ( 1139071 ) <shentino@gmail.com> on Thursday May 31, 2012 @03:11PM (#40170915)

    MS is probably strongarming them.

  • Re:That's it... (Score:0, Insightful)

    by Anonymous Coward on Thursday May 31, 2012 @03:13PM (#40170929)

    How does this make you mad at RHEL/Fedora and not Microsoft? Admittedly, Red Hat is negotiating with terrorists here, and that may not be the best option for the ecosystem, but I can see how they would choose that path given that their business--one that helps the linux ecosystem tremendously--is in risk.

  • by Anonymous Coward on Thursday May 31, 2012 @03:15PM (#40170947)

    Yeah, if this isn't "monopolistic action in restraint of trade" I'm not sure what is. MS is probably greedy enough to try something like this, but I don't think they're stupid enough to think they can get away with it.

  • Re:That's it... (Score:5, Insightful)

    by WrongSizeGlass ( 838941 ) on Thursday May 31, 2012 @03:16PM (#40170973)
    Red Hat is willing to pay to be licensed to be able to run on the new hardware. They are going out of their way so you can run Fedora on the new hardware. And you want to ditch them because of it? Remind me never to buy you a beer.
  • Re:That's it... (Score:5, Insightful)

    by MickyTheIdiot ( 1032226 ) on Thursday May 31, 2012 @03:19PM (#40171015) Homepage Journal

    Microsoft doesn't have the right to "license" hard ware. It's not their hardware, it's not even their design.

    This is Microsoft forcing vendors in the corner with their O.S. once again. This is non-competitive behavior once again.

    If they have such a great O.S. there is no need for locking out others. It's weak and it's sick.

  • by ZeroSumHappiness ( 1710320 ) on Thursday May 31, 2012 @03:22PM (#40171055)

    I particularly like how the UEFI signing format only allows one key to sign it and that signature being (apparently) on the hardware. Yeah, this isn't a clear way of entrenching a monopolistic interest at all. I mean, I understand why someone would want secured, signed hardware all the way up the stack (assuming, of course that no one breaks the scheme), but it's entirely obvious how this makes it harder for the little man to get ahead in the game.

  • by Penguinisto ( 415985 ) on Thursday May 31, 2012 @03:24PM (#40171093) Journal

    I'm just wondering why Fedora doesn't include a small boot ISO that starts up, presents a simple menu, and takes the pain of unlocking the UEFI chip out of the equation.

    I agree perfectly that they shouldn't have to do that, but the tech is certainly there, and most folks are sufficiently apt enough to do it (see also jailbreaking phones, etc).

  • Re:Lawsuit (Score:3, Insightful)

    by Anonymous Coward on Thursday May 31, 2012 @03:25PM (#40171115)

    EU will have a field day with this in court. MS, of course, will be the ones having a bad day in court.

  • by WrongSizeGlass ( 838941 ) on Thursday May 31, 2012 @03:26PM (#40171127)

    Good thing Microsoft's way includes a required option in the UEFI setup to turn off secure boot. This whole story is horribly misleading.

    So they must turn off secure booting in order to run another operating system. The DMCA implications aside, I'm not sure which is worse for the consumer: a 'secure boot' of Windows or a 'non-secure' boot of any other operating system?

  • by Anonymous Coward on Thursday May 31, 2012 @03:30PM (#40171197)

    Why can't I just be in control of my own damn property without being at the mercy of manufacturers?

  • No more dane-geld! (Score:1, Insightful)

    by gman003 ( 1693318 ) on Thursday May 31, 2012 @03:31PM (#40171225)

    Well, time to check Red Hat off my list of distros. Any company willing to pay essentially blackmail money does not deserve my business.

    For those mystified by the comment subject [poetryloverspage.com]

  • by IamTheRealMike ( 537420 ) on Thursday May 31, 2012 @03:34PM (#40171259)

    Because charging Red Hat, a billion dollar company, $99 for access to signing services is not "monopoly abuse"? The author of TFA already pointed out that nothing stops somebody from providing the same services to the Linux community, but it's difficult and expensive and they can't be bothered, so it's easier to pay Microsoft to do it for them. As can anyone else.

    Secure boots and trusted computing are fundamentally a good idea. Having OEMs provide a set of root keys to control what boots is a good idea. The problem is the creator of BobLinux who wants to have thousands of random users install his random kernel is indistinguishable technically from the creator of some boot sector malware who wants to have thousands of users permanently rooted. It becomes distinguishable once you have people who check out what the software is and signs it, which is the service Microsoft are providing - for very little, actually. As I said, apparently others don't feel like offering similar services when it's expensive to do and Microsoft are offering to do it cheaply. But they could.

  • by firewrought ( 36952 ) on Thursday May 31, 2012 @03:36PM (#40171313)

    Good thing Microsoft's way includes a required option in the UEFI setup to turn off secure boot. This whole story is horribly misleading.

    G'uhgh.... once again geeks confusing a technical capability with a real-world practicality. Turning off secure boot sounds bad and raises the barrier to entry for non-Microsoft OS'es. It also complicates the newbie install experience, which is something that Ubuntu, Debian, and many others have worked for years to simplify. And now they are using their monopoly position to extort tribute from a competitor.

  • by sjames ( 1099 ) on Thursday May 31, 2012 @03:37PM (#40171323) Homepage Journal

    Any proper system would have the end user hold the root key for the system and they could choose (or not) to bless certs from various vendors (or just directly sign the bootloader). Of course, MS doesn't want a proper system, they want lock-in.

  • by Anonymous Coward on Thursday May 31, 2012 @03:40PM (#40171373)

    A whole $99 one time. Ain't that a bitch.

  • by samkass ( 174571 ) on Thursday May 31, 2012 @03:42PM (#40171401) Homepage Journal

    This has nothing to do with PCs. Nothing. Not one thing.
    This is all in reference to UEFI on ARM tablets that Microsoft has partnered up with OEMs to produce to their specs SPECIFICALLY FOR: Windows 8.

    Nothing has changed here, nearly all ARM systems are locked down today by OEMs.
    Do any of you expect Microsoft to produce one that isn't (zune: locked down xbox: locked down)?

    You are completely wrong-- what you say is the opposite of true.

    This is referring to x86, not ARM. Fedora is not going to play Microsoft's game on ARM where Microsoft has little influence. But they are going to pay Microsoft a fee to get their bootloader signed for the x86 platform so they can run in the Windows8 world.

  • by ZeroSumHappiness ( 1710320 ) on Thursday May 31, 2012 @03:42PM (#40171409)

    Uhm, this is exactly monopoly abuse.

    Industry: We should support code signing to ensure a trusted compute path.
    Microsoft: I agree. Let's use this scheme that makes it impossible for drivers to be signed with multiple keys simultaneously. And if you want to work on Windows (the most popular OS out there) you need to use Microsoft keys, so we have to sign it. And this all has to be turned on by default.
    The Rest: Wait, wouldn't that make it really hard for anyone else to get a large amount of buy-in resulting in installation of a non-Microsoft OS very difficult?
    Microsoft: *Trollface*

  • Re:"Literally" (Score:5, Insightful)

    by Tanktalus ( 794810 ) on Thursday May 31, 2012 @03:43PM (#40171421) Journal


    How is "controlling a system and getting money in exchange for licenses" not literally owning?

    Up to now, their figurative owning is an "effective" ownership, as in "there are effectively no competitors in this space." However, should you know what you're doing, you could get something else with little effort. With this change, they are actually getting paid for compettitors to be allowed into their space. That is de facto, or literal, ownership.

  • by 0123456 ( 636235 ) on Thursday May 31, 2012 @03:48PM (#40171501)

    If Dell wants Windows Certification it better not do this. Per the Windows Certification Requirements [microsoft.com], page 122:

    Of course for Windows 9, blocking non-Windows operating systems will become mandatory on all devices.

    You don't get the 'slippery slope' thing, do you? Or are you one of those 'slippery slopes don't exist' bozos?

  • by jedidiah ( 1196 ) on Thursday May 31, 2012 @03:59PM (#40171691) Homepage

    > Overwhelmingly, if you wanted to look like you knew why-the-fuck you ought to be on stage, in front of 8,000 people, you went Mac.

    Translation: If you want to look like you've got money to burn, then you show off overpriced Apple products.

    The "BMW" comparison is very apt really, including the crap quality.

    Seeing is decieving...

  • by Anonymous Coward on Thursday May 31, 2012 @04:01PM (#40171715)

    Interesting then that Microsoft provide a way for others to sign their software... which is what Fedora is doing.

    Exactly - by paying Microsoft for that right. Isn't that what this whole thread has been about?

  • by SETIGuy ( 33768 ) on Thursday May 31, 2012 @04:05PM (#40171779) Homepage
    Yes, if you pay enough you can get a key. Microsoft is following in Apple's evil footstep by requiring developer registration and, I assume software distribution only through valid Microsoft channels. Do you like any software that you didn't pay for? Well, you'd better find a substitute. Microsoft is tired of FOSS and legacy software cutting into their profits.
  • Re:$99 (Score:5, Insightful)

    by DigitAl56K ( 805623 ) on Thursday May 31, 2012 @04:06PM (#40171799)

    Or you could... you know, turn on custom mode so that you can run any OS you like.

    Or you could, you know, not allow the monopoly PC OS vendor to control the keys that allow the system to boot competing OS's.

    Regardless of whether or not you _can_ turn off the secure boot, when you consider what the _majority_ of end users feel comfortable and competent in doing, what kind of barrier to entry does this raise? Would your parents know how to tweak this setting on their own, or feel comfortable doing so? I for one would not even bother attempting to ask my parents, or even some of my siblings, to go and change such an option.

    Are the instructions to change this setting even consistent across hardware so that they can be easily published by alternative OS vendors?

    RedHat should not have to pay a dime to MS for this IMO, and neither should anyone else. Why couldn't MS have made an option to turn on secure boot by user prompt when they first start their new computers, and require some method provided as standard in the BIOS that allows turning it on only?

  • by Sir_Sri ( 199544 ) on Thursday May 31, 2012 @04:10PM (#40171863)

    Um.... that's as it should be.

    If you're running something at the OS level unintentionally that can be really fucking bad for your computer can't it? If you want to install linux this isn't a particularly difficult problem to solve.

    The vast vast vast vast majority of users have no idea what the hell is going on on their computers. But they're on the network with the rest of us. Should we take away anti lock brakes because professional drivers can use regular brakes better than anti lock brakes? I think not. There is a way to circumvent UEFI if you definitely know you want to. If you don't know you want to, you don't want to, and should be protected from some malicious application doing it for you.

    The vast majority of consumers aren't going to run, or want to run anything on this particular computer they are buying other than windows. I know that's not a popular concept around here, but it's reality. Making it easier for them to be more secure significantly trumps the relatively minor inconvenience suffered by people who know stuff about computers having to use that knowledge and their ability to read.

  • by SETIGuy ( 33768 ) on Thursday May 31, 2012 @04:13PM (#40171921) Homepage
    I assume that like it will be an annual fee with a sliding scale based upon net worth and how much Microsoft likes you. Plus a per unit charge. And your software will need to be distributed through Microsoft's distribution channels which won't be built for OS installation.
  • by Tough Love ( 215404 ) on Thursday May 31, 2012 @04:17PM (#40171991)

    Not really. Apple machines are a PITA with weird hardware for Linux users too. All it means is Linux users will go back to building their own PCs. Box shifters will simply do a parallel line for server sales.

    You're right, this boneheaded move by Microsoft is the best help they could possibly give for Linux on the desktop. Of course, that just not let Microsoft off the hook for antitrust violations, specifically abusing its market power. I can smell a new EU action on the the way, at the very least.

  • by scharkalvin ( 72228 ) on Thursday May 31, 2012 @04:38PM (#40172303) Homepage

    Actually (if you read the article) M$ does not get any of that $99. The fee goes to Verisoft. Microsoft is acting as the gatekeeper for the signup process.

    Now I will be VERY pissed if I buy a new motherboard to build my own computer and it won't boot Linux unless I have to buy a key for $99. In such a case I would return the MB as being defective. I hope Asus and other MB makers will give me a choice of bios options when I buy a new MB.

  • by vux984 ( 928602 ) on Thursday May 31, 2012 @04:39PM (#40172311)

    I am pretty sure that if a hardware manufacturer like Dell locks out Linux operating systems

    That is not the case AT all.

    Its REALLY simple; linux is not being locked out of desktops.
    x86 hardware shipping with win8 pre installed needs to have:
    a) secure boot functionality
    b) windows 8 boot signing keys
    c) secure boot functionality turned on
    d) and it must be possible to disable secure boot
    e) and it must be possible to load additional boot signing keys

    So, linux users buying dell pcs (x86) will be able to exercise option d) and disable secure boot.

    They can also exercise option e) and install a linux signing key, and leave secure boot enabled.

    Linux users are NOT locked out at all.

    However, if I want to try Linux for the first time, I'd like stick in a live CD and boot it... I might be intimidated by having to go into bios first to disable secure boot. I'm very likely to be intimidated by having to install a signing key into bios first.

    Redhat wants linux to "just work" without the user having to jump through those hoops so the ideal option would be to coordinate with all the oem manufacturers to get a "redhat" or at least "linux" signing key into the bios, so that the linux bootloaders can be signed against that. (The OEMs were fine with this, even enthusiastic... but the cost to do this is extremely high, and there would still likely be several cases where the redhat key was missing, leaving us with an inconsistent and annoying situation.

    The other option was to just sign the bootloader with the microsoft key; microsoft is already working with all the OEMs, and already has all the infrastructure in place. Fedora decided to piggy-back on the microsoft key and pay to get the bootloader signed by microsoft.

    Is it ideal? No. But in terms of what it does for the users of linux? Its a great thing. Fedora will "just boot" in secure boot mode. Users don't have to disable secure boot to use linux, which is a good thing. Users don't HAVE to manually install a linux key into bios to use secure boot (although they still can if they prefer not to use the microsoft signed version).

    The x86 ecosystem remains truly open (in that users can manage boot signing keys themselves if they wish), and trying out linux is remains easy because it will boot with the default installed microsoft keys.

    Overall its a good compromise.

    Note that on arm tablets the situation is entirely different. option d and e are not available, and fedora isn't getting the software signed for that platform... if you buy a windows 8 arm device you'll have to crack it to put linux on it.

  • by Anonymous Coward on Thursday May 31, 2012 @05:00PM (#40172627)

    I'm an engineer. I use a MacBook. It works great - the only desktop Unix to date done right. Great quality hardware, too.

    By the way, does your bitterness cause you physical pain?

  • by sl4shd0rk ( 755837 ) on Thursday May 31, 2012 @05:19PM (#40172861)

    In the end, the easiest thing is to pay a one-time fee of $99 to MS and have them sign a mini-bootloader that can start up grub. That doesn't sound like such a big deal to me.

    Aaaaaand... this is precisely where the control of the keys lies. No, $99 is not a big deal for Redhat. Trusting M$ won't "Ooops, lol.. guess we borked your key sign just before you had that big competing product release. Gee, sorry. We'll get that fixed right away."

  • by IamTheRealMike ( 537420 ) on Thursday May 31, 2012 @05:38PM (#40173097)
    Did you even read TFA? The article explicitly states that a Red Hat or "Linux community" key would be allowed and OEMs were even enthusiastic about it (Microsoft not involved), but Red Hat didn't want one for themselves and the overheads involved with running a "Linux community" key and keeping it secure enough were too high. How did you get from that to "only their private key will be permitted by default"?
  • by cas2000 ( 148703 ) on Thursday May 31, 2012 @06:58PM (#40173963)

    Isn't it the Linux community that is always bitching about windows security? why aren't you cheering that they are doing something about it?

    because this does nothing to improve windows security. the purpose is to be a barrier to entry (installation) for non-microsoft operating systems. it doesn't have to be 100% effective, it just has to make it more difficult for non-experts to try out linux (or freebsd or whatever) or to use special-purpose linux-based boot CDs like clonezilla or gparted.

    Also, there's no guarantee at all that disabling will be "as simple as flipping a single setting in BIOS". on some machines, it might be. on others, it won't.

  • by Man On Pink Corner ( 1089867 ) on Thursday May 31, 2012 @07:45PM (#40174437)

    Congratulations, you are now a 'grown up'.


    All we're saying is that it was considered a Pretty Good Thing when the mainframe era was brought down by the PC. Now, people like you are standing around cheering while the monster reassembles itself.

    People older than you remember the way IBM dominated both the hardware and software sectors for many years. They held their customers hostage in every sense but the literal one. They used every technical and legal tool available to suppress third-party innovation. Eventually, people like Ross Perot, Jobs and Wozniak, and finally Bill Gates barged into the room and threw their proverbial hammers at the screen.

    Fast forward to 2012. Steve Ballmer is pulling underhanded, abusive shit that would have earned him a fistbump from T. J. Watson. The rebels who once sponsored the '1984' commercial are now working feverishly to put the pieces of the telescreen back together... only this time, they're using Gorilla Glass.

    Some of us are old enough to understand that this is not how things were supposed to go. If you're not so old or wise, that's fine... but by calling people who disagree with you "children," your post only shows your own lack of awareness and conscience.

Money is better than poverty, if only for financial reasons.