Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Microsoft Red Hat Software Windows Linux Hardware

Red Hat Will Pay Microsoft To Get Past UEFI Restrictions 809

ToriaUru writes "Fedora is going to pay Microsoft to let them distribute a PC operating system. Microsoft is about to move from effectively owning the PC hardware platform to literally owning it. Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux. Technically Fedora didn't have to go down this path. But, as this article explains, they are between a rock and a hard place: if they didn't pay Microsoft to let them onto the PC platform, they would have to explain to their potential users how to mess with firmware settings just to install the OS. How long before circumventing the secure boot mechanism is considered a DMCA violation and a felony?" Note that the author says this is likely, but that the entire plan is not yet "set in stone."
This discussion has been archived. No new comments can be posted.

Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

Comments Filter:
  • by Jeremiah Cornelius ( 137 ) on Thursday May 31, 2012 @03:19PM (#40171023) Homepage Journal

    I was at 2 major industry tech conferences last month.

    In every keynote and all-hands session, Apple hardware was center and present. Nothing special was made of this - just every damn computer used to demo solutions or held by a GM, VP or C-Level was a MacBook. Desktops were non-existant. Every time an iPad could be used, it was. There were a couple of minor Android appearances - demonstrating multi-platform support, or what not.

    There were a few odds: The HP guys had their own gear, and the IBMers had Lenovos. Some brilliant man from SAP was sadly dragging a 'book of non-descript, perhaps Dell sourced, black plastic...

    Overwhelmingly, if you wanted to look like you knew why-the-fuck you ought to be on stage, in front of 8,000 people, you went Mac.

  • $99 (Score:5, Interesting)

    by Greger47 ( 516305 ) on Thursday May 31, 2012 @03:22PM (#40171061)

    What the sensationalist headline and summary forgot to mention is that RedHat is paying a whopping $99 to Microsoft.

    What is more worrisome and more headline worthy is that Microsoft has now become the de facto gatekeeper of your computer BIOS. Without their signature you operating system will not run.


  • by Penguinisto ( 415985 ) on Thursday May 31, 2012 @03:26PM (#40171135) Journal

    Maybe that's why Microsoft was so eager to drop in that 'no class action' thing into their EULA.

  • by WrongSizeGlass ( 838941 ) on Thursday May 31, 2012 @03:33PM (#40171237)
    I boot through EFI, which isn't this new fangled 'secure' UEFI ... and yes, it's secure enough. My comment was targeted at the marketing mindset that MS will be pushing to try to convince non-Windows users that without MS's blessing your OS is no longer 'secure'.
  • by Rich0 ( 548339 ) on Thursday May 31, 2012 @03:38PM (#40171351) Homepage

    Non-secure is the same as what we have now, but it isn't all that great.

    I'd love to be able to tell my computer to only boot an OS that I assign, so that I know that it can't get corrupted by viruses/etc. I could boot from a signed rescue disk if something goes wrong.

    The problem is that the standard won't give the consumer choice over which OSes are trusted. The choices will be MS, or no secure boot at all.

  • by haruchai ( 17472 ) on Thursday May 31, 2012 @04:04PM (#40171771)

    They probably have no real choice; if they locked out everyone else they would essentially be monopolizing the PC market and I don't think they want to go through that court circus again.

  • by Anonymous Coward on Thursday May 31, 2012 @04:08PM (#40171825)

    Maybe in a perfect world, but in the enterprise, Apple is an obstacle and something to have to work around, rather than work with:

    1: Can Apple get me product announcement roadmaps so I can time IT budgets to when models are released? Nope, Apple doesn't do that. IBM, HP, Oracle, and even Dell do, as long as you sign their NDA.

    2: Can Apple get me flexible hardware and software GPOs? Windows's main thing is that I can manage all the thousands of users from relatively few boxes. There are very few tools for this on Mac, and they are department level, not enterprise grade.

    3: Can I get TPM chips on the laptops to ensure protection of data? Nope. FileVault 2 is decent, but can be gotten around with a modified bootsector that would set aside the drive's encryption key. TPM chips stop that cold.

    4: Can I get Macs without cameras due to policies? Sure, if I want Mac Minis.

    5: Can Apple give me a 24/7/365 service time with a 4 hour tech on site? In the past yes, but with the death of the XServe, the best I can do is call and wait a day for a tech to wander out.

    Sorry, Apple isn't enterprise grade. They know this too -- they are making their living by being a "toymaker" and selling to the consumer. I'd love it Apple could get some inroads into the enterprise, but right now, they are not interested in that market.

  • by Jeremiah Cornelius ( 137 ) on Thursday May 31, 2012 @04:28PM (#40172163) Homepage Journal



    This is the CIO's only strategy to win. He's accountable for a desktop that needs to remain compatible with apps that he has no responsibility over. That's why XP is still there.

    BYOD moves IT out of the loop - and plays to new devices.

    I still remember: "Who will support these "PC computers" that departments are buying, behing the back of MIS?"

    And: "These LANs that you claim are so successful in a handful of special cases, will never scale to the needs of Corporate IT. "

  • by Microlith ( 54737 ) on Thursday May 31, 2012 @04:32PM (#40172217)

    Then you aren't the target market for the app store.

    And if you aren't the target market for the App Store, better hope Apple never pulls Gatekeeper out.

    The App store is for common joe six pack who frankly doesn't need to editing their apache config files in the first place.

    Deliberately crippling software so that its utility is limited in the name of "security," even if it hinders the end-user's ability to use it, is stupid as fuck.

    My guess is that in the future you'll need a Mac Developers account to access the core features of OSX if you want to do any customizations.

    I expect this too. And then we can mock anyone who suggests that OS X is an open platform.

  • by Microlith ( 54737 ) on Thursday May 31, 2012 @04:45PM (#40172399)

    The UEFI spec (which Microsoft has a HUGE hand in writing these days) explicitly denies the ability to automatically install keys. They could have made it possible to do so, say by requiring it happen from read-only media, but they didn't.

    It's left vague enough that it's virtually guaranteed to be an enormous pain in the ass to enable secure boot for any platform not explicitly blessed by Microsoft.

  • by abigor ( 540274 ) on Thursday May 31, 2012 @05:01PM (#40172653)

    I can say firsthand that Macs have made serious inroads at Cisco, not just for mgmt but for programmers as well.

  • by hairyfeet ( 841228 ) <bassbeast1968 AT gmail DOT com> on Thursday May 31, 2012 @05:12PM (#40172797) Journal

    I'm sorry but its FUD. The simple fact is all X86 machines are required to allow bypassing secure boot which is as simple as flipping a single setting in BIOS, that's it, that's all. No harder than telling a PC to choose CD as first boot (which one is gonna have to do to install an OS anyway) so this is just FUD. Are they SERIOUSLY saying Fedora users wouldn't have enough common sense to flip a single switch in UEFI? Really? because i find that pretty much impossible to believe. This IS Fedora we are talking about here, an OS so bleeding edge its CDs have stigmata and not the kind of thing Joe Dumbass would be trying for shits and giggles. They even admit in the very first paragraph that ALL X86 are required to allow the simple bypass of secure boot!

    So I'm sorry but FUD is FUD and this is FUD. there is no way in hell someone that is intelligent enough to 1.-Know what Fedora is, 2.-Knows how to download and burn an ISO will be 3.-Too stupid to push Del at boot and choose "Turn off Secure Boot" which is only being turned on by default because rootkits are still a serious problem. Isn't it the Linux community that is always bitching about windows security? why aren't you cheering that they are doing something about it?

    Surely to God the geeks here are seriously fucking dumb enough to believe that a person who would know what Linux is and download and burn an ISO would be too fucking retarded to flip a setting in UEFI, surely not. Hell if they are THAT fucking stupid how would they be expected to even run Linux? Especially a bleeding edge alpha distro like Fedora where being able to do forum lookups and Google their way past problems and do bug reports is the order of the day? There is simply no way in hell to have a user smart enough to do that but too retarded to flip a switch, no fucking way. Its FUD, pure and simple FUD.

  • by Man On Pink Corner ( 1089867 ) on Thursday May 31, 2012 @05:46PM (#40173171)

    So I'm sorry but FUD is FUD and this is FUD

    No, this is a classic slippery slope. In the UEFI version that supports Windows 9, only secure boot is supported. You can't turn it off, but you can still enter a key manually when installing an Untrusted Non-Microsoft OS (UNMOS). The key is 256 characters long, and looks like a ROT13-encoded Perl script.

    The version that supports Windows 10 also supports secure boot only, and still requires key entry. This time, though, UNMOSes are now called IOSes (Insecure Operating Systems.) They will run under a Microsoft-supplied hypervisor that includes mandatory hardware packet filtering.

    And wait'll you see the third-party OS support strategy for PCs approved for Windows 11, code-named "Overton." The plan for Overton is that third-party OSes called PDOSes, or Potentially Defective Operating Systems, can still be run, but not on your local hardware. They will run only on cloud-hosted secure platforms over VNC.

    All of this will happen because someone noticed that people will cheerfully bend over and accept restrictions in each generation that would not have been tolerated in the previous one. Evidence of this claim? Look at the history of Trusted Computing []. Starting with the innocent-sounding idea of TPMs with unique CPU ID stamps, which were fought heroically by users until the next season of American Idol came on and everybody kinda forgot about it, the people behind the curtain have gotten everything they wanted over time. All they had to do was demand a little more "compromise" than they could get at any one stage of development.

    In short, everything old is new again. We are all IBM customers now.

"An organization dries up if you don't challenge it with growth." -- Mark Shepherd, former President and CEO of Texas Instruments