UEFI Secure Boot and Linux: Where Things Stand 521
itwbennett writes "Assuming that Microsoft doesn't choose to implement Secure Boot in the ways that the Linux Foundation says would work with Linux, there 'will be no easy way to run Linux on Windows 8 PCs,' writes Steven Vaughan-Nichols. Instead, we're faced with three different, highly imperfect approaches: Approach #1: Create UEFI Secure Boot keys for your particular distribution, like Canonical is doing with Ubuntu. Approach #2: work with Microsoft's key signing service to create a Windows 8 system compatible UEFI secure boot key, like Red Hat is doing with Fedora."
itwbennet finishes with: "Approach #3: Use open hardware with open source software, an approach favored by ZaReason CEO Cathy Malmrose." When you can't even use a GPLv3 licensed bootloader to boot your system, you might have a problem. Why is everyone so quick to accept the corpse of TCPA in new clothes?
I care. (Score:2, Insightful)
There are a lot of people who care. Unfortunately there are not enough people making purchasing decisions based on that.
Aproach #4 (Score:5, Insightful)
Lawsuit?
Secure Boot won't catch on (Score:5, Insightful)
Approach #4: ignore UEFI Secure Boot. It's a blunt solution to an obscure problem. More importantly, it's such a huge pain in the ass, not just for Linux but for ALL system integrators, that anyone actually preventing the user from disabling Secure Boot will end up limiting their own marketability. Two things will happen:
1. It will be relegated to tiny niches where security trumps usability
2. It will be cracked
This is not an either/or. Both things will happen. This whole fiasco is nothing but a huge waste of time for everyone involved.
Re:Approach no. 4 - Do nothing (Score:5, Insightful)
More than XP, I am thinking different flavours of Windows 8. System admins need to wipe off the OEM stuff and install their Enterprise License stuff on new kit. That could be a different flavour of 8 or earlier versions of the OS as well. If they can't do it, they will simply ignore Windows 8 and wait for the next version that removes the restriction of Secure Boot.
Re:yes and no (Score:2, Insightful)
The problem is the whole "Desktop PC" market is becoming marginalized. Mobile devices are where a majority of computing dollars are going (in the consumer world).
Computers used to be huge and had a whole room dedicated to merely running them. Desktops revolutionized that, but the computer still lived in a specific room and you had to go to that room to do your computing (office or wherever).
The whole idea of going to a specific room to do your computer is going away; at least for average people. Microsoft will be marginalized if it tries to stay in that market, regardless of what it does there.
As an anecdote, my best friend and I both bought the same model of laptop computer a few years ago. I finally had to buy a new one and asked her if she wanted me to try to upgrade her old one (I'm much more of a power-user than she is). She said "sure", but that it really didn't matter that much because she doesn't use her computer much any more because she does everything on her phone now.
I love Linux and have been using it for years, but grabbing up more userbase in the desktop market won't account for much.
Re:Approach #4 (Score:4, Insightful)
Yes, because Microsoft would never, ever, even possibly ever imagine thinking of making it compulsory on x86.
Re:Approach no. 4 File complaint to D.O.J. (Score:5, Insightful)
If this is not an example of Microsoft's monopolistic practices i don't know what is.
Re:Secure Boot won't catch on (Score:5, Insightful)
We used to call them "general purpose computers"
We dropped the "general purpose" part at some point, because it seemed redundant at the time.
Now maybe we need to bring back this term.
These machines you are talking about are not "general purpose" computers at all.
It once again goes to show that the Microsoft slogan is "Where do you want to be taken today"
Windows 8 is not going enterprise and OEM's (Score:5, Insightful)
Windows 8 is not going enterprise and OEM's need to not lock out XP / Windows 7 as they will lose the enterprise market if they do so.
the MB makers likely will not want to go windows 8 only.
Re:yes and no (Score:4, Insightful)
A) Most houses have 1 or 2 desktops (shared by the family), but most people have their own smartphone or laptop (since they take it with them to work/school/etc).
B) Desktops tend not to be replaced as often, partially due to them being more powerful/dollar in the first place, and partly because they are SO MUCH easier to upgrade.
C) Desktops cost a LOT less (unless you get a screaming gaming rig) than any other computing device out there, so comparing the *amount* people spend on desktops vs mobiles is pointless.
D) A lot of people that build gaming machines (and even some that don't), build there computers 1 piece at a time, and thus don't get counted as "PC Sales", almost NOBODY does this with laptops, cellphones or tablets.
Mobile devices may be on the rise, but I doubt desktops will dissapear any time soon, at least not until they stop being half the price of a less powerfull laptop!
Unrelated Note: Why won't slashdot's comment boxes resize horizontally in Firefox?
Re:approach #4 (Score:4, Insightful)
Hey software and hardware vendors.... (Score:0, Insightful)
Pay real close attention here. Because i'm getting tired of your antics thinking you own my stuff.
This is my hardware. my software.
NO! I DID NOT LICENSE ANYTHING FROM YOU! I BOUGHT IT! IT'S MINE! WHEN IT BREAKS IT'S MY PROBLEM! NOT YOURS!
So long as it's my money that paid for it... It WILL do what *I* want when *I* want.
NOT what you want. I don't give a fuck what you think i should or should not be running.
I don't give a fuck about your digital rights and fake ass media security.
My hardware and software WILL do as i demand or i'll crack, root, wipe, edit, rip, modify, pirate, hack, replace, and or break your hardware / software, whatever it takes.
Unless you're going to fork over money to use your products. You can fuck right off.
Better wise up assholes. It's about time for alot of people to buy new hardware again.
We can break your companys. You need us way more than we need you and your 'security'.
So take your uefi/tpm and cram it right up your ass guys. Securely.
Re:Secure Boot won't catch on (Score:4, Insightful)
I thought the requirement to run Windows 8 was to have a BIOS option to disable secure boot, or rather, enable legacy (BIOS) booting. So if the user wishes to run another OS, they could - disable secure boot, and the PC boots like it always has - via the old BIOS method. Of course, if you want to boot back into Windows requires flipping the option back (the files are signed and verified before loading, so it's not like running another OS will break the security - the UEFI verifies the loader, the loader verifies the kernel, the kernel verifies the drivers and Windows binaries, etc.).
I know RedHat and Canonical were worried that the option would be well, optional, but I thought it was now required. And it will be for a little while because Windows 7 isn't ready for secure boot - it can be EFI-booted in 64-bit mode but that's experimental.
Then there is well, Apple. Whose EFI-based firmware probably doesn't have secure boot in it and thus unable to boot Windows 8... (and probably the only provider that has an easily-accessible EFI boot - is there any other reason why there's an EFI bootloader for Linux for the past few years?)
Re:Approach no. 4 - Do nothing (Score:4, Insightful)
People are not as productive with XP/2003 and I dispute that claim. When you have computers that take 8 minutes to be responsive to start up, or inactive for 3 hours every Tuesday due to McCrappy doing a scan limiting 1 app open at a time, can't find files in a share with 10,000 files, help desk putting out fired with rootkits and viruses all day that eats up into productivity.
Sure your friendly beancounter accountant only looks at cost but it is always assumed workers are just as productive regardless of time and equipment.
A modern Windows 7 environment you have instant search and can find things like Acme corp sales distribtion 2008 within seconds! The calls for malware go down in half. Your systems do not have Windows rot and get all sluggish. To boot your computers go into sleep mode and you can save millions or at least hundreds of thousands in energy costs.
Your workers can use more functions in Office they didn't know where there either. Sorry ribbon haters but studies show otherwise and after 1 month of using it you will not want to go back. I can just use my keyboard now with Win 7/Office 2010 and hardly use the mouse as much with instant search and the using the numbering shortcuts with the ribbons. It rocks on a laptop too.
Your workers will be spending more time working and getting things down. You really need to sell yourself better at work rather than kiss up with the cost accountants.
Re:Secure Boot won't catch on (Score:5, Insightful)
PS3s only took about 5 months to be cracked. They were initially untouched because they provided people what they wanted: The ability to boot linux. Once the feature was taken away, it was cracked in very little time at all.
And the new PS3s are "immune" not due to anything other than harassment of GeoHot by sony. We'll never know if this is true though, because he's barred from ever touching anything branded by Sony ever again.
And pretty much all Android phones have the bootloaders completely bypassed with 2ndinit.
Satellite, you've got me on, because I haven't had any interest in.
Re:Approach no. 4 File complaint to D.O.J. (Score:4, Insightful)
Oh and btw, doesn't Apple also restrict what boots and how? to make sure you ONLY buy Apple hardware? Yep, MS keeps 90% of the market, can and WILL dictate to the OEMs how to build their machines, and there is nothing anyone can do about it, thanks to Apple's efforts.
And top it off, MS is getting more into the hardware market, and controlling the software sales channels, they want to be just like Apple. I can't wait to see how it comes out. My guess is both MS and Apple will end up being losers, and guess what, linux will still be a loser also. Something new will come along, dictated by ATT and the Olympic comittee, and the 99% will still be whining about how the 1% controls everything. Nothing will change.
Re:Approach no. 4 - Do nothing (Score:4, Insightful)
If you're turning off UEFI, why are you worried about secure boot?
Re:Security will not catch on (Score:4, Insightful)
They didn't have to crawl or beg, they just asked and Microsoft said yes. Microsoft was anxious to support Ubuntu since they don't want a repeat of the paranoia that surrounded Palladium.
It'd be a lot easier to accept if the task were granted to a company with no stake in the OS market, like Intel.
Most likely there are going to be about 6 signing authorities on the BIOS that ship. Microsoft, someone like Verisign, a few Asian ones, maybe the hardware vendors themselves (i.e. Dell signs for UEFI in Dell's and collects the check). There is no reason to believe Intel, Western Digital (which has played for open standards for decades) or someone unexpected like NVidia won't step forward. I could see IBM who is much more trusted by the Linux community doing it.