To run on UEFI-secured machines, the next version of Fedora will use a digital key from Microsoft. - Hardware & Software

[IMG]http://img862.imageshack.us/img862/2622/encryption.jpg[/IMG] [B]In order to get its Linux distribution to run on the next generation of secured desktop computing hardware, the Fedora Project will obtain a digital signature from Microsoft, a developer from the project announced Wednesday.[/B] "This isn't an attractive solution, but it is a workable one," wrote Matthew Garrett in a blog post on Wednesday. "We came to the conclusion that every other approach was unworkable." The next release of the open-source distribution, Fedora 18, due in November, will be the first version able to run on computers that use UEFI (Unified Extensible Firmware Interface), which requires the operating system to furnish a digital key before it can be run by the machine. With the growing adoption of UEFI among hardware developers -- largely at the behest of Microsoft -- the Fedora Project faced a number of alternatives, none of them completely satisfying, Garrett said. Fedora could ignore the request for a digital certificate. This would require users to fiddle with their firmware settings, though, which would make the software less usable for those less technically inclined. "The cause of free software isn't furthered by making it difficult or impossible for unskilled users to run Linux, and while this approach does have its downsides, it does also avoid us ending up where we were in the '90s," Garrett continued. "Users will retain the freedom to run modified software and we wouldn't have accepted any solution that made that impossible." Another possibility: Fedora could produce its own key. This approach, however, would require buy-in from each hardware manufacturer, which would be difficult to achieve and may result in long lists of computers and components that would be compatible with Fedora. It would also leave out other, smaller, Linux distributions, such as Slackware, which may not have the resources to manage their keys. The Fedora Project also looked into producing a key for all Linux distributions. This approach, however, would end up costing millions of dollars and take a lot of time, neither of which most Linux distributors would have the resources to cover. In the approach Fedora chose, the organization would pay $99 to have Microsoft sign the binary release of the Fedora distribution. Although the cost for the certificates would be less than $200 a year for Fedora's twice-a-year release schedule, it still hands control of Fedora over to Microsoft, however nominally. With the key, the machine can check if the binary version of the distribution is identical to the one submitted to the key signer. Fedora engineers would then develop a bootloader -- a small program that loads the operating system when the computer is powered on -- that would provide the required Microsoft key to the hardware and then hand over operations to the standard bootloader. Garrett characterized this software as a "shim," one that would only add minimal delay to the booting process of a computer. Garrett admits that even this approach has drawbacks. Some kernel functionality will be locked down. Also, kernel modules will need to be signed. Developers who compile their own kernel binary will have to figure out a way to get it signed, either by applying to the firmware company directly, or creating a shim similar to Fedora's bootloader. Or, they can run their binaries on those computers that don't require certificates. Although the project is still open to other possibilities, Garrett said, purchasing a key from Microsoft has thus far been the most feasible way of running Fedora on UEFI machines. Nonetheless, the act of relying on Microsoft to give its approval to run Linux on a computer may be a bitter pill for many longtime open-source advocates, who remember Microsoft's once-hostile stance toward open source. "What is Fedora's plan if Microsoft changes these terms of their $99 signing program to exclude you?" one commenter to Garrett's post asked. Last year, Microsoft announced that all computers running its Windows 8 operating system will need to require firmware to support UEFI. On x86 systems, it can be turned off, though computers running ARM processors will not have this option. Garrett was less worried about the mandatory UEFI on ARM computers because Microsoft's influence over these vendors is not as expansive. Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is [email]Joab_Jackson@idg.com[/email]

This is revolting. No, seriously, [B]fuck[/B] this. I don't mean fedora getting the key, I mean the fact they are actually required to. Seriously, I didn't really mind any of Microsoft's late shenanigans, but this is fucking bullshit. Source, please.

[QUOTE=Awesomecaek;36159618]Source, please.[/QUOTE] [url]https://www.computerworld.com/s/article/9227662/Fedora_Linux_capitulates_to_Microsoft_boot_certificate[/url] [editline]1st June 2012[/editline] I wonder when we'll stop calling it "the [I]coming[/I] war on general computation" and just "the war on general computation".

So basically in the future when you buy hardware, it's more like [I]borrowing[/I] the hardware from Microsoft? I really dislike rights being taken away from me; I should be able to install whatever the hell I want on hardware I own.

[QUOTE=Awesomecaek;36159618]This is revolting. No, seriously, [B]fuck[/B] this. I don't mean fedora getting the key, I mean the fact they are actually required to. Seriously, I didn't really mind any of Microsoft's late shenanigans, but this is fucking bullshit. Source, please.[/QUOTE] Yep. This is completely retarded. Typical Microsoft behavior, and I bet you'll find 100 morons on here arguing about why this is a good thing because they don't even get the issue. Stupid and stupid.

This is like, 600 steps backwards in the computing direction.

Egh, guess I'll be holding on to a couple old computers, then.

I have been extremely concerned about the fate of open-source OSes ever since this whole UEFI shit was announced.

If they're going to make something like this, at least make it so the user can sign keys off that they trust instead of the hardware company signing them off and end up with Microsoft controlling it all. It's fucked up logic and whoever thought of this should just leave the IT field permanently.

I guess we're just going to have to get our open-source hands dirty and start a UEFI key collection for the Linux community. It's not something we WANT to do, but something [I]has to be done[/I] to save open-source operating systems.

[QUOTE=P320;36164573]I guess we're just going to have to get our open-source hands dirty and start a UEFI key collection for the Linux community. It's not something we WANT to do, but something [I]has to be done[/I] to save open-source operating systems.[/QUOTE] I am not usually one who would like to have anything with the broken legal system, mainly when it comes to competition and such, but right now I believe somebody should sue the living shit out of Microsoft. It might not pass in USA, but I am quite confident it might within EU.

God damn it, Bill Gates wants to make himself look like Steve Jobs again.

You have to get a key from [B]Microsoft[/B], not some independent manufacturer, but a convicted monopolist? Surely this'll end well.

Guess it's about :yarr: time.

[QUOTE=Foxconn;36165144]God damn it, Bill Gates wants to make himself look like Steve Jobs again.[/QUOTE] Billy G isn't in charge and hasn't been for years. Target the current management instead, though with the whole Metro thing going on, they probably have their heads up each others asses.

Will somebody please educate me on why this is so terrible? Maybe it's because I admittedly know nothing about UEFI systems but what exactly makes this so horrendous?

[QUOTE=Sir Whoopsalot;36166306]Will somebody please educate me on why this is so terrible? Maybe it's because I admittedly know nothing about UEFI systems but what exactly makes this so horrendous?[/QUOTE] Now distros have to go to Microsoft to get permission to run on computers.

Everybody, don't worry. As far as I know, and I know, somebody is probably going to program a Jailbreak for this sick shit.

Custom UEFI ROMs with unlocked bootloaders, I hope. :3

Everything is possible, my friend.

[QUOTE=Jookia;36169262]Now distros have to go to Microsoft to get permission to run on computers.[/QUOTE] They don't have to. Fedora chose that solution as opposed to entering the manufacturer's key in the firmware I believe.

[QUOTE=Foxconn;36169681]Everybody, don't worry. As far as I know, and I know, somebody is probably going to program a Jailbreak for this sick shit.[/QUOTE] Even if this is the case, it's still bad. You shouldn't have to "jailbreak" your OWN omputer, just to put another system on it. It should just be possible, out of the box. Just like changing your CPU or GPU.

Eheheh, what. Are they saying that they are locking our ability to install any OS other than windows? Would this affect homebuilt PC's?

[QUOTE=joshjet;36188036]Eheheh, what. Are they saying that they are locking our ability to install any OS other than windows? Would this affect homebuilt PC's?[/QUOTE] If you plan on running any form of *nix on it, then yes. :/

[QUOTE=joshjet;36188036]Eheheh, what. Are they saying that they are locking our ability to install any OS other than windows? Would this affect homebuilt PC's?[/QUOTE] Other than any OS that has Microsofts license to be installed, will not be installable. It affects any system using the new UEFI, be that homebuilt or prebuilt or whatever.

[QUOTE=T3hGamerDK;36192282]Other than any OS that has Microsofts license to be installed, will not be installable. It affects any system using the new UEFI, be that homebuilt or prebuilt or whatever.[/QUOTE] This is what happens when open-standards aren't the foundation of new hardware design. :/

Who is forcing us to switch to new UEFI'd hardware anyway? Let's keep our current machines of doom that are always going to allow us to install anything.

[QUOTE=Foxconn;36195121]Who is forcing us to switch to new UEFI'd hardware anyway? Let's keep our current machines of doom that are always going to allow us to install anything.[/QUOTE] Or just avoid any new motherboards with the 'UEFI' tags on them. Problem solved.

[QUOTE=T3hGamerDK;36195887]Or just avoid any new motherboards with the 'UEFI' tags on them. Problem solved.[/QUOTE] Problem is MS is pushing UEFI so that's going to be hard. IIRC Windows 8 requires UEFI

Let's quickly summarize this: UEFI is to security as CISPA is to promoting privacy on the internet. It is not.