Red Hat Engineer Calls out Windows 8 Secure Boot as a Linux Risk - Polidicks

[QUOTE=Panda X;32440655]Microsoft's response: [url]http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx[/url] UEFI allows firmware to implement a security policy [B]Secure boot is a UEFI protocol [/B]not a Windows 8 feature UEFI secure boot is part of Windows 8 secured boot architecture Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure [B]Secure boot doesn’t “lock out” operating system loaders, but is is a policy that allows firmware to validate authenticity of components[/B] OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform [B]Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows[/B] also [img]http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-01-29-43-metablogapi/0624.Figure_2D00_5_2D002D002D00_Samsung_2D00_PC_2D00_secured_2D00_boot_2D00_setting_5F00_thumb_5F00_02016A69.jpg[/img][/QUOTE] The boot security protocol doesn't require the OEMs to implement a way to disable it, and OEMs aren't going to sign every Linux Kernel release ever so we can load them. This isn't Microsoft's specific fault, but it's a damn asshole move to require this, even if it does make their, for a lack of a better word, monopoly, stronger.

[QUOTE=Jookia;32447285]The boot security protocol doesn't require the OEMs to implement a way to disable it, and OEMs aren't going to sign every Linux Kernel release ever so we can load them. This isn't Microsoft's specific fault, but it's a damn asshole move to require this, even if it does make their, for a lack of a better word, monopoly, stronger.[/QUOTE] At the end of the day, why would a linux user buy a computer that has windows preloaded on it anyways in the first place. This is more along the line of getting the normal person who does not even know what the fuck linux or unix is. Besides, the release of the gold master to OEM's is so far off that it can be changed so everything in 8 is not set in stone until the final beta.

I don't understand what secure boot is supposed to do. Maybe it matters for businesses and servers, but it doesn't matter for home users. [editline]23rd September 2011[/editline] [QUOTE=jordguitar;32448027]At the end of the day, why would a linux user buy a computer that has windows preloaded on it anyways in the first place.[/QUOTE] Laptops. Ones that aren't Macs specifically. There are some companies like System 76 that sells Linux laptops, but there isn't anything huge like Dell or HP.

[QUOTE=Panda X;32440655]Microsoft's response: [URL]http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx[/URL] UEFI allows firmware to implement a security policy [B]Secure boot is a UEFI protocol [/B]not a Windows 8 feature UEFI secure boot is part of Windows 8 secured boot architecture Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure [B]Secure boot doesn’t “lock out” operating system loaders, but is is a policy that allows firmware to validate authenticity of components[/B] OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform [B]Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows[/B] also [IMG]http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-01-29-43-metablogapi/0624.Figure_2D00_5_2D002D002D00_Samsung_2D00_PC_2D00_secured_2D00_boot_2D00_setting_5F00_thumb_5F00_02016A69.jpg[/IMG][/QUOTE] You seem to always have answers for the mental patients that think Microsoft is out to stab you and steal all your stuff, they should just hire you to explain things for them :v:

[QUOTE=Jookia;32447285]The boot security protocol doesn't require the OEMs to implement a way to disable it, and OEMs aren't going to sign every Linux Kernel release ever so we can load them. This isn't Microsoft's specific fault, but it's a damn asshole move to require this, even if it does make their, for a lack of a better word, monopoly, stronger.[/QUOTE] I love how Linux users are taking this as a personal attack. Microsoft is trying to make computers safer that's there ONLY goal here. And it's not like it'll be entirely impossible for Linux to be used on these computers. Not to mention OEM computers aren't the only option. You could build your own desktop or purchase a laptop from S76 and install a decent distro on it. [editline]23rd September 2011[/editline] [QUOTE=Elspin;32448308]You seem to always have answers for the mental patients that think Microsoft is out to stab you and steal all your stuff, they should just hire you to explain things for them :v:[/QUOTE] It's funny, anything regarding the slightest fault on MS whether true or not, everyone goes off on a tirade. Not caring about if something is true or not. It seems that everyone seems to think Microsoft is out to get them and ruin their lives and the lives of any computer user. I'm not saying they're perfect but good lord...

[QUOTE=jordguitar;32448027]At the end of the day, why would a linux user buy a computer that has windows preloaded on it anyways in the first place. This is more along the line of getting the normal person who does not even know what the fuck linux or unix is. Besides, the release of the gold master to OEM's is so far off that it can be changed so everything in 8 is not set in stone until the final beta.[/QUOTE] New people may want to try Linux out in anything other than a VM. It seems you're implying that DRM is okay since it won't affect the majority of users. [editline]24th September 2011[/editline] [QUOTE=Panda X;32448408]I love how Linux users are taking this as a personal attack. Microsoft is trying to make computers safer that's there ONLY goal here. And it's not like it'll be entirely impossible for Linux to be used on these computers. Not to mention OEM computers aren't the only option. You could build your own desktop or purchase a laptop from S76 and install a decent distro on it.[/QUOTE] Just because it's not their intention to hurt Linux, doesn't mean it won't. That's the core issue here, reality, not motive. The bigger implication is that it's getting scarily close to OEMs controlling what you can install on your own computer.

I can understand why they want this. There are boot load disks that users with physical access to a computer can use to change the passwords for accounts on Windows. My networking teacher used it on my laptop once for me when I forgot the password. It was scarily easy to use it.

[QUOTE=Jookia;32448449]Just because it's not their intention to hurt Linux, doesn't mean it won't. That's the core issue here, reality, not motive. The bigger implication is that it's getting scarily close to OEMs controlling what you can install on your own computer.[/QUOTE] There are other OEMs. Linux will still continue to grow, it's just they'll use different computers OR check to see in advanced like any computer user and make sure whether or not secure boot is there and if it can be disabled or not. OR buy a refurbished/older model computer or get one of those some OEMs offer without Windows. I've seen many articles over the years exactly like this. Several months down the road everyone completely forgets and it's like it never even happened having no affect on anybody.

[QUOTE]It's funny, anything regarding the slightest fault on MS whether true or not, everyone goes off on a tirade. Not caring about if something is true or not. It seems that everyone seems to think Microsoft is out to get them and ruin their lives and the lives of any computer user. I'm not saying they're perfect but good lord...[/QUOTE] Agreed, everytime bad news related to Microsoft appear everyone jumps on the bandwagon against microsoft. Guys, this isn't "Vista" Microsoft, ever since Windows 7 was released, MS has been pretty awesome IMO.

[QUOTE=Panda X;32448599]There are other OEMs. Linux will still continue to grow, it's just they'll use different computers OR check to see in advanced like any computer user and make sure whether or not secure boot is there and if it can be disabled or not. OR buy a refurbished/older model computer or get one of those some OEMs offer without Windows. I've seen many articles over the years exactly like this. Several months down the road everyone completely forgets and it's like it never even happened having no affect on anybody.[/QUOTE] The whole concept of being able to download and try it out will be gone for computers with secure boot. That'll deter a large amount of new users who can't use it on their hardware.

[QUOTE=Jookia;32448711]The whole concept of being able to download and try it out will be gone for computers with secure boot. That'll deter a large amount of new users who can't use it on their hardware.[/QUOTE] It's not going to be gone. Jesus fuck. You're acting like it's physically impossible no matter what for Linux to ever ever ever be used ever again.

[QUOTE=Panda X;32448758]It's not going to be gone. Jesus fuck. You're acting like it's physically impossible no matter what for Linux to ever ever ever be used ever again.[/QUOTE] What? I'm just saying that it'll deter new users as they won't be able to try Linux, as it won't boot on their hardware. It's kind of like how you'll have to buy a new computer just to try Windows 9.

[QUOTE=Jookia;32448840]What? I'm just saying that it'll deter new users as they won't be able to try Linux, as it won't boot on their hardware. It's kind of like how you'll have to buy a new computer just to try Windows 9.[/QUOTE] I honestly don't see it coming down to that. And why would have to buy a new computer just to try W9?

[QUOTE=Jookia;32448840]What? I'm just saying that it'll deter new users as they won't be able to try Linux, as it won't boot on their hardware. It's kind of like how you'll have to buy a new computer just to try Windows 9.[/QUOTE] What part of "safe boot can be disabled" didn't you understand?

[QUOTE=Panda X;32448891]I honestly don't see it coming down to that. And why would have to buy a new computer just to try W9?[/QUOTE] What're the chances of OEMs signing the kernel for undeveloped Windows releases? [QUOTE=barttool;32448896]What part of "safe boot can be disabled" didn't you understand?[/QUOTE] The part where it's not mandatory for OEMs to allow it to be disabled.

[QUOTE=Jookia;32448932]What're the chances of OEMs signing the kernel for undeveloped Windows releases? The part where it's not mandatory for OEMs to allow it to be disabled.[/QUOTE] And you think it is going to be impossible for any "hacker" to get around it? If a OEM does lock it down, it will most likely be just that single OEM (most likely dell) and thats the end of it.

[QUOTE=Jookia;32448932]What're the chances of OEMs signing the kernel for undeveloped Windows releases? The part where it's not mandatory for OEMs to allow it to be disabled.[/QUOTE] It's not the kernel. It's the bootloader.

[QUOTE=jordguitar;32448967]And you think it is going to be impossible for any "hacker" to get around it? If a OEM does lock it down, it will most likely be just that single OEM (most likely dell) and thats the end of it.[/QUOTE] I assume it would be impossible for a hacker to get around it without voiding warranty. Which is kind of a bad thing. [QUOTE=Panda X;32448983]It's not the kernel. It's the bootloader.[/QUOTE] Ah, I was under the impression it was the kernel itself, rather than the bootloader. But bootloaders aren't immune to updates are they?

[QUOTE=Jookia;32449048]But bootloaders aren't immune to updates are they?[/QUOTE] Updates as in an updated bootloader in the next version of Windows? The chances of Microsoft ever updating that again in the next 15 years are slim to nil.

[QUOTE=Jookia;32449048]I assume it would be impossible for a hacker to get around it without voiding warranty. Which is kind of a bad thing. Ah, I was under the impression it was the kernel itself, rather than the bootloader. But bootloaders aren't immune to updates are they?[/QUOTE] Do you honestly think they care about a god damn warranty? As stated before, panic over nothing.

[QUOTE=Panda X;32449068]Updates as in an updated bootloader in the next version of Windows? The chances of Microsoft ever updating that again in the next 15 years are slim to nil.[/QUOTE] Not even bugfixes? [QUOTE=jordguitar;32449082]Do you honestly think they care about a god damn warranty? As stated before, panic over nothing.[/QUOTE] I care about warranty. If I have to void warranty to use Linux on a computer, fuck that.

[QUOTE=Jookia;32449118]Not even bugfixes? I care about warranty. If I have to void warranty to use Linux on a computer, fuck that.[/QUOTE] [url]http://ubuntuforums.org/showthread.php?t=533105[/url] It happened once, dell is stupid enough to do it.

[QUOTE=Jookia;32449118]Not even bugfixes? I care about warranty. If I have to void warranty to use Linux on a computer, fuck that.[/QUOTE] I don't think Microsoft will be making OEMs lock out their own bootloader and/or updates in the future. Which is why I still think all this is a fuss over nothing. I though the Linux community were the people who if they break something, they fix it themselves and wouldn't care about a warranty.

Boy do I love idiots that flip out and take shit personal when they really don't need to. Doing a little homework could've saved a lot of tears.

[QUOTE=Panda X;32449140]I don't think Microsoft will be making OEMs lock out their own bootloader and/or updates in the future. Which is why I still think all this is a fuss over nothing. I though the Linux community were the people who if they break something, they fix it themselves and wouldn't care about a warranty.[/QUOTE] Unless OEMs can remotely add keys to your computer, it seems you'll have to buy a new computer to get the new keys, unless you can add keys at software level, which just breaks the whole idea of secure boot in the first place. Let's not throw stereotypes around. Also, who is my OEM to decide that I trust specific code that they sign running on my computer? Why can't I choose which keys go in or out?

[QUOTE=Jookia;32448711]The whole concept of being able to download and try it out will be gone for computers with secure boot. That'll deter a large amount of new users who can't use it on their hardware.[/QUOTE] Well, I hate to sound like an idiot, but you do need a little bit of skill to use Linux. Oh and [img]http://www.facepunch.com/fp/browser/linux.png?[/img]

[QUOTE=Jookia;32449270]Unless OEMs can remotely add keys to your computer, it seems you'll have to buy a new computer to get the new keys, unless you can add keys at software level, which just breaks the whole idea of secure boot in the first place. Let's not throw stereotypes around. Also, who is my OEM to decide that I trust specific code that they sign running on my computer? Why can't I choose which keys go in or out?[/QUOTE] Depends on the laws on where they want to get sued in.

[QUOTE=Zambies!;32449299]Well, I hate to sound like an idiot, but you do need a little bit of skill to use Linux. Oh and [img]http://www.facepunch.com/fp/browser/linux.png?[/img][/QUOTE] I wouldn't of learned Linux and whatnot if I weren't able to install it and screw with it.

[QUOTE=jordguitar;32448027]At the end of the day, why would a linux user buy a computer that has windows preloaded on it anyways in the first place. This is more along the line of getting the normal person who does not even know what the fuck linux or unix is. Besides, the release of the gold master to OEM's is so far off that it can be changed so everything in 8 is not set in stone until the final beta.[/QUOTE] Uhh I think you completely underestimate how widespread Linux is. In some countries it's used in schools. 3-5% of the market is huge.

[QUOTE=Jookia;32449270]Unless OEMs can remotely add keys to your computer, it seems you'll have to buy a new computer to get the new keys, unless you can add keys at software level, which just breaks the whole idea of secure boot in the first place. Let's not throw stereotypes around. Also, who is my OEM to decide that I trust specific code that they sign running on my computer? Why can't I choose which keys go in or out?[/QUOTE] Honestly I doubt it'll work the way you think it's going to work. I imagine it simply being a digital signature on the bootloader and UEFI checks to see if the signature is valid. Like [img]http://i52.tinypic.com/13zamxk.png[/img]