As advertised ...
... Linux is perfectly happy on old computers with low performance marks. I'll just keep using it on my old AMD 3200+XP dinosaurs and be perfectly happy as usual.
The question of whether Secure Boot technology in UEFI firmware could exclude Linux from PCs running Windows 8 has taken a fresh twist. Red Hat engineer Matthew Garrett, one of the first to flag up the Unified Extensible Firmware Interface issue, has blogged that Microsoft's rules for certified Windows 8 hardware do not make …
...just that, IF YOU BUY A COMPUTER WITH WIN8 ON IT, you'll have to turn off the signed bootloader thingy.
Talking about messing with the keys is a red herring; if you want to do signed linux, you were always going to have to install your own keys, and even if the UEFI spec doesn't specify how this is to be done, it ain't Microsoft's job.
They key points is that MS have said that to get their shiny sticker on OEM PCs, they not only have to ship with a way to turn off these security features, but they have to be customisable. This will, in fact, make key-signed linux MORE likely than it would have been last week.
As to the ARM stuff, in the abstract this is annoying. But in reality, I can't see the presence or absence of the ability to load linux onto win8 phones and tablets affecting me one way or the other.
"As to the ARM stuff, in the abstract this is annoying. But in reality, I can't see the presence or absence of the ability to load linux onto win8 phones and tablets affecting me one way or the other."
ARM isn't restricted to "phones". There is also the matter of tablets, laptops, and potentially even desktops to consider. What about general purpose boards such as the Raspberry Pi, which are also ARM? It's a general CPU architecture, not a class of products. If the OEMs are forbidden to allow modification of the allowed keys, it will be impossible to boot anything except Microsoft-signed code on these systems, and that *is* certainly something that would affect people. It's a requirement for using the Windows logo on the hardware, which is a big commercial incentive to lock down the hardware, or else it has the appearance of not being approved for use with Windows, even when it's perfectly supported, which could have a commercial impact if it affects sales. Thus Microsoft achieves total lock-in on the platform.
You are seriously short sighted!
"As to the ARM stuff, in the abstract this is annoying. But in reality, I can't see the presence or absence of the ability to load linux onto win8 phones and tablets affecting me one way or the other."
What happens when nice laptops come out with win8 and long battery life from an ARM processor? Locked to MS-only and Linux must make do with the old Intel stuff.
Furthermore, the MS requirement only *allow* non-MS signed x86 booting, they don't *require* it, and one can imagine that secretly they will pressure OEMs to not support it.
It is high time that the EU or whatnot mandated all computer devices have a free way to disable secure boot should the user want to try another OS, or use a Linux-based recovery CD or similar. Most don't care, but it will eventually strangle any sense of freedom in computing in 5-10 years time.
"It is high time that the EU or whatnot mandated all computer devices have a free way to disable secure boot should the user want to try another OS,"
The original IBM PC—from whence all modern Windows boxes came—was NEVER intended to be an "open" platform. It was supposed to be a closed platform, just like Apple, Atari's computers, Commodore's, Acorn's, Sinclair's, and every other bloody computer around at the time.
The only reason there's a "PC clone" (for that's all modern PCs are) market at all is because Compaq (and, later, other companies) reverse-engineered their own compatible BIOS ROMs using a clean-room process.and invented the "PC-compatible" market, but—again—HP, Compaq, Dell and their ilk have never, EVER, been remotely interested in letting you install anything other than the de-facto standard software bundle on these machines—i.e. MS-DOS, Windows, and its successors. (Dell were infamous for customising some of their hardware and drivers, so their PCs weren't really as "open" as many people claim.)
These companies have tried to offer alternative software bundles, but every time they've run into the law of diminishing returns: the market for alternative OSes simply isn't big enough to justify the investments and support costs. Most people simply aren't aware that something called "Linux" even exists, let alone what it is. Hell, many people out there will blithely write "Microsoft Office" in the "What is your operating system?" field on a PC support site.
Most people are *ignorant* of IT theory and practice. That doesn't make them "dumb", "stupid" or "brain-dead". It just means they don't share your interests.
To this day, I still have no idea how Cricket works, or who won the FA Cup last time around. I find the whole concept of watching other people exercising and keeping fit utterly absurd and stupefyingly dull. But I don't go around demanding people stop doing it. Whatever floats your boat.
But I _do_ get annoyed when people insist that their "freedom" trumps _mine_, and everyone else's.
"Freedom" is a two-way street.
It includes the _freedom_ to make *any* product *I* damned well choose, and design it how *I* want. I then get to manufacture it and sell it to the public. *I* carry ALL the risk, because, if I've misjudged the market, all the capital investment I'll have made will be lost and I'll be bankrupt. The *market* decides whether I get to be spectacularly rich, make a basic living, or lose my home and the shirt off my back. If you disagree with that, you, sir, are a hypocrite. End of story.
If you want a computer that comes ready-built with Linux (or any other third-party OS), or onto which you can install same, the onus is on YOU to build such a machine, or find someone who is willing to build it for you. If you think your pet OS is so shit-hot, why don't you put YOUR money where your loud mouth is and build your _own_ range of PCs? Offer them to the public, and watch the money pour in! (I can think of a few ways you might be able to pull it off, but none involve following the traditional PC industry sales models. Hint: Red Hat.)
Like it or not, you have no right to demand that _other companies_ sacrifice _their_ design freedoms to meet your petty demands.
Get off your arse and build your own PCs. Nobody's stopping you. Not even Microsoft.
Indeed.
Of course the original IBM PC was intended to be open. It was open in the sense that IBM published anything you would need to put your OS on the hardware. No, it wasn't intentionally cloneable... well, other than the fact that, unlike many other personal computers, every part of the IBM PC was off-the-shelf, TTL-Databook or Intel Catalog stuff.
Microsoft appears to be abusing its monopoly status to try to hold onto to x86 market through deliberate stifling of any possible competition, and is further trying to leverage its x86 monopoly to create a monopoly on a whole new system architecture, namely ARM.
That is illegal, and they've been prosecuted and found guilty of this several times before.
Abusing a monopoly to stifle competition results in every single customer suffering - you end up with shitty products at very high prices, because the monopolist has no incentive whatsoever to improve and can jack up prices almost indefinitely.
If it was a minority player suggesting these clauses, then it wouldn't matter.
However, Microsoft are a practical monopoly for both desktop OS and desktop "office" applications, and these measures look very much like they are trying to leverage those monopolies to get more monopolies - which is illegal in the US, the EU and probably other places as well.
As far as the tablet market is concerned MS are entering into a market that already has two powerful well established players, one of whom has a *very* dominant position in that market. There is IMHO (whatever Microsoft's intentions/wishes) not a cat's chance in hell that they will be able to pull the same stunt in the ARM-based tab market that they managed twenty something years ago in the pc-market.
Oh no?
Xbox. Orginal..
Two big players, Sony and Nintendo.
MS Came out of NO WHERE and blew them, and the world (gaming world) away. Of course there has been various issues form the very start, but they did exactly what you've described. They've got enough money to be able to do so, and they'll do it again easily too.
Or at least making it a lot harder than it should be.
When I last built my own PC, I didn't design, route and manufacture my own motherboard - I bought one from the likes of Asus/Gigabyte etc and it had a Windows Logo thingy on the box.
By the ARM clause, if I was building my own ARM PC, then buying an ARM motherboard with a Windows Logo on it means I cannot install *anything at all* onto it except Windows 8.
It also sounds like the converse would be true, meaningthat I cannot put Windows 8 onto ARM unless it's Logo'd.
Even though it's my damn PC that I am building, Microsoft are taking away my choice of OS to put onto it.
Equally, the x86 clause means that my new x86 motherboard won't let me install Linux (or even a retail Windows XP or Windows 7) on it until I mess about in an optional configuration tool.
- If I'm unlucky, then that optional tool may not even exist and I might not find out until I try to use my new motherboard. Then I'm in the mess of trying to return it (and spreading the word not to get that particular one)
It's abusive and unnecessary.
I mean, how many boot-sector rootkits are common in the wild anyway? And what exactly is wrong with a simple warning "boot sector changed, did you install a new operating system?"
- I don't think UEFI even gives you a way to roll back a nasty boot sector change anyway, so rootkits would just brick the computer on next boot. Not exactly a friendly response!
- I wonder who your "average" user will blame if their PC suddenly refuses to boot with a UEFI "Unsigned kernel!" critical error.
You're not going to be able to buy Windows 8 ARM and a logo'd motherboard it runs on separately at all- the same way you can't buy an Apple A5 motherboard and a DVD of iOS separately. (You want a hackable ARM machine with Linux, might I suggest the Raspberry Pi?)
Non-Windows x86 gear will still be made. Strangely enough, Linux is actually used quite a lot in the real world.
You sir have no idea of IT history. MS, Apple etc. 'stole' from so many, and created an industry to make money - nothing more, nothing less. These companies have contributed nothing to the technology. Even the media created saint, Jobs, stole from Xerox Star to create Lisa. The biggest attribute that Apple has is repackaging. MS bought out so many companies to 'create' all their software (and I mean all), because they rode on the coattails of IBM.
These companies are not sacrificing their software or design because they have none. They are out to make money by not allowing ANY competition.
You are so clueless about these matters. Get off your arse and learn a little about technology.
ARM is not just for phones and tablets but may also be used in servers. This is advantageous as the server can have dozens or hundreds of CPUs which can be switched off when not needed. The power savings of ARM, plus switching off, would make this attractive for many types of server.
However, buying Windows licences, on a per CPU basis, would make this uncompetitive, unless there was some way of making this compulsory.
Realistically though: making your ARM based server product Win8 certified is going to cost you more sales than you would earn (and even taking the same product and making a special version for Win8 certification only will cost more in inventory than you will gain in sales), so I don't see this as an issue.
... its not just about a Win8 phone, but how about a tablet that you buy and then decide, hey, I want to run Android on it?
Also, as the Win8 OS is moved to other hardware devices such as Thin PCs and maybe some home theatre devices, etc... which would more than likely be ARM based as well, they are locking out the Linux or other OS enthusiast from the hardware.
This is the type of behaviour that has got them in trouble with various governments in the past! It seems that threats of anti-trust legislation is all that stops MS from doing such underhanded things!
Apple builds its own hardware and software, then tells you you can't just take different hardware and run their software on it, because their margin is in the hardware, not the software.
Micros~1's margin is in the software and has always had world domination tendencies, so now trying to own the hardware, too, is not that much of a surprise. Minor detail: They don't actually own that hardware. That arguably makes it theft.
If this particular scam isn't illegal, it should be. It might even be abuse of market power and thus monopolism or cartelism or whatever the legal term is. Mere promises here aren't good enough. There needs to be a strong incentive to not take away control from the owner of the hardware.
The irony here is withering. The reason micros~1 got big in the first place is that IBM owned the platform but left all but the BIOS open enough for easy copying, reducing cloning to coming up with a functional IP-free replacement for that bit; Compaq was the first to do so. That enlarged the OS market for that platform, a cozy asset that IBM neglectfully gave away to micros~1. So now they're trying to not merely keep their position, but to shuffle away the keys to your owned hardware as well.
Even if Joe Average User cannot be expected to understand this, he just might find later he couldn't afford to let it happen either.
So you vent your anger a microsoft for trying to control the hardware on wich windows run? your venting on the wrong company.... Apple is culprit for this practice.
you don't want MS to mess with your bios? don't buy a computer with windows 8 pre-installed.... simple.... same goes for Apple, don't want grossly overprived hardware on top a freeBSD with a candy interface? don't buy Apple.
your rant sink like rock......
*takes stick, turns it round and hands back*
there you go!!!
Now correct me if i am wrong, but does he not mention the fact that Apple do this??? What he then goes onto explain is that MS are now trying to do this.
We all know and hate/love the fact that Apple do this, that is clearly evident in the number of posts for and against Apple's "walled garden" approach throughout a vast number of threads on here.
your rant sinks like a rock...or is that sank like a rock?
No, it isn't.
It is MS trying to break out of the situation they are in where industry standards and expectations are that windows will support almost everything it ever has done. That is why it is so bloated, that is why other OSs perform better.
They tried to lock down the OS starting with vista so that 3rd parties found it harder to fuck up their code with dodgy drivers and software(which is the cause of most windows problems) only to have people scream and shout during beta testing that they couldn't install their legacy hardware or software because the manufacturers of that were too far behind, hence the speedy rewrite followed by years of problems caused by shoehorning legacy support into a system not designed for it.
If MS were allowed to release software like Apple can then it would be a much better OS and locking software to your hardware will have virtually not effect on the majority of users. It's just a shame that the vocal minority always seems to win.
It is not about Microsoft supporting something in Windows, it is about Microsoft preventing the replacement of Windows on generic hardware.
Also :
1 - Apple can do whatever they want with their software on their own hardware
2 - Apple does not in any way prevent the installation of other OS on the hardware they produce.
Not *entirely*.
I have an iMac G5 running Fedora. I installed that because OSX kept failing to boot.
Eventually, I found that it is complaining about a fault code (from the PSU, I believe). Shaking it hard enough gets it to boot eventually - at which point it is perfectly stable. But Fedora was much easier to get going...
Vic.
"It's just a shame that the vocal minority always seem to win"
This is exactly what Monopoly legislation exists to ensure. MS have a monopoly on the desktop, therefore most if not all OEMs will bend to their every whim. Why on earth should they be permitted to extend that monopoly by making changes which will make it even harder to run something else?
Microsoft are (AFAIK) perfectly at liberty to release a MS PC, with a version of Windows designed specifically for that hardware. Hell, they can even lock that version to their own hardware stack. _That_ would be doing what Apple do. Trying to knacker the PC market for anyone not wanting to run Windows is something entirely different.
Oh and incidentally - why do you think that standards and expectations are the way they are? Could it be because Microsoft pursued that course? It's also got fuck all to do with whether or not we need UEFI. UEFI is about ensuring that only valid signed code can run at boot, RTFA and you'll see it's intended to stop rootkits etc. It has no bearing whatsoever on their support (or lack of) for legacy code.
I initially assumed you were a shill, but looking at your post it seems you are instead very pro-MS but willing to discuss other topics. So I'll just call you misguided instead!
The cause of most of Microsoft's problems is Microsoft. They're arrogant, pushy, dictatorial and demanding. If you are an older PC computer user, then you contributed to their profit margin whether you used their software or not. They used to say, "Oooh, those 'pirates' are stealing our DOS operating system, we need the rest of the community to compensate us!" Consequently if you bought an MB or a CPU, M$ "taxed" you for it. Which, in turn, encouraged "piracy," since, why buy another copy from M$ when you had already PAID for one.
a AMD CPU and ASUS MOBO..... AMD and ASUS are giving money (or used to) to microsoft......
now let's the proof of that ridiculous and groundless acusation? buying a OEM computer with windows or dos on it IS NOT the same as buying the parts.... the later will NOT result in ANY MONEY been given to Microsoft UNLESS THE END USER BUY A COPY OF WINDOWS/DOS
forcing the hardware manufacturers to give up what's left of the control they had over their products. Looking at how enslaved by Microsoft computer OEMs are at this moment, I'm seriously worried. Don't take my word for it, just remember how hardware specs for the netbooks were castrated at Microsoft request (after successfully preventing the use of Linux), turning that class of computing devices into a joke.
We all know what happens to those who forget history.
I can't help feeling you haven't actually read the article.
Microsoft are explicitly saying that OEMs won't get the shiny sticker unless both the orthodox way (no bootloader signing) and the new way (add your bootloader's keys to the firmware) of installing other operating systems are supported. What they are insisting on is that machines shipping win8 do things the new way by default.
If it's the whole idea of signed bootloaders you're objecting to, the UEFI forum published that spec in April 2011, and no one complained either before or after.
In terms of lockdown, the ARM stuff is much more restrictive (apart from the fact that MS only has a couple of percent market share so isn't a monopoly in any way)
Standard Microsoft tactic... fear, uncertainty, doubt. I saw precisely the same thing happen over OpenGL in Vista (the FUD was that it wouldn't work or be supported). In the end, it'll work fine and it'll be easy to do.
I'm not anti-Microsoft by the way - in fact I love Windows 7 and will almost certainly get Windows 8, but you know, I'm quite long in the tooth now and have seen it all before!
Do you SERIOUSLY believe people install Linux because "it's easy". Anyone who chooses to install a new OS or reinstall an old OS does so with a little bit of knowledge, and entering the "BIOS" or "UEFI" setup is not a major technical series of steps that is going to stop them.
I understand there are competition concerns about secure boot, but at least find a defensible argument, not something stupid like "linux is user friendly"
I can take a disk, plug it in, boot it - and it works. Then, once it's up, I can mess around to my heart's content. It automatically sets up a dual-boot on a Windows box,. too.
If I have to somehow mess about with BIOS settings (which might also stop my Windows working) then it's one extra bit I frankly don't want to have to do.
Linux IS user friendly these days. Anyone with half a brain can install it.
both my (divorced) parents (both 70 years old) use linux for exactly that reason (moved from Ubuntu to Mint now though) because it is easy to install and use and if it seriously screws up (which has only happened to one of them once) I can get them to reinstall it themselves very simply.
I suspect I will find it a lot harder to talk them through installing secure boot keys through the bios or whatever proprietary interface is provided with their own particular hardware.
Missing the point there I think.
To me it reads as "It'll make it harder to install Linux which may put them off" which is very different to saying people install linux _because_ it's User Friendly.
Sadly, not everyone who does a (re)install does so with that little bit of knowledge. Some see how much it'll cost to get a techy to do it and then just chuck the install disc in themselves. Whether these types would actually be trying to install Linux is another thing, but it'd certainly put them off!
Find someone not very techy you know, and try explaining the concept of Public and Private keys to them. But do it in the crappy language that OEM's will use (if they publish anything), they might understand it but they will probably also be happy to confirm that they'd go out of their way to avoid it if possible.
First an obligatory flame at the guys who always blame others for their own failure: Linux has existed for quite a while and still only holds 1% of the market, so what has been "dissuading people from bothering to install Linux" so far? Ah yes, Linux itself!
Other than that, for ages PC users have been expected to be smart enough to pop into BIOS and toggle a single on/off setting if necessary if they wanted to use certain more advanced features (which is exactly how you'll disable this feature, as made perfectly clear in the requirements); and since forever have Linux geeks been smug about being smarter than those who don't know of anything better than MS, so where's the problem?!
What MS is aiming at are handhelds. You can't disable the feature on them, making it harder to hack that sort of devices. Disagreeable in it's own way, but that's as far as this goes.
In my experience the dissuasion comes from addiction to the latest MS Office file formats - by which I mean the peer pressure to be compatible with an 'updated' product that has offered no advance to most people since the 1997 release.
Some ancient flatbed scanner caused my uncle problems, which I resolved, and then he was fine with Office running under Wine for a time - until he needed some Excel embedded VBA scripting to work in a mandatory spreadsheet he was given to work with.
But my Office free mum and girlfriend have been running Ubuntu for ages now, and I never get any hassle. It's my Windows running friend (who needs Office for school stuff) that is a constant pain in the arse. Neither are smug about using it.
Oh, and do you really think ARM won't be used for desktop work as soon as MS port Office to it?
Could be that they are not complaining, but you're still talking about people who are in that 1%. If all they are ever going to use are a select, small, closed (constant) set of applications, a browser a media player and OOO, Linux installs like a breeze and works just fine. Beyond that... it's not as rosy. Unnecessarily complicated, poorly documented...
As for the "MS Office argument", it might hold true to some extent for work environment, but my home PC sees a .doc file once every blue moon, and even when someone sends one to me, Gmail will display it's contents just fine.
And even in a business environment, yeah you use what the higher-ups give you, but I've actually seen way more Windows + OOO combinations in practice here than Linux machines, so the office suite is not really that much of an issue. Every civilized partner will send you a PDF and expect the same from you. (once in a while, someone does send you a file in an MS Office format, but it gets handled) And inside a company, it doesn't matter what you're using as long as everyone is using the same.
So 99% of people don't use Linux because 99% of people don't want Linux.
As for ARM on the desktop, it doesn't seem too far fetched at a glance, but then look at how well Atom CPUs have worked there. And they were cheap and used the same instruction set as "normal" PC CPUs and weren't more underpowered for the time than ARM CPUs will be and I even saw a few desktops with them in catalogs, but nobody wanted them.
What are you trying to argue, that Linux is widely adopted? Assuming "tens of millions" estimate is correct, one hundred (or ninety nine, if you like) times tens of millions makes for... billions of people who don't give a rodent's behind about Linux. So cope with a number yourself, Anonymous Coward.
Linux has it's own niche on the PC, it's undoubtedly there, but it's been there for ages with very little growth. So crying that some future external factor might make it hard for the market to adopt you, when that same market has had two decades to adopt you and said "no" to you every time is just shifting the blame for one's own market failure to someone else.
I don't think that all ARM devices would be thus locked; only those that are destined to run Windows 8.
MS would have to use some marketing pressure (like providing a large discount on Windows 8 to the HW manufacturers if they promise to only include an MS key), but this probably will not matter, because there will be ARM devices that will be sold not running Windows 8. If MS attempt to stifle other OSs on generic devices, then I'm sure that Google would be quite happy to see them in court.
E_Nigma: There are many reasons Linux is only at 1% of the market, and most of them revolve around MS making it difficult for a vendor to sell a system without Windows, and the fact that most people who buy PC's don't really care about the OS provided that they can do everything they want. A huge number of them (those that do not run games mostly) could cope with Linux quite happily, but are never given the chance. With things like Silverlight gaining traction, however, this is becoming a bit more difficult (blame MS again!)
BTW. I would guess that your statement that "PC users have been expected to be smart enough to pop into BIOS and toggle a single on/off setting" is not quite as inclusive as you suggest. Finger in the air, I would suggest that less that 25% of all PC users even know what the BIOS is. Your statement may have been true 10 years ago, but I know lots and lots and lots of people who do not watch or care about what comes up on the screen before Windows presents them with either a login screen or desktop, and would not how to get in to the BIOS without someone telling them.
What keeps people using Windows is inertia. "Users" buy a computer to use, not to play with. If it comes with a preinstalled OS that more or less works - like Windows - the hardware is more or less useable - like most PCs. So the user simply uses what they are saddled with when they acquired the hardware. Most of them had no clue about the additional costs they would encounter to make the hardware more than just barely able to turn on. Any Linux release is more useable upon default installation than Windows has EVER been. A Linux user can save literally 10s of thousands of dollars/pounds/francs over a couple decades using Linux for the standard tasks a computer is normally used for. If you use more technical software and know what you are doing the savings can be vastly greater. Look at R and GRASS or Quantum GIS for instance and compare them with the Windows based commercial equivalents (S-Plus, Arcgis or Idrisi for instance), or Office vs. MS Office.
Linux has succeed in just about every area where MS' monopoly hasn't locked people in. Phones, settop boxes, servers, etc.
It hasn't grown terribly on the desktop because of MS' monpoly and the fact the desktop market as a whole is shrinking. Linux could have made good inroads on netbooks but MS bullied companies into making netbooks shit and to install windows on them. Now netbooks are dead.
If MS could manage to secure their OS like any real OS then we wouldn't need to the secure boot. No matter how small you think the Linux market is we shouldn't be punished because MS can't secure their OS.
It's interesting to think how this works. To me, it looks like the first executable run off media by UEFI must me signed with something that acts like a checksum and a cryptographic key in order to be executed. It must act like a checksum to prevent a previously signed piece of code from being subverted after-the-fact. The key or certificate must also be part of the executable.
In the current Linux space, the affected component would be Grub. Once Grub was running, anything could be run as far as I can see.
So surely, it is not the Linux kernel that needs to be signed, but Grub. This is a much easier thing to achieve. Grub is rarely re-compiled by normal users, so a canned, signed installation should be possible.
The binary release of grub won't be signed, unless the private key MS use (to sign their boot-loader to be verified by the public key they have PC makers install) is made available, which defeats the point, or MS start signing grub!
Alternatively, the PC makers could have their own signing process, and both the MS bootloader and grub would need to be signed by each vendor, possibly for each model... or even each serial number!
This'll be why there's mention of using the BIOS to enter another key, but I imagine that as MS are seeking control by proscribing against this option on ARM, they would promote the first scenario above to PC vendors.
although it is possible that I did not make it clear enough. MS should not be the only software company allowed to provide keys to be installed in UEFI as part of anti-monopoly legislation.
As long as there is one key in the UEFI to allow grub to be signed by a responsible company, then this is all that is needed, and this need key not be 'owned' by MS. Once you have a signed Grub, it is not necessary to sign all Linux kernels separately. So all it takes is for RedHat, Canonical, IBM or Google to apply for and hopefully be granted the right to add a key, provide the key to the HW manufacturers, and they would be able to provide a signed Grub image for the rest of the community. I'm sure that most HW vendors would consider adding a single non-MS key if it was provided by a reputable company - that is unless MS use their market power to dominate the HW manufacturers.
As a matter of interest, there used to be a mechanism of booting other code using what was called a 'chain-loader' that would run from DOS (it's that old) and overlay DOS with another OS. I know that Windows is a different beast and is much more secure, and there would still be the 'Windows Tax' to pay, but this may be another way around this type of issue.
I think that MS would be in for a serious anti-competitive lawsuit in the US if they prevented another software vendor from being able to have a key included in the UEFI. That would effectively mean that they would have a monopoly on all PCs sold, even if there was a way to add additional keys.
Then, the only thing I would modify would perhaps be to use chain of trust certificates instead of individual keys, so that new entrants to the market can also sign their code.
That raises the problem of who the certificate authority would be. On the net, I remember seeing Thawte were signing all kind of shite, so it would have to be an organisation that would persist -without- signing stuff willy-nilly.
Probably we need a UN body for this sort of thing.
I've worked with a few secure embedded chips. We do a lot of board bring up.
The one destined for a chip and pin device had a flash area that becomes irretrievable to the software under certain tamper conditions, and such protection could be triggered by the software itself too.
Your updated chain-loader concept could probably work with such a facility, such that the main OS could render it's encrypted space on the hard-drive invulnerable to tampering when handing control over to another OS.
Yes, though they can keep anti-trust cases running until the market changes!
of the whole process, there still are things you need to consider.
1 - You will never be able to patch or upgrade Grub boot loader unless you request all hardware manufacturers to re flash the motherboard firmware
2 - Chain-loading means you have to rely on Microsoft good will which by far, isn't a wise thing to do
3 - Microsoft currently has a monopoly on every PC sold because they sell Windows to OEMs who then pre-install it on the computers they sell. The price of Windows license is a powerful leverage Microsoft has allowing them to drive out of business any OEM no matter how big it is (look how they treated IBM when Win95 launched)
1 - A responsible company would patch it and re-sign it. Others could then include that in their repository.
2 - Yes I agree. Because Windows is more secure than DOS, it is completely possible that they could lock it down in a manner that would prevent chain loaders from working.
3 - Yes again, and this is what I was referring to when I said 'marketing pressure'. I am completely aware of the discount that MS could withdraw from manufacturers. I have commented on this in these forums in the past.
Boycott ALL Microsoft products! Let the hardware vendors know that if they allow this "initiative" (read attempt at monopoly) to go forward with their hardware, NO ONE will purchase any of their cruft! Because of their anti-consumer attitudes, Sony has lost 10's of thousands of $$ in sales to my family alone (or more, given the size of my family). None of us will purchase ANYTHING from Sony until they change their behaviors in a fundamental manner, that gives control back to the purchaser or their products, not the maker. FWIW, this includes CDs, DVDs, TVs, audio and video equipment (our family includes sound and video/animation professionals), not to mention games, PCs, and whatever else has a Sony trademark.
But I can understand this to some degree...
Yes, it will, to SOME extent, dissuade SOME users from running SOME variants of Linux.
But how many real PC users run ANY version of Liinux, or any other OS other than the one it came with from dell, or pcworld?
What this is, is another step towards making the machine more secure. If it's not done, and the machine gets infected via this method, then MS would be blamed, but by locking it down and closing another hole, MS are blamed...
can't really win can they?
Yes, of course I realise that it could also be construed as anti competitive, but it also can be construed as more secure too...
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety" - Benjamin Franklin
And so you invite tyranny when in fact more than one organisation's secure boot keys could be placed in the BIOS - if MS aren't permitted to insist on only their own key...
Tyranny is having no choice about what you get to use, having to pay up every time the vendors come up with an excuse to send you a bill, struggling just to keep using the stuff you've already bought, trying workaround upon workaround to stop functionality being taken away from you, being told that some software or other is un-American or takes jobs away from your rich nation economy (even though that's a lie) and you therefore are not allowed to run it, having your Internet experience heavily filtered so that you don't get exposed to un-American values or content not supplied by a large corporation.
And should this come to pass, people like you whose primary concern was "brighter shiny" will bear some of the blame, particularly if you made the effort to ridicule people with even the slightest awareness of what a problem this was going to be.
I was merely referring to the outrage over the possibility of bootlocked Windows-on-Arm. I have looked for the screaming over where you can unlock the iPad to install the linux distro of your choice on it but I can't seem to find any. Which shocks me. No, seriously, I'm shocked. It staggers belief that with all the locked Android installs out there and the utterly locked iPad - even jailbreaking the bloody ting won't let you install a different OS - that people are up in arms about a hypothetical situation regarding a set of hardware standards that haven't even been released.
Those of us who actually compute for a living (as opposed to using computers as glorified typewriters to send the occasional letter, or other so called office productivity) do it on Linux (used to be Unix, but times have moved on).
Or did you really think that people designed the chips inside your computer/the aeroplanes you fly in/etc. using software that ran on Windows... ?
It's not Linux they care about. It's old versions of Windows. The fact that they can't get corporates off XP/Office2003 is a major fail for them. They need a way to force big users to upgrade Windows when they upgrade hardware.
Also why should ARM machines be treated differently? Because they threaten the cozy WinTel relationship that why.
linux does not threaten MS on the desktop at all, despite the ravings of too many commentards. Windows XP certainly does, though.
MS don't care about linux on your desktop especially since you've normally paid the Windows Tax when you buy a PC anyway. Market share would tend to indicate that users don't care about linux on the desktop either and hey, it'll be cracked in about a day whatever happens anyway.
No big deal.
This post has been deleted by its author
but in the near future, when you decide to re-purpose your old Win8 ARM-based tablet that has run out of steam, and to instead run Ubuntu 14.10 or whatever on it?
However, due to everyone turning a blind eye to a decision taken in 2012 that means you cannot run any OS but a Microsoft OS on Win8 ARM tablets, all those perfectly good tablets in 2014/2015 will be headed for landfill instead of a useful second lifetime as a Linux tablet for yourself, one of your kids or an organisation that recycles kit for education or the third world.
Bollocks and if youd rtfa you'd know it.
Ms want the option to turn of secure boot on non-ARM devices. Which means XP should run as long as it can cope with the new bios. Any corporate IT bod who cant figure out how to switch it off shouldnt have a job.
Im sure there'll be plenty of info on how to turn it off available for home users.
This is the domain where MS has least leverage, as the tablet market is dominated by iOS and Android. Windows is very much a latecomer. Whatever the quality of Windows 8 on these devices (I really do not know one way or the other), being late makes life harder when trying to penetrate a market. How many tablet makers, who seem happy to ship Android, would want to sell locked in Windows 8 Tablets? At the same time, how much harm would that do to people wanting to run Linux on their Tablet. Just pick any old Android tablet that does allow a Linux install.
Regarding the rules for x86 kit, in that arena the new measures might raise eyebrows (Steely Neelie's would have been raised), precisely because Windows is dominant in that arena. In legal terms, it does not matter that only 1% of desktop is Linux, in fact quite the reverse: Because they own 90%+ of x86 desktop (forgive me for forgetting the exact OSX share), they can be accused of leveraging their monopoly in anti-competitive ways. Thus, they may have felt comfortable putting stronger restrictions on the ARM kit precisely because they do not dominate that domain.
Just my 2 euro cents
I suspect the real reason that Microsoft had to lay down the ARM implementation restrictions is just to get a common platform subset that they could realistically work with. There is a common misconception that all existing ARM SoC's are somehow interchangeable because they use the same processor core. Anyone who has tried to run up Linux on an ARM platform will tell you that this is definitely not the case - every vendor throws in a different bunch of proprietary peripherals. Add to that a random mix of open source and binary-blob drivers - most of which never make it anywhere near Linux mainline. In short, it's a god-awful mess. If Microsoft is able to define a common ARM platform that chip vendors have to conform to, I can't help thinking they will actually be doing ARM-Linux a favour here.
Yep, great summary of the sort of crap that keeps me in work!
Not sure what locking out other code has to do with creating a subset though - different vendor's SoCs have the security aspects required to do this. If they wanted a subset, surely they'd look towards forging a WinTI or WinScale alliance? Not that that would help with off-chip peripherals that may or may not be mapped or run their IRQs through a CPLD depending on the board, etc.
Actually, WTF are you picking on ARM in particular?! It's the embedded space in general that has that kind of diversity, and is why other architectures get into places x86 is too rigid for.
I agree that non-ARM SoC's also suffer from a huge amount of vendor fragmentation as well. I was just trying to suggest that by specifying a rigid set of ARM platform requirements, Microsoft may actually help to reduce the fragmentation issue for ARM and make it more viable to produce a 'standard' ARM Linux distro. Just because the retail Windows 8 ARM devices are going to be nailed down doesn't mean that other people couldn't use the same chippery to produce Linux friendly boxes. Clouds, silver linings and all that...
It will be still about a year until Windows 8 is there. There will be a lot happening in this year and it's an open question if then anyone will be interested in buying into the next MS monopoly for lots of money.
MS clearly is trying to control the hardware without actually having control over the hardware. In how far this will work is in no way clear. On the other hand, if Intel manages to offer low-power X86 compatible CPUs until then and MS can offer tablets that support all the legacy Windows crap out of the box... Business users will love that.
And Linux? Well, the current situation on mobile hardware is as bad as it gets for Linux. Some standards controlled by MS might turn out to be better for Linux than no standards (and proprietary hardware) all over the place.
And of course we will see the good old PC surviving for a long time. There's a huge legacy market and nobody will be willing to give that up any time soon.
Why bother discussing the advantages of a system, when you can whinge about MS instead?
As I've said before and no doubt will keep saying, while being drowned out by FUD - It's not in MS' interest to prevent users from disabling this feature, because earlier versions of their OS won't install on new hardware. Installation of older software on new hardware is critical to MS' corporate customers. There is also the issue of being clearly anti-trust, and most of the board would be asked to consider their positions, were MS to have another anti-trust investigation.
That's because this isn't about EUFO, it's about how some people believe that it is impossible for anything that Microsoft proposes is, a priori, bad/evil. It's a religion for these people, facts don't actually play any role in the matter.
The simple fact is that VMs provide an even easier way for people to "try out" Linux than Boot CDs do. So it' not the "trying out Linux" people that will be impacted, it's the "get rid of Windows because it'd from Microsoft and therefore evil (except for the gaming bits)" people. None of whom will have the slightest problem turning off UEFI.
The bottom line is that Manufacturers only build hardware so that they can make money. Which means that they build hardware that there's a market for. There'll be a market for Win8 certified hardware. There'll be a smaller market for hardware that isn't Win8 certified, just as there's a small market for PII motherboards with a maximum 2 256MB RAM slots. There's nothing to stop a PC manufacturer building PCs with a PII and 512MB of RAM today, as long as they don't care about actually selling enough of them to cover their costs and make a profit. There's nothing to stop netbook manufacturers selling netbooks with Linux pre-installed, or even no OS installed at all, as long as they don't care about actually selling enough of them to cover their costs and make a profit.
>There's nothing to stop netbook manufacturers selling netbooks
> with Linux pre-installed
It is likely that there is. If the manufacturer is any sort of Windows OEM then that sort of 'disloyalty' is likely to get them to lose their discount on Windows and their 'joint advertising incentives'. ie it will cost them $millions for their other products.
They could do this originally with netbooks because the then current Vista could not run on the low powered Atoms. MS had to resuscitate XP for these and then they could again wave the 'disloyal' threat.
Windows on ARM is exactly the same situation. Currently Widows OEMs can make/sell ARM Android/Linux machines because there is no Windows that can run on those, and no equivalent Intel/AMD cpu that can match the specs.
When Windows 8 on ARM is shipped (or staggers out the door) then MS will be back in control. It probably doesn't worry MS whether the OEMs only make ARM machines with W8, or don't make any ARM machines at all, as long as they don't make ARM machines that could possibly run Android or Linux.
Good point.
Hardware diagnostics boot DOS/FreeDOS/Linux etc from USB pendrive or CD. eg memtest86 and/or hard disk manufactures diagnostics etc. It's not always the case that the system will boot Windows correctly or remain stable long enough to run the diagnostics. After all, that's why we run the tests in the first place. It's not always obvious what the fault is until after you run the test. Personally, I don't trust windows versions of hardware diagnostics. MS like to "hide" the hardware behind APIs. How can I be sure the diag software is testing the hardware and not just reporting what some MS API says? From DOS or Linux I feel more confident the diags are banging the hardware directly.
Rather than being condescending could I suggest you think the issue through? It's possible it won't apply to Read Only Media such as CD's etc. Why?
If we ignore theories about locking competition out, the idea of Secure Boot is to prevent rootkits from loading before the OS. Given that a rootkit can't write itself into a boot image stored on a CD (plus I don't image there's gonna be a Win 8 Live CD!), there's actually very little point in restricting these types of media.
Yes, you could boot from the CD and a rootkit could write itself to the boot image on disk, but when you tried to boot that image, guess what would happen - it would fail the check.
That said, I doubt they'll go to the additional level of complication to distinguish between the two!
to dissuade me from installing Linux was a bit of experience in trying to install Linux. Mouse driver can't figure out how to adjust for a non-4:3-ratio display? No, thanks, I've got a living to earn and no longer have the time to spend discovering the Internet's wisdom on how to solve such problems -- and then working out how the Internet's wisdom is wrong and how to actually solve the problem.
It really is worth a couple hundred bucks to have something that'll be there when you need it to be; with Windows as with Linux, you get exactly what you pay for. Think I'm full of it? Wait 'til you grow up and get a real job, and see if you don't agree with me.
Last I heard, Ubuntu's supposed to be the idiot's version of Linux -- that is, one which can be installed and used productively by someone who has no clue at all, much less someone like myself who's been fucking around with Linux since Red Hat 6.5.
Three times in three years on three different laptops (a Gateway, then an HP/Compaq, and now a Toshiba Satellite), I've downloaded the ISO of the latest Ubuntu version, burned it, and installed it dual-boot. Three times, I've ended up with a system where the X server works fine, but the mouse pointer moves further along the X axis for a given input than it does for the same input on the Y axis. Three times, I've been utterly unable to find any way to explain to the mouse driver that it's not working with a 4:3 display and needs to scale inputs accordingly. (Granted, that the mouse driver's at fault is an assumption of mine; I think it's fairly reasonable, though, given that all three times the X server correctly configured itself for the aspect ratio of the display I was using.)
Blame Synaptics if you like, or assume I must be a moron despite the fact that my spelling and grammar are so much better than yours, or call me a liar -- FUD? Seriously? You'd rather assume Microsoft pays me under the table than that your precious virgin-birthed free-as-in-Che software might just work less than perfectly once in a while? -- whatever you want. But, at the same time, if Linux is so much closer to God, how is it that Windows never fucks up this fairly fundamental thing which Linux nevertheless cannot be trusted to get right?
I named the manufacturers in my previous post, if you're inclined to spend a little time reading.
There's also the point, which will no doubt strike many here as risible but which is of considerable force nonetheless, that not everyone has the luxury of buying whichever machine is at the top of this month's list of acceptable hothouses in which Linux can be made to thrive -- for example, I'd never have bought an HP laptop in the first place, except that it was the only thing I could afford at the time.
Of course I read your post and noted the models you mentioned, you simply seem to have missed the joke. I probably should have used the Troll icon to make things a little clearer for you.
"There's also the point, which will no doubt strike many here as risible but which is of considerable force nonetheless, that not everyone has the luxury of buying whichever machine is at the top of this month's list of acceptable hothouses in which Linux can be made to thrive" -- I quite agree, although, do you just buy any 'ol piece of junk just because it is cheap? Do you read reviews?
" I'd never have bought an HP laptop in the first place, except that it was the only thing I could afford at the time." -- HP laptops are usually more expensive than say an Asus or Acer, which usually play rather well with Ubuntu and are reasonable budget laptops.
Hmmm, which icon should I use?
I'm genuinely sorry you've had these problems (and of course we're not going to fix them here ) but I can only repeat that my experiences have been universally positive.
Now I'm not an IT professional, although I've been around computers all my working life, and like many scientists need to program out of necessity. As well I build my personal machines and other hardware, so I'm not, perhaps, your average non-IT person either.
I'd suggest using an OpenSuse live-CD so that you can see if your hardware is working before trying to install.
Interesting. I also have a job to do - several, in fact, - and I also use Linux to do them. Not because I have to, but because I choose to. I choose Linux because it is better, cheaper, stable, and far more reliable (than Windows). I realise of course that these do not play as valid reasons in the Microsoft camp, but they don't half look good on my balance sheet.
Gotta say that whilst it's better than it used to be I do agree that Linux is still some way short of the 'install then use' that Windows offers. I would happily offer to install Windows on any PC hardware. It's a background task so you can do it while watching the TV and all you'll have to do is fill in a few boxes and click Next. Half an hour later it'll be done and all your hardware fully supported.
Linux..not so much. We have a dozen installations here and three of them still have problems. The one in the meeting room is a pain because it can't drive the graphics card properly (the screen flickers occasionally) and half the web sites we try to visit need plugins that we either can't find, can't work out which one is appropriate for our bloody distro or don't work.
That's not to say I hate Linux - I don't. I like it as a server and it's fine as a desktop. I just maintain as per my earlier joke that Linux gurus whining about complex installation procedures is like a fisherman whining about salt spray in the face.
I do Windows (and Linux) installs daily as part of my job, and IME getting correct drivers for every device on the machine is MUCH more work with Windows than with Linux.
I have also seen several machines where Windows point-blank wouldn't install, using any workaround, until the drive had been partitioned and NTFS formatted - using Linux!
Not to mention that a bare-bones Windows install is actually practically useless unless all you want is an unsafe and slightly handicapped platform to browse the web (bearing in mind that plugins such as Flash will need installed manually) whereas with the right Linux Distro it's ready to use straight away with a full set of applications.
Regarding the original topic, it's a perfectly clear attempt by Microsoft to gain more control over other people's hardware; enforcing it on ARM first is just the pragmatic thin-end-of-the-wedge approach.
> I would happily offer to install Windows on any PC hardware. It's a background task so you can do it while watching the TV
You've got to be kidding!!
I installed Windows 7 3 days ago. It took 5 hours. Five lots of patch installs after the initial install. Five reboots. The most annoying thing about it was it STOPPED ONE OF THE F@*$ING patch installations to ask a question about IE9!!!! You can not just leave it running because you don’t know when its going to stop installing and ask a question ffs.
One the other hand I installed openSuSE 12.1 a couple of weeks ago. It took 50 minutes from start to finish, the patches were installed at the same time as the OS, and it didn't even need to reboot.
This is something i frequently read, here, and in other forums as well.
I 'use' windows. I 'use' linux'. i 'use' this..
No you don't. The APPLICATIONS you run use the operating system for device and file i/o, memory management and all the other 'twiddly bits' that are required to run a program.
The reason for installing operating system xyz is because application abc requires it to run...
Some applications exist for multiple operating systems because the makers went through the effort of cross compiling them. In the end nobody uses an operating system directly. So do you really care what is running ?
Most people are prefectly happy if they can run programs to get some things done.
Just like most people need a car to drive from a to b. I don't care whether the timing belt is user replacable... or if i can change the cylinder heads.
I care if it has a decent stereo and navigation and if it behaves in a similar way to other cars i have previously driven. ( and It's got to have the steering wheel on the same side as all the other cars in the country of intended use, simply becaue of practicality)
I use the OS. I program for it. I choose the applications based on the OS (not the OS based on the applications). I maintain it, repair it, and update it. The reason I install OS xyz is because I like it and if I have to use application def instead of abc because of my choice then so be it. Buts that is just my desktop.
Servers are different. If I'm running a server I am definitely using the OS. I have to tweak all those little known OS settings to maximise the performance. I have to monitor the OS'es memory, disk and network usage to make sure nothing is going wrong. I have to check all those log messages that I can safely ignore, and never even see,on my desktop. I have to make sure the log files get backed up and/or trimmed. I have to ensure the OS settings are backed up and reproducible. Then there is the application.
Surely you mean no-one uses the kernel? The OS is a collection of programs allowing you to do things from adjusting config to creating filesystems.
Sure very few people use the kernel directly (and you can be sure kernel devs do to some extent). But then it's no different to saying "I use Intel Processors". Unless you are sat doing everything in Assembler that must be equally fallacious in your view?
It just strikes me as 'strange' that someone states : i will only use tools that have a red handle. I don't want any tools with blue or green handles , even if they get the job done better , faster and or cheaper. Only red tools for me... it's just ... i don't know... hard to grasp (from a pure functional perspective).
I don't really care what my computer runs as OS. Most of the time i use a windows based machine because most of the software i use is only available for windows. Sometimes i use Linux hosted programs ( mostly on a redhat server through a VNC ) simply because those only run there ( Mentor , Cadence ). In the past i did the same with Sun / solaris or HPUX hosted software. An operating system is something that lets you manage your files and launch programs. Webbrowsers ? Opera , Chrome , Firefox all exist for any platform. Clock , notepad exist on any OS. GUI's are all very alike.
I have an Android Tablet , an iPhone , a HPUX based logic analyser , a couple of windows computers , an ubuntu webserver , a windows Homeserver , multiple NAS boxes running a flavor of linux and even some esoteric machines running VxWorks. The Os doesn't bother me at all. All these devices do exactly what i expect them to do. If tomorrow there is a specific program that is IoS only that does a particular job that i just have a need for i may buy a mac. ( i will first check if that particular software exists for a machine / os i already have. just for economical reasons )
I have written some books. My publisher requires images to be supplied in illustrator format. I tried inkscape.. works well 80% of the time. So why go through the hassle for the remining 20%. Illustrator options are iOS or Windos. I have a win box. Ok decision made -> Buy Illustrator on existing hardware -> move forward.
I need to run Modelsim . That is originally a native unix app . Current licences are upgrades. Crossing to windows ports would be more expensive : solution : maintain unix based installations. Red Hat is the offical supported distro. It can run on others but you are on your own. Solution : get a redhat based machine from Hp or Dell ( pre-installed build ) , plunk modelsim on it , vnc into it. Done. Problems ? call maker of modelsim. ( if you are not on Red Hat : you are on your own... )
I don't have time to mess around trying to hammer in a screw or make my own screwdriver. Find the best tool for the job , see what is the economical way to get it ( in terms of already available machines / os-es ) -> go on. If no match , get hardware / os -> move on.
Anyway. that's my point of view. Nothing wrong with having a different one.
I've installed Linux on about 30 computers over the years since ~1995. Since ~2000 I've never had any problems with installation (usually Suse or OpenSuse but others as well).
Presently I have a Lenovo Celeron laptop on which I'm writing this via a USB 3G dongle, an Asus netbook which also takes the dongle, a dual-core atom fileserver with Samsung laser printer, a single core AMD 64 with a 4:3 display and a dual-core AMD 64 with a 16:9 display, and a dual core Intel at our Swiss holiday home with another 16:9 display
I don't think I could get more diverse than that lot.
Not one problem even with the dongle.
"I've installed Linux on about 30 computers over the years since ~1995. Since ~2000 I've never had any problems with installation"
I install Linux quite a lot (I test software on Linux, UNIX and Windows), I use RHEL, Fedora, Centos and occasionally Mythbuntu at home. Until very recently the Red Hat derived OSes would crash dead during installation if you made certain changes to the filesystem layout during the installation. Sometimes I would need to re-start the install about four or five times. I have had this happen on AA1, VMware and Proliant hardware.
I decided to have a play with oracle virtualbox the other day
So out came a trusty Linux disc (Fedora 14 to be exact)
Set the VM to boot from the DVD drive, click on a few options and let it go.
20 minutes later I have a shiney, if basic, Fedora 14 VM to play with... and break.. and restore
No drivers to find
No complex CLI stuff to worry about.
So I try the same with MY copy of windowsXP complete with legit key, and in order to use MY copy of WindowsXp on MY vm I have to let it authorise to M$ which means MY PC it came with will go onto a 30 day trial thing unless I let it authorise again.
Strangly MY winxp pc is the same dual boot machine I use to play with virtualbox.....
And M$ wonders why everyone blessed with 1/2 a brain uses Linux for game servers....
that Linux is just the thing on a server -- on that side of things I wouldn't choose anything else, especially one of the overpriced travesties Microsoft calls a server OS. In fact I'd say that putting Windows on a server is exactly as foolish as putting Linux on a client machine -- each has its place, and neither works well outside it.
Ah! Another 'wait till you grow up' troll. I got news for you I woz all growd up a long, long time ago. As for earning a living, I'm doing quite nicely thank you. All of us on the engineering side of the company use GNU/Linux based systems for the reliability (doncha no). The office staff use Windows (got to be compatible with the customers). Guess which group get all the problems?
If this ultimately had a negative impact on Windows sales. Bare with me..
Let's assume that currently most Lusers pay the Windows tax and buy popular hardware because it's open and supported; they also run multiple devices and recommend hardware to their friends and family - say an average of 5 Windows devices (wiped and Linux installed) per 2 Windows devices purchased by average consumer.
If Microsoft go ahead with this, then I certainly intend to purchase only from vendors that pre-install Linux. If most other Lusers went the same way, and fled from mainstream locked-down consumer electronics, Microsoft might take a significant hit.
Even with f+f recommendations (it's very easy to spread FUD about how locked down that Packard-Bell computer is they want to buy and how they should buy this cheaper option and purchase the Windows OS separately). I get asked a lot, I even get asked to buy hardware for people as it's all too technical for them.
It might even bring some clarity to the statistics for a change. For years Microsoft has been able to claim the number of Windows licenses sold (excluding downgrades and wipes). We might get to see what the true figure is after you remove the number of Windows that are wiped and replaced by Linux - which I suspect is far higher than website visitor counts.
=== TL;DR ===
By drawing a line in the sand, Microsoft could unintentionally cause a statistical surge in Linux popularity; as multi-PC Lusers flee and buy Linux pre-installed vendors. Thus revealing the hidden percentages of those who pay the Windows tax but wipe and install Linux.
I have 4 devices with Linux installed for which Windows tax was paid. I'm not proud of that fact.
Considering 2 of those devices were installed with Linux when I was just exploring and figuring it out - I wasn't aware of such consumer rights and all the issues surrounding technology at the time - far too long and receipts are lost.
Regarding new devices, 1 is a work laptop and the other I suppose I just don't have the time or motivation, but if I was more of an activist I would. Instead, I've committed myself in future to seeking out tech that is not pre-tainted^Winstalled with Microsoft tat.
If you are dumb enough to buy the cheap plastic fetid crap that is an OEM pc then you deserve all the heart ache this will provide (which when seen in the wild will be the usual 'we got worked up about this?)
'Waaah waaah waaah, we have to pay the MS tax on oem systems and now we cant install fruity wigglebat13 on it.'
Bloody grow up and build the pc you want to install it on. And before you trot out 'users can't build their own, it's too hard' most component shops will do it for you for £50.
Also laptops, cry about them and I will follow Jay and Silent Bobs example :D
We all have to start somewhere. Not all of us were born in the days before generic whitebox PCs. I bet 99% of the people who use Linux now first tried it on a Dell, or an HP, or a Toshiba. This is about adding a barrier to entry. Lots of people might try Linux if all they have to do is put a CD in their computer and reboot. Not as many will try if they have to enter in a new signing key.
Builidng your own computer (or paying someone about as much as an off-the-shelf computer would cost anyway, what with the cost of Windows to OEMs) won't stop you from having to enter the key. What motherboard manufacturer isn't going to want their motherboard to be certified for use with Windows?
is subsidized tablets with app/media store. You can't grab that app store money if people can just go around changing their OS all willy nilly. I can imagine MS entering the tablet market at prices similar to the TouchPad's fire-sale if it meant sewing up the market, as long as they can recoup some of the losses from selling apps/games/media.
granted... the non-portable kit for the most part. Though when I do buy pre-built portable kit, I make sure it's been out for a while already, price has stabilized, I find a sale (hopefully), and it conforms to my current needs and potential future wants (which include the ability to do my bidding after the warranty is up... whether that's just me being able to fix it endlessly or install a different OS or really getting down and dirty and modifying the hardware to accept additional kit). Typically, it's not that hard to find something that fits my criteria. I have yet to buy an OEM system other than a laptop. I've always built my own desktops/towers/servers/etc. This always gives me the best options for price points and typically ends up being about the same price as an OEM system with much better upgradability since I don't have to deal with using OEM kit should something take a dump.
micros~1 will need to pay money to make arm based phones with windows sell. that is because no matter how good the hardware, sane people would never pay money for that thrash.
and as far as laptops and desktops are concerned, those of us who want to will fiddle with the bios.
on the other hand, anything that beefs up the utterly pathetic security of windows would be welcome. hopefully it would mean less reboots every day.
Microsoft is desperate to get their foot in on the ARM market so of course they want to lock up their devices.
What I find very hypocritical is MS doesn't sell their own hardware (aside from the xbox) and they made their name by systems being free and allowing people to install Windows on their hardware.
I think MS is afraid that what worked for them will work for others. I certainly hope someone puts an end to this. I'll certainly be writing to politicians about this and I hope others do.
I hope someone puts an end to it too however in the land of ARM, what works for others (Apple, Google) may this time around work for Microsoft, in which case they may just get away with locking alternative software out of what will most likely become "generic" ARM tablets.
And since tablets are reckoned (by some analysts) to become the new PC, this decision could cause a huge, huge, *HUGE* problem a few more years down the road unless something is done about it *NOW*, preferably with a swift legal judgement to ensure there is no backsliding of any sort whatsoever in the future.
Somehow I doubt the US government is likely to do anything that favours the technically literate consumer and that upsets Microsoft, but perhaps Steelie Neelie will come to the rescue. Unlocked UEFI Secure Boot in Europe with locked/crippled UEFI Secure Boot in the land of the free (USA) will cause absolute chaos (but good chaos!) and hopefully a major backlash against Microsoft.
To be fair Bob, I don't give a flying F... about market share; I just want to use Linux and that's what this story is really about; locking 'Open Source Advocates' out of the hardware that they purchase.
B.T.W not all Linux users are Kidddies, unlike the Windows Wizard Jockeys out there. Anyone can click "Next, Next, Next, Finish".
I thought the official term was Microsoft Authorised Refurbisher, but apparently both apply, I like the concept so much that I've personally done around a half dozen of these things for friends, relatives, neighbours, from companies like Morgan (ok, Bentham these days) and others, and strongly recommend the concept for folks whose needs are relatively lightweight.
The refurb HPQ DC7100 small form factor desktops currently widely available start at well under £100 (for an under-specced system admittedly) but they're built like tanks and last forever. Add a bit of RAM and a DVD drive and it's good to go, with either XP or SuSe (other Linuxes are available; the usefulness of your desktop Linux may go down as well as up. Your job may be at risk if you fail to keep to the corporate line on the OS of choice for the desktop.)
Hardware should be required to ship with a functional, free open source OS by default.
Commercial operating systems (including Windows) should be an optional purchase, to be installed by the user. (Insert CD, install away, not hard)
This should apply to Computers, Tablets, Phones etc.
The bundling and shady deals need to stop. The majority of people don't even need Windows, but are forced to pay for it because there are no other realistic options..
Clauses like the one Microsoft are trying to enforce on device manufacturers should be illegal.
I'm not certain I'm following all the arguments about this issue at this stage of the game. What I'm betting on is that all we'd have to have "keys" for would be lilo or grub/grub2
Since UEFI will be calling the bootloader, NOT the kernel or initrd
That said, since there's a parallel argument here about linux on the desktop.
I have under my administration at this time ~1350 linux servers, mix of RHEL4 and RHEL5, Proliant and Xseries stuff.
Other than two or three occasions when I've had to update the base initrd for my kickstarts based on hardware, in the last 5 years I've had 3 systems (of that 1350) that presented issues during installation ... all three had obscure hardware problems (one a bad midplane in a DL780G5, two identical cases of an IBM disk controller that had a bad firmware update performed by the previous owner, yes - -they were indeed recycled)
On the server world, my build times are (7 to 14 hours of paper work to get the box racked and cabled, 45 minutes of kickstart/cfengine preconfig, 17 minutes to install) and 2 reboots later I have a production ready box.
I've three linux systems at home, one, my firewall, slack is old old old pc with several nics. It was a 2 hour setup to get it running as the firewall. No issues, but then there's bugger all running on it. One, our eldest's current personal system -- total of 45 minutes to install and get it running, no issues no problems no hiccups. The last one, mine, has been:
Slackware, Gentoo, FC 15, Ubuntu.
Only the gentoo install presented issues, ever, and honestly - - the issues it presented I created by trying to be creative.
Linux also happens to run on my work laptop, with a corporate approved image, and almost (all) the corporate required tools. I have a windows kvm image for the ONLY bit that doesn't run in linux, and am contributing to the effort to port that remaining tool to linux.
I've converted several folks who are not (heavy) gamers to linux systems -- and very rarely get support calls. And I can provide support over the net with an ssh session.
Linux is quite friendly -- most times I've been called to help someone out with a linux desktop issue, they've precipitated the problem by deciding they know more than the OS tools do.
And just in case you wonder; our eldest is a heavy gamer. Wine has come a HELL of a long way in the last while. I would not recommend Linux + wine + windows games to a complete noob, but I will recommend it to someone who has a good idea about basic computing.
And -- well -- excuse me -- I have to go back to my Deus Ex now.
Alistair, I would recommend Cedega for running games under Linux. It worked rather well, but I eventually bought a console for dedicated gaming and watching blu-rays. I rarely boot into XP anymore and when I do it takes an age before it stop making popping sounds a display irritating pop ups in the notification area.
> What I'm betting on is that all we'd have to have "keys" for would be lilo or grub/grub2
Yes.
Where are you going to get those keys? If they're publicly-available, then the whole system falls flat on its arse - the malware makers could sign their bootloader with those keys, and then the rootkit sails straight past the "protection"[1].
Or the key could be unavailable - in which case, you need to get Microsoft to sign every build of grub you want to use. Remember that grub2 is GPLv3, so they won't do this[2].
The whole system is a joke - it doesn't prevent rootkits, just bootloader vectors. Given the capabilities available in all commonly-used OSes these days, it should never be necessary. But implementing it will cause endless grief for anyone trying to use their own property in any fashion slightly removed from the One Microsoft Vision.
Vic.
[1] Once again, I am using the term quite wrongly.
[2] Aside from Microsoft's well-known dislike for the GPL of any flavour, GPLv3 explicitly requires *all* source and build materials to be included in a source distribution - which MS, as the distributor of the binary, would have to ship on. That includes the signing key, without which the binary could nor be built...
Microsoft says : We have windows 8 for ARM. If you as a device maker want to install it : here is our criteria : this amount of ram , this graphics , this type of boot ( locked down secure boot )
Sounds like a fair demand to me.
The hardware maker can sell the tablet with win8 preinstalled. You as a user may not be able to modify it.
At the same time nothing provents the same hardware maker of releasing the same hardware with the bios lock disabled and android or linux installed. Or even a blank device. Nothing prevents them doing that.
Microsoft could push it furthere and simply not publicly sell Windows8 installation medium. Just like apple is not selling install disks. You can only get OsX by buying approved hardware that comes with it preinstalled. Microsoft is demanding exactly the same thing with win8 on ARM. Approved hardware. in this case : lock in place.
That lock does NOT prevent you from installing some other system. Simply apply the signed key for your distro and off you go.
Part of the issue is that tablets are seen as 'appliances'. Just like a tv is an appliance. ( this, by the way, is how apple categorises their products too. They are appliances ) . You'd be amazed on how many TV's, laser printers, settopboxes these days actually run a linux kernel. Any TV that can play netflix or blockbuster streams actually has a linux kernel on board. You have ZERO chance of modifying that one. You can't even demand that they disclose the system. The documentation of the TV includes the usual GPL and LGPL statements and they tell you what linux build they use ( most of the time this is MontaVista ). And that is where it stops. The custom code that was built on top is NOT available). Besides the core used there is typically a MIPS in combination with a custom graphics engine. You want to code for those chips ? Here's a few NDA's to sign first... and some fees to pay to various groups like HDMI and MPEG and others. Even before we let you use the precompiled libraries or disclose the API to those.
So what is next ? you are going to demand that you can install android on your TV-set ? or Laserprinter ? Sorry, ain't gonna happen.
Just my 2 cents...
I would interpret this as being a case of "markerting dollars" being used to bend the arms of the hardware vendors.
Any vendor can ship an ARM tablet with Windows 8, but if they want to put the "Designed for Windows 8" logo on their box (and thus, benefit from the Windows 8 marketing dollars) they *must* lock down the UEFI Secure Boot feature and disallow the booting of alternative software.
If, however, the vendor ships the Windows 8 ARM tablet while also allowing Secure Boot to be disabled (or updated with new keys), that vendor can't have the "Designed for Windows 8" logo and they won't benefit from the Microsoft marketing dollars.
Doesn't this all sound rather familiar?
Assuming I'm correct, and I think I am, this is all down to the presence - or lack - of the Windows 8 logo on the box.
It's obvious then that the Secure Boot lockdown on ARM is *NOT* being enforced for technical reasons, and is not being enforced to improve the security of the Windows 8 OS (it's not, for instance, required on PC's). The lockdown serves only to prevent the installation of alternative software - which is surely anti-competitive - and the Microsoft marketing dollars are the greasing of the wheels.
want win8 logo on box : lock bios down.
But NOTHING prevents you from also selling an unlocked version WITHOUT win8 logo on the box . you could even pre-load android. Same identical hardware. Just a matter of a different flash image ( one flash image has uefi bios + win8 , other image has non uefi bios and android.
Electronically NOTHING changes. same board , same chips. just a matter of what is stored in the flash .
The problem is going to be the law of diminshing returns. Do we really wan to go through the effort of creating a different flash image , print an alternat box / manual and push it on the shelves.. where it most likely will be collecting dust. There are already so many tablets out there...
Your interpretation is wrong.
What this is saying is that if one of the component manufacturers - e.g. Foxconn - wants the Win8 certification label on its box, it must implement this strategy that gives Microsoft complete control over ever bootloader that ever runs on that board.
Now it is true that said manufacturer could build two options - one with the label, one without. But that's additional overhead for everyone, and there is always the probability that someone will accidentally end up with something he didn't want. So it's downside all the way, unless you're Microsoft.
So what's the commensurate upside for punters? Well, there isn't one, really.
Vic.
I'm just wondering what it would take for someone/some group to create the inevitable distributed computing project to reverse engineer the necessary Microsoft UEFI Secure Boot keys (I'd happily donate all my available cores 24x7).
Once that project is successful - and given enough compute power there's little reason to suspect it won't be - the UEFI Secure Boot feature as far as Microsoft is concerned may as well not be enabled, it will be wide open (to abuse, and to Linux). Do Microsoft really want this to happen?
Not sure if the keys, once determined, will be subject to some sort of DMCA-type legal action although by then it will all be too late. Far, far too late.
I also assume Microsoft could issue each manufacturer with a unique signing key, restricting tablets to manufacturer specific versions and builds of Windows 8. Maybe manufacturers will accidentally "lose" the keys as they always seem to do, again rendering the whole "locked Secure Boot" exercise completely moot.
I was wondering about that last night, but can't quite work out an easy mechanism for cracking it. I may have been missing something, but I figure you'd need to sign a boot image with Key A, see if UEFI accepts it, move onto Key B etc.
May well be missing something as I've been a tad sleep deprived of late. Seems like a lot of hassle, but doesn't mean it won't happen.
Brute force would be one method - I assume the Microsoft key installed in UEFI BIOS can be extracted one way or another, and once extracted a brute force attack would eventually yield the signing key. Having to try and boot a signed OS to see if it's got the right key wouldn't be very practical though!
Of course brighter minds may find shortcuts to determining the signing key, particularly if Microsoft and/or the UEFI designers used the same security geniuses as Sony... let's hope so - great for lols plus saving a lot of time and hassle. :)
I guess the point is though that if Microsoft weren't being such total douche bags over ARM tablets, fewer people would seriously bother trying to crack their signing key, and any attempt to do so would not enjoy widespread popular support. Microsoft are baiting people and inviting them to blow their security wide open, this seems like a risk they think is worth taking. Can't say I agree though.
They simply mandate a new set of signing keys for the hardware. Result, you still don't have access to the latest hardware, installation headaches as you have to discover what keys do actually work.
MS can still say they aren't being anticompetitive. Look you can still install linux, it's not our fault that the PC manufacturers make life difficult for Linux.
I've never used 'certified for Windows' hardware, and I'm unlikely to start now.
I wrote Windows software for years, on Windows PCs. The certification pocess has been around 15-20 years, and it's an important way for companies like DELL to diferentiate their hardware from the ordinary white box PC's I use.
There is also a 'certified for Windows' software certification. Unlike Apple, MS doesn't control the supply channel, so 'certified for Windows' software is no more important than 'certified for Windows' hardware.
Will I be able to install Windows 8 on a machine which doesn't have this secure loader feature, such as a machine I bought with Windows 7. Or a machine I assembled from parts?
Will Windows 8 be available to small companies assembling computers from parts.
Given that different countries have different laws on corporate structures, can Microsoft reliably distinguish between private individuals and businesses in setting their rules on who can do what?
Luckily this is comment #160 or something, so the hail of bullets won't actually arrive...
Microsoft is a hard nosed business and it's going ahead with this no matter what.
The OEM's will all be on board, especially in this financial climate, with the hope that windows 8 will shift hardware.
Bottom line, they will march to the microsoft drum regardless.
So, it seems obvious to me, that the biggest players in Linux, if they actually give a damn, will need to step up to the plate and start talking to OEM's.
I can't see this happening. Canonical with Ubuntu want to tackle the mobile device market.
Suse - not even sure where they figure.
RedHat - server only
Who else is there?
Just individuals passionate about Linux - and to be honest, I don't really care if anyone else installs Linux or not. Windows is good, Mac is good, Linux is good.
It's not like I feel it should be my mission in life to convert people to penguin power, other than tell them how good it is.
As it stands, this completely fails to meet it's stated purpose. A properly secured OS can't be rooted unless you have physical access to the hardware. Since you need to physically on the hardware to install new keys, you gain absolutely nothing from this. Unless of course you have a poorly secured OS ;-)
As for Arm systems, this approach actually does perform as advertised, although as noted, at the expense of Linux and any other OS.
I suspect bodies such as the EU and others will hamper the attempt to completely lock Linux out. We may well end up with a situation where machines come with secure boot to Windows only, or have insecure boot (ie. the feature disabled, rather than changeable keys). Either way, all of this would be unnecessary if Microsoft could make a half way decently secured OS.
In the netherlands there is a large department that uses a secure memory stick as booting device to connect to the department's network. Personal equipment is used. This MS policy will harm all users big time when it starts to prevent officers to use their fresh bought laptop/pc to use this stick. If Dutch gov is wise they have to protect there investment now by stopping MS with this policy.
In current systems (ones that have shipped for about 10 years), there are network boot procedures (PXE boot). Will these be "signed" as well. Now there are the floppies (if anyone uses these anymore), CD/DVD's and (as mentioned above) thumb drives. Lots of these will be broken if this goes through.
So, this is generally a "BIG FAIL". What else is new?
Locking out Linux ?
I have just been reading a Red Hat doc titled "GRUB and the boot process on UEFI-based x86 systems"
It doesnt look too hard, for a fat fingered oaf like myself.
Some of you flamers could probably do it too.
So calm it down chaps, penguin power still appears to be an option
Linkage for the lazy
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s2-grub-whatis-booting-uefi.html
> I have just been reading a Red Hat doc titled "GRUB and the boot
> process on UEFI-based x86 systems"
UEFI != Secure Boot.
> It doesnt look too hard, for a fat fingered oaf like myself.
If your system does not permit secure boot to be disabled, or you don't have the ability to add new keys, it isn't just hard, it's downright impossible.
Even if you can - is this the sort of thing we want newbies to have to do?
Vic.
...is Microsoft is using Windows security as another excuse to block Linux. Wll it work? Who knows. It has not been implemented yet. Yes, I use Linux. Currently I am running Slackware on an Acer Aspire and a homebuilt PC. If this secureboot goes through then I may not be able to buy hardware, say next year, that I can install Linux on. Essentially, if we buy a PC or the hardware to build one we should have the freedom to install whatever OS we want on it.
Consider all the threats to Windows - viruses, trojans, key loggers, etc. They infect a Windows system when it is actually running, not before it boots. I may be wrong here and if I am I am sure someone will correct me. So, this Secureboot issue seems to be more about locking out other operating systems rather than fixing Windows security. That's my opinion and I'm sticking with it unless someone can prove otherwise. This is backed up by the fact that Microsoft do not appear to have said, yes, add the function to be able to disable this secureboot, unless I have missed something somewhere.
I have only ever had 2 prebuilt PCs and they were back in the early/mid nineties. Since then I have built my own. Perhaps it will be possible to buy motherboards on their own with this function disabled, or with the ability to disable it. We do need to know what manufacturers are going to do about this instead of speculating on what may or may not happen. Yes, maybe the EU will put a stop to it, and maybe the US will get the locked down motherboards while Europe (and maybe the rest of the world) get fully functional ones. I do think that this may come under the heading of anti-competitiveness but we will have to wait and see.