Announcement

Collapse
No announcement yet.

Debian Developers Discuss UEFI SecureBoot Plans

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by oliver View Post
    NOFI, but don't be so naive ... They already require it on ARM.
    So do Apple and many Android vendors. Why is nobody complaining about them?
    They don't do it know, because of all the antitrust shit that will rain over them.
    So why do you think that no antitrust shit will be raining when Windows 9 is released?
    The only way would be if Microsoft suddenly wouldn't be a monopoly anymore. But If Microsoft will not rule the market anymore, why should the manufacturers close their products to the other players on the market.
    Microsoft won the browser wars in the beginning, but look at the browsers now, in the long run there was competition. I think that the same will be with the OSes, they won the OS wars in the beginning, but we will see diversion again.

    Comment


    • #12
      Interesting

      I am curious to find out what Debian's approach will be.
      It is very interesting due to the Debian Free Software Guidelines (DFSG).

      Comment


      • #13
        basically debian does not need to discuss things that could be disabled with a simple setup setting. they should better provide grub 2.00 in experimental soon.

        Comment


        • #14
          Originally posted by Kano View Post
          basically debian does not need to discuss things that could be disabled with a simple setup setting. they should better provide grub 2.00 in experimental soon.
          Maybe GRUB 2 ought to be re-licensed under the GPLv2 instead of the GPLv3?

          Comment


          • #15
            First of all i still doubt that you can boot with that signed loader. Even if you could that give you no extra security the way ubuntu wants to do it, you just save the 30s you need to enter you setup and disable it. Wow, so much trouble for such a small effect. Better provide uptodate bootloaders instead of heavyly patched old ones...

            Comment


            • #16
              Originally posted by seraphim View Post
              Debian hasn't stated exactly what approach they will take with the whole secure boot/UEFI mess so it's a bit silly to criticize them at this point. The whole proprietary bootloader nonsense was enforced by those pigs at Microsoft since they never want to play fairly and are scared of the rising momentum that GNU/Linux has. Tampering with the open architecure of the PC to ensure only one OS can be used is blatant anti-competitve behavior by Microsoft and I hope they suffer a nasty retaliation for the shenanigans they constantly pull.
              The x86/x64_86 ISA is not even close to being an open architecture, if your looking for that try Sparc, or Opencores, Heck even IBM powerPC/Power is more open than x86.

              Comment


              • #17
                Originally posted by TobiSGD View Post
                I can only say it again, on x86 hardware Microsoft is actively forcing the hardware manufacturers to not lock out other systems, if they want to get the Windows 8 logo for their hardware. Why is everyone bitching about Microsoft but no one actually reading their documentation?
                Because we're not so narrow-minded to only look at x86. Tablets are to a large degree ARM. There may be ARM netbooks and laptops not far into the future. Even in the server space ARM is making inroads.

                Because there's no guarantee Microsoft won't change their agreement in the future.

                Because there may be companies that will only accept SecureBoot "protected" OSes on their company computers, so a solution is required if Linux wants to be part of that space.

                Originally posted by TobiSGD View Post
                So do Apple and many Android vendors. Why is nobody complaining about them?
                Err, where do you get that there's no complaining about them? People are *all the time* speaking against Apple's walled garden practices. And there's *tons* of complaints at Android vendors who lock their bootloaders, with people petitioning them to provide an unlock mechanism and such.

                Comment


                • #18
                  Originally posted by phoronix View Post
                  It's still not decided what approach Debian will ultimately support whether it's like Fedora using GRUB2 and singing the entire stack, Ubuntu using efilinux and only signing the low-level bits, or some entirely new approach for handling EFI/SecureBoot
                  s/singing/signing/

                  Comment


                  • #19
                    Direct or Gummiboot

                    You know, if they don't want to boot a signed kernel directly from UEFI which isn't that hard, they can just use this.

                    Comment


                    • #20
                      Originally posted by TobiSGD View Post
                      So do Apple and many Android vendors. Why is nobody complaining about them?
                      So why do you think that no antitrust shit will be raining when Windows 9 is released?
                      The only way would be if Microsoft suddenly wouldn't be a monopoly anymore. But If Microsoft will not rule the market anymore, why should the manufacturers close their products to the other players on the market.
                      Microsoft won the browser wars in the beginning, but look at the browsers now, in the long run there was competition. I think that the same will be with the OSes, they won the OS wars in the beginning, but we will see diversion again.

                      I've seen the argument that nobody care when android vendors use locked boot loaders in most secure boot discussions. Have you all forgot the outrage over those last year and the year before? Complains to the point that some vendors even changed their ways somewhat, enabling flashing and booting of unsigned stuff. Search for bootloader on ars technica for a sample of the fuss about the lockedness of android phone bootloaders. Granted, the issue is somewhat bigger there ("rooting", flashing etc, on top of signatures), but the end-issue is the same, loading stuff of your choice on your device. As for apple, It's been a constant complains about their general lockinness, the whole thing about the us dmca exception for circumventing some of their restrictions for example. The fight with apple and android vendors for the right to your own device have been raging for years with a few victories and some half-victories along the way and at least the situation on android is better as a result of that fight.


                      On the actual topic:
                      I don't see how anyone responsible for keys (like using a key from ms) would allow anyone to sign a bootloader with their key that does not check the signature of kernel (and initrd?) or that would not require that that kernel checks signatures on modules. Having a bootloader that does not check signatures should invalidate most of the purpose?

                      Shipping a distribution with signed chain of bootloader-kernel-initrd-modules feels like a big step towards "tivolization". It would be a sad day indeed if the we (we the "foss-comunity") would end up tivolizate our selves.

                      Comment

                      Working...
                      X