Announcement

Collapse
No announcement yet.

Free Software Foundation Thinks It Can Stop SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    You might be able to disable "SecureBoot" today in some devices, but the problem is tomorrow the choice will be gone.

    The sole purpose of SB is to stop users from replacing software. They want to turn general computers into appliances, tied forever to the software they ship with.

    Perhaps the FSF should join forces with the EFF on this one.

    Stopping this requires to go against corporations, but in the USA its them who dictate laws. Maybe in EU they might pass a law to make SB optional.

    In short Microsoft wants to forbid deleting windows, akin to phones needing jailbreak to do anything useful.

    Even if it looks easy to do workarounds today, it will become an arms race. Soon it will be considered "circumventing", etc...

    Comment


    • #17
      Originally posted by Sidicas View Post
      I just bought a brand new Windows 8 Dell laptop that has this SecureBoot.
      Booting Linux was as easy as going into the BIOS and selecting "LEGACY" instead of "UEFI". Problem solved.
      So, Linux is considered "LEGACY". Aahaha!

      Comment


      • #18
        Signed the petion

        Comment


        • #19
          Most of those supporting organisations are free software advocacy groups, distros, retailers or random blogs. Nobody who is going to have any meaningful influence, that's for sure.

          Comment


          • #20
            Originally posted by northar View Post
            I bet it's gonna help a zillion more times then writing a forum post that says that protesting about it won't help. Taking some action is always better than none at all.

            In Europe, Germany has already made some statements about it:hsecure boot: http://www.h-online.com/open/news/it...s-1753715.html
            Ugh you're one THOSE people. The kind where I could hate a song and you're like "I bet you can't sing better" when I'm not the one claiming I can sing (or getting paid to do it). I'm not saying protesting is useless but consider this: SecureBoot was pretty much made because of MS. I don't know if MS actually made it themselves, but they convinced hardware manufacturers to use it. The fact that some seemed to be that easily willing to use it means they were likely offered a nice deal (because it's not the hardware manufacturer's problem if you get a virus, so therefore they have no reason to care about adding something that puts such restrictions on their customers). That being said, simply saying "I want to remove this entirely" is unreasonable when you're talking to companies that are focused more on greed than customer preferences. So, you need a compromise - having the option to disable SB. While Linux isn't popular in the Desktop PC world, I'd say it's more popular on ARM than Windows RT. This isn't a popularity contest anymore, Linux is finally beyond that, SB would likely make a negative impact on sales to hardware manufacturers who support it.

            Originally posted by Larian
            No, no, no, and no, guys. Hardware manufacturers, last I checked, may not provide disabling functionality for Secure Boot on ARM devices if they want Windows 8 certification. On x86 and other desktop hardware they must have Secure Boot in place, but may go out of their way to allow users to disable it if they want to write that code / include that switch / take that development time.
            Why specifically aren't they allowed to have a disable feature? Also, unless Windows simply won't install on an uncertified device (which IMO is worse than Linux's SB problem), why is certification the manufacturer's problem? They can just shoot for Android and still make money. With the way you're putting it, it seems like MS is blackmailing HW manufacturers with very little leverage.

            Now if I've got my facts straight here, this is an anti-competitive measure on Microsoft's part. I remember Ballmer saying they were going to beat Linux at its own game, but I never thought hedging it out of emerging markets in the name of security with hardware fuckery like this was the plan he had in mind.
            This is anticompetition but here's the kicker - unlike companies such as Intel, Apple, Sun, and other big names, Linux has no one willing to file the lawsuit, so MS could get away with it. I suppose Red Hat or the Linux Foundation might consider suing MS but the court costs become an awkward burden where they might pressure other companies (or linux users) to fund them, or cause people to look at other companies like Novell and say "why aren't YOU helping!?". As another point to make, since SB doesn't seem to be a MS-only product, it's kinda difficult to sue them when they're not the only one you should be pointing fingers at.

            Some have said that disabling SB in the BIOS is the way forward. These people are short-sighted. What is actually being advocated is installing another technical roadblock for new users. When one can have Windows 8 auto-magically "just work" and Linux requires poking around in scary assembly code interface options or cracking open the case and putting hands on raw electronics just to get things into a state where they can begin an install - which is a worse situation than we have right now - that's not acceptable. And what do we do when Windows 9 goes UEFI+SB-only and mandates that new hardware can't have BIOS if they want certification?
            Accusing us of being short-sighted is just as short-sighted as the companies who agreed to support such a technology. Yes, it is another roadblock but like I said before, it doesn't seem like many HW manufacturers are going to give this up so easily, so a compromise needs to be made. IMO, setting up Linux on ARM platforms already is more of a challenge than on x86; with or without SB, there's already several roadblocks to get Linux installed on many ARM devices.

            Look, you people obviously don't care what happens to your computer. Just send it to me and I'll give it a good home. After all, if you're willing to let hardware and software manufacturers dictate how you use the products that you've bought, why can't I?
            Uh... where are you getting the impression we don't care? That's pretty presumptuous. What I've been saying is AGAINST SecureBoot, but as I've said a dozen times before, there needs to be a compromise. It doesn't HAVE to be a BIOS option, it could be a motherboard jumper setting. After all, allowing a software method to disable a "security" feature is in itself a security flaw.

            Comment


            • #21
              Originally posted by schmidtbag View Post
              Why specifically aren't they allowed to have a disable feature? Also, unless Windows simply won't install on an uncertified device (which IMO is worse than Linux's SB problem), why is certification the manufacturer's problem? They can just shoot for Android and still make money. With the way you're putting it, it seems like MS is blackmailing HW manufacturers with very little leverage.
              You know, I've developed a low opinion of your intellect. I've already answered all these questions in the post you quoted, but I'll slog through again. If you reply a second time with verbatim complaints which I have already addressed, notice is hereby served that the answers are in this post.

              The reason ARM OEMs aren't able to include a disable feature is because Microsoft said so, and that's all I know about it. Also, their market dominance is not something I would write off as being "very little leverage". If you want your OEM hardware to wear the "Certified for Windows 8" sticker on the front, you do what Microsoft says.

              ... since SB doesn't seem to be a MS-only product, it's kinda difficult to sue them when they're not the only one you should be pointing fingers at.
              SecureBoot isn't a Microsoft product? Funny, I thought it was. Especially since you have to get a key from Microsoft -for a fee, no less- to allow your OS to boot. In my little world, if you have to pay someone for something before you can use it, that sounds remarkably like their product.


              Accusing us of being short-sighted is just as short-sighted as the companies who agreed to support such a technology
              You keep using that word. I do not think it means what you think it means. Accusing people of making statements they've not put a lot of quality thought into is not short-sighted, it's an observation of fallacious thinking in action. Neither is supporting SecureBoot a short-sighted measure, but bowing to market pressures leveraged by Microsoft. (Keep in mind this only applies to OEMs who want the certification for what I assume are marketing purposes.) Attempting to get into a logical quibble with a philosopher ... that was short-sighted.

              Uh... where are you getting the impression we don't care?
              Sarcasm is lost on the retarded. Also, people are saying stupid shit that amounts to "This SecureBoot stuff is not a big deal. Just turn it off if you don't like it." And you can't turn it off on ARM devices with Windows 8 certification. What's more, allowing for a disabling measure on x86 hardware is not mandatory.

              What I've been saying is AGAINST SecureBoot
              Then I wasn't talking to you...

              but as I've said a dozen times before, there needs to be a compromise. It doesn't HAVE to be a BIOS option, it could be a motherboard jumper setting. After all, allowing a software method to disable a "security" feature is in itself a security flaw.
              ...but since you insist on not reading a word I've said, A jumper setting is NOT OKAY because it makes things worse than they are now for new users. You're asking unqualified and uneducated people to put hands on raw electronics in a world where scareware and phishing schemes are a multi-billion dollar industry. What's more, Windows users don't have to do it because it'll just work for them out of the box. Your easy fix won't work. Do you understand? It. Will. Not. Work.

              Comment


              • #22
                Originally posted by Larian View Post
                SecureBoot isn't a Microsoft product? Funny, I thought it was. Especially since you have to get a key from Microsoft -for a fee, no less- to allow your OS to boot. In my little world, if you have to pay someone for something before you can use it, that sounds remarkably like their product.
                Strictly speaking you don't need to get a key from Microsoft, you need to get a key from a trusted certificate authority. Microsoft just happens to be the only notable (if not the only) company/organisation that has signed up as a SB Certificate Authority.

                Comment


                • #23
                  Originally posted by Larian View Post
                  You know, I've developed a low opinion of your intellect. I've already answered all these questions in the post you quoted, but I'll slog through again. If you reply a second time with verbatim complaints which I have already addressed, notice is hereby served that the answers are in this post.

                  The reason ARM OEMs aren't able to include a disable feature is because Microsoft said so, and that's all I know about it. Also, their market dominance is not something I would write off as being "very little leverage". If you want your OEM hardware to wear the "Certified for Windows 8" sticker on the front, you do what Microsoft says.
                  I could say the same about my opinion of your intellect, but that's besides the point. Microsoft doesn't have a legal right to tell hardware manufacturers to add SB, so that CAN'T be the reason for not offering a disable feature. MS has a market dominance in x86, not ARM. Windows 8 is doing worse than Vista. That being said, you're comparing the wrong numbers. In the ARM world, Windows RT has very little leverage, therefore, HW manufacturers aren't in a situation where they MUST listen to MS; they can just shoot for Android. And again, why does the HW manufacturer have to care if their product is certified? No average joe is going ask a company like Dell "hey is this computer Windows RT compatible?". If Dell ships a computer with Windows RT on it (assuming they're legally allowed to, I'm not sure), they don't HAVE to say "Windows RT Certified". The reason I believe this is because you're allowed to build and sell a computer with a valid Windows license on it. Most people don't care if a computer is known to be certified and many people don't even understand what the difference between Windows XP and Windows 7. As for everyone else, they KNOW the system is Windows compatible if Windows shipped with their computer. I get your point but it's a market scheme that really only works on devices that an individual's computer didn't come with. So for example, all monitors ought to work with whatever GPU they can connect to, but some might say "Windows ## compatible" which helps comfort clueless customers.

                  SecureBoot isn't a Microsoft product? Funny, I thought it was. Especially since you have to get a key from Microsoft -for a fee, no less- to allow your OS to boot. In my little world, if you have to pay someone for something before you can use it, that sounds remarkably like their product.
                  I didn't say it WASN'T a MS product, I just wasn't sure if it was 100% a MS product - there might be other companies involved with the development of it. I don't do much research on SB.

                  You keep using that word. I do not think it means what you think it means. Accusing people of making statements they've not put a lot of quality thought into is not short-sighted, it's an observation of fallacious thinking in action.
                  What do you mean "keep using that word"? If its the word I think you're referring to, I only used it twice in the same sentence. Anyways, you made your point - but it seems as though you understood mine, even if I approached it incorrectly.
                  Neither is supporting SecureBoot a short-sighted measure, but bowing to market pressures leveraged by Microsoft. (Keep in mind this only applies to OEMs who want the certification for what I assume are marketing purposes.) Attempting to get into a logical quibble with a philosopher ... that was short-sighted.
                  Seriously? Now you're just nit-picketing. The "bowing to market pressures" is basically what I was getting at. A hardware manufacturer that supports SB can point straight to "bowing to market pressure". But, as stated before, I don't think HW manufacturers are in enough pressure, so that's why I think them supporting SB in general is stupid.

                  Sarcasm is lost on the retarded. Also, people are saying stupid shit that amounts to "This SecureBoot stuff is not a big deal. Just turn it off if you don't like it." And you can't turn it off on ARM devices with Windows 8 certification. What's more, allowing for a disabling measure on x86 hardware is not mandatory.
                  Saying comments like that is not going to get anyone to favor you. First of all, I understand the "send it to me, I'll give a good home" was sarcastic but that wasn't what I was referring to - it was the "don't care what happens to your computer" part, which doesn't sound sarcastic at all, especially through text. I never said SB wasn't a big deal, its an extremely big deal. While you could just boycott a certain brand, what if that brand has the best product? And I know you can't "just turn it off if you don't like it", that also isn't what I said OR implied. You accuse me of being retarded (unless that too was ironically sarcastic) but you're being belligerently ignorant. I was saying while MS doesn't have a legal right to force SB upon us, it's also not realistic to remove SB entirely. So, instead of making a petition to remove it (likely unsuccessful, unless Google joins in), there could be a petition to make a compromise by having the option to disable it, or perhaps to have an identical product that doesn't have SB. It's obviously not favorable to either side but its better than letting it be a permanent feature.
                  Then I wasn't talking to you...
                  For someone as anal about specifics as yourself, you should have been more explicit.

                  ...but since you insist on not reading a word I've said, A jumper setting is NOT OKAY because it makes things worse than they are now for new users. You're asking unqualified and uneducated people to put hands on raw electronics in a world where scareware and phishing schemes are a multi-billion dollar industry. What's more, Windows users don't have to do it because it'll just work for them out of the box. Your easy fix won't work. Do you understand? It. Will. Not. Work.
                  This is for people who would go out of their way to install Linux on a device that would be considered otherwise completely unsupported by the manufacturer. As I said before, installing Linux on ARM is not a user friendly process and not even an expert friendly process either, depending on the platform. Also, I didn't say that people would be required to open up a their product and take out this jumper. Maybe there could just be 2 identical systems that are sold, one with a jumper, one without. You would then have the option to add or remove the jumper if you chose to do so.
                  Last edited by schmidtbag; 12-30-2012, 07:08 PM.

                  Comment


                  • #24
                    Originally posted by schmidtbag View Post
                    I could say the same ...
                    Fail. You either don't understand what is being argued or you intentionally miss the point. I leave you to your opinions as I am wasting my time arguing with you.

                    Comment


                    • #25
                      Originally posted by Larian View Post
                      Fail. You either don't understand what is being argued or you intentionally miss the point. I leave you to your opinions as I am wasting my time arguing with you.
                      Isn't that what I'm supposed to be saying to you right now? At least I can admit I've made mistakes. You're the one twisting or ignoring my words in your favor. You're the one who has failed to prove your point.

                      My point was simple but you had to be an ass about it, which is what lead us here. You can't expect this petition to work because MS isn't going to let this go. They have way too much power to simply just drop SB altogether. However, due to the relative unpopularity of Windows 8, HW manufacturers aren't obligated to do what MS says; they can always turn to Android which gives THEM the leverage, not MS. The benefits of getting their devices certified don't outweigh the cons of adding SB. And again, they could just simply install Windows RT without the certification. I'm sure 95% of customers wouldn't notice.

                      It does seem some HW manufacturers are getting something extra that is convincing them to use SB that we don't know of (or you do but didn't bring it up). This is why there needs to be a compromise, because nobody will come to an agreement. Perhaps manually enabling/disabling SB might not be the best solution, but it's better than hoping a petition will somehow stop this ENTIRELY. If the petition fails, we might not get another opportunity and we'll be stuck with SB permanently enabled.

                      Comment


                      • #26
                        so much hate

                        The issue is quite clear in the surface article:
                        "The challenge with loading Linux (or any non-Microsoft operating system) on the new ARM-based tablet is that while it implements UEFI SecureBoot, it doesn't have the "Microsoft Windows UEFI Driver Publisher" key. This is the key used to sign Windows drivers and other non-Microsoft software (e.g. the signed Linux UEFI boot-loaders)."

                        Any device, ARM or not, will load non-Microsoft software if it has the Publisher key. Not need to disable anything.
                        That includes signed linux distributions, and that quite possibly includes anything once the Linux Foundation sorts out its signed boot system..

                        Comment


                        • #27
                          Originally posted by erendorn View Post
                          The issue is quite clear in the surface article:
                          "The challenge with loading Linux (or any non-Microsoft operating system) on the new ARM-based tablet is that while it implements UEFI SecureBoot, it doesn't have the "Microsoft Windows UEFI Driver Publisher" key. This is the key used to sign Windows drivers and other non-Microsoft software (e.g. the signed Linux UEFI boot-loaders)."

                          Any device, ARM or not, will load non-Microsoft software if it has the Publisher key. Not need to disable anything.
                          That includes signed linux distributions, and that quite possibly includes anything once the Linux Foundation sorts out its signed boot system..
                          Right but if MS made SB and pretty much did it to snuff out competition, what makes you think they'll let any Linux distro have it? I have heard about an attempt to get this key but I haven't heard of any success of it yet, otherwise I'm sure this petition wouldn't be in progress.
                          Last edited by schmidtbag; 12-31-2012, 10:40 AM.

                          Comment


                          • #28
                            Originally posted by schmidtbag View Post
                            Right but if MS made SB and pretty much did it to snuff out competition, what makes you think they'll let any Linux distro have it? I have heard about an attempt to get this key but I haven't heard of any success of it yet, otherwise I'm sure this petition wouldn't be in progress.
                            What do you think Ubuntu and Fedora are signed with?

                            Comment


                            • #29
                              Originally posted by mjg59 View Post
                              What do you think Ubuntu and Fedora are signed with?
                              They managed to get the signature to bypass SB? If so, great for them. But are they under a contract to not reveal the key? Because what's stopping them from giving it away to other distros? Or, what's stopping other distros from just taking the same files involved that make the key operate? If other distros are able to use this and assuming the signature applies to pretty much any device made, why does FSF care about stopping SB? Obviously I know the answer to that question if the sig is locked with just Ubuntu and Fedora.

                              Comment


                              • #30
                                Originally posted by przemoli View Post
                                Come one. There are dozens of OEMs who do not care about any other OS than Win. They can skimp on BIOS development by just making Win run on it.
                                Most OEMs don't do any firmware development at all (at least not on that level), they buy & configure "off-the-shelf" UEFI implementations that already include that functionality.

                                Comment

                                Working...
                                X