Announcement

Collapse
No announcement yet.

Linux Group Files Complaint With EU Over SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Group Files Complaint With EU Over SecureBoot

    Phoronix: Linux Group Files Complaint With EU Over SecureBoot

    The Hispalinux Spanish Linux association has filed a complaint against Microsoft with the European Union over the UEFI SecureBoot...

    http://www.phoronix.com/vr.php?view=MTMzNjc

  • #2
    Originally posted by phoronix View Post
    Phoronix: Linux Group Files Complaint With EU Over SecureBoot

    The Hispalinux Spanish Linux association has filed a complaint against Microsoft with the European Union over the UEFI SecureBoot...

    http://www.phoronix.com/vr.php?view=MTMzNjc
    This seems misguided - win8 certification actually requires that the end user can disable secure boot and upload/remove keys.

    Comment


    • #3
      WRONG

      Originally posted by sofar View Post
      This seems misguided - win8 certification actually requires that the end user can disable secure boot and upload/remove keys.
      Given the condition you are _not_ on ARM.
      Read up the facts and don't be a sheep of the system!

      SecureBoot is stealing the users' freedom and should be abandoned asap; the excuse it has been introduced for is a shame to all computer users and the loose conditions for x86_64 are only there to abandon initial criticism.

      Comment


      • #4
        Microsoft should have every right to secure their systems as they see fit. This endless whining over SecureBoot is getting ridiculous.

        Comment


        • #5
          What the hell?

          Originally posted by johnc View Post
          Microsoft should have every right to secure their systems as they see fit. This endless whining over SecureBoot is getting ridiculous.
          I don't know if you even understand the problem: These are not Microsoft's systems, these are the end-users' systems, and the users are the _only_ ones deciding which operating systems they install on it.
          Moreover, are you suffering from the Stockholm Syndrome or why are you so defensive of Microsoft? I don't get it.
          Last edited by frign; 03-26-2013, 06:26 PM.

          Comment


          • #6
            They will just ignore it

            And obviously, they will just ignore it...

            Comment


            • #7
              Originally posted by frign View Post
              SecureBoot is stealing the users' freedom and should be abandoned asap; the excuse it has been introduced for is a shame to all computer users and the loose conditions for x86_64 are only there to abandon initial criticism.
              ARM secure boot is something different than x86_64 EUFI Secure Boot.

              there are two things you are overlooking:

              1) you can choose not to buy ARM hardware that has Secure Boot enabled (there are several vendors of unlocked ARM hardware around, at very low prices). A lot of these devices can also be rooted or jailbroken. On top of that, consumer ARM hardware has almost exclusively been "bootlocked" since forever, and secure boot doesn't even change that.
              2) for x86_64 hardware, you actually have much less competition when it comes to buying from alternative vendors, as almost the entire market is win8.

              So, it isn't as simple as you claim it to be. I don't think that my employer would be OK with selling hardware that can only run a single proprietary OS - remember, Intel supports Linux with an enormous group of developers. I don't think that Intel would sanction a degraded security under Linux, either. I'd personally love to buy a system pre-installed with e.g. RedHat that has only RedHat keys, and no microsoft keys, BTW. UEFI Secure Boot actually makes that possible.

              DISCLAIMER: I work for Intel (insert standard corporate disclaimer). I personally like EUFI secure boot, because it allows me to secure my system against people trying to break into my system.

              Comment


              • #8
                Originally posted by johnc View Post
                Microsoft should have every right to secure their systems as they see fit. This endless whining over SecureBoot is getting ridiculous.
                Microsoft console, yes.

                Personal computer - NO.

                Originally posted by sofar View Post
                ARM secure boot is something different than x86_64 EUFI Secure Boot.

                there are two things you are overlooking:

                1) you can choose not to buy ARM hardware that has Secure Boot enabled (there are several vendors of unlocked ARM hardware around, at very low prices). A lot of these devices can also be rooted or jailbroken. On top of that, consumer ARM hardware has almost exclusively been "bootlocked" since forever, and secure boot doesn't even change that.
                2) for x86_64 hardware, you actually have much less competition when it comes to buying from alternative vendors, as almost the entire market is win8.

                So, it isn't as simple as you claim it to be. I don't think that my employer would be OK with selling hardware that can only run a single proprietary OS - remember, Intel supports Linux with an enormous group of developers. I don't think that Intel would sanction a degraded security under Linux, either. I'd personally love to buy a system pre-installed with e.g. RedHat that has only RedHat keys, and no microsoft keys, BTW. UEFI Secure Boot actually makes that possible.

                DISCLAIMER: I work for Intel (insert standard corporate disclaimer). I personally like EUFI secure boot, because it allows me to secure my system against people trying to break into my system.
                There two things that you are overlooking.

                1) Its personal computer. Personal computer means it is illegal to establish monopoly or vendor lock-in.
                2) UEFI secure boot does NOT allow YOU to secure YOUR system against people trying to break in YOUR system.
                UEFI secure boot allows PEOPLE to secure THEIR system from YOU, the buyer and user.
                Last edited by brosis; 03-26-2013, 06:26 PM.

                Comment


                • #9
                  Some ideas

                  Originally posted by sofar View Post
                  ARM secure boot is something different than x86_64 EUFI Secure Boot.

                  there are two things you are overlooking:

                  1) you can choose not to buy ARM hardware that has Secure Boot enabled (there are several vendors of unlocked ARM hardware around, at very low prices). A lot of these devices can also be rooted or jailbroken. On top of that, consumer ARM hardware has almost exclusively been "bootlocked" since forever, and secure boot doesn't even change that.
                  2) for x86_64 hardware, you actually have much less competition when it comes to buying from alternative vendors, as almost the entire market is win8.

                  So, it isn't as simple as you claim it to be. I don't think that my employer would be OK with selling hardware that can only run a single proprietary OS - remember, Intel supports Linux with an enormous group of developers. I don't think that Intel would sanction a degraded security under Linux, either. I'd personally love to buy a system pre-installed with e.g. RedHat that has only RedHat keys, and no microsoft keys, BTW. UEFI Secure Boot actually makes that possible.

                  DISCLAIMER: I work for Intel (insert standard corporate disclaimer). I personally like EUFI secure boot, because it allows me to secure my system against people trying to break into my system.
                  Thanks for your statement.
                  The last time I checked, I saw Intel actually being part of the SecureBoot-interest-group, but I may be wrong.
                  I may choose not to buy ARM hardware with enabled SecureBoot, but what kind of agenda is this? There is a market to lose, a big potential to bring GNU/Linux to the masses and fighting what we called a monopoly a few years ago before everyone seemingly forgot what that is.
                  SecureBoot is not securing your system, it is just luring you into a state of being locked to a certain operating system, as only a minority of attacks are focused on actually manipulating the bootloader or MBR.

                  What does this lead to?
                  Using Windows 8 imposes all risks of the last years. You will be target of all major virus-authors and be forced to use anti-virus software, because they may have "secured" the booting-process, but they did not get around fixing the actual operating system properly!
                  We had this same discussion years ago with IE and fortunately, the fight was won.
                  We have this discussion today regarding an even more sensitive topic (switching to FF is easier than unlocking your hardware or even buying new one in case of ARM) and I am afraid most users might not even care.

                  Comment


                  • #10
                    Originally posted by sofar View Post
                    ARM secure boot is something different than x86_64 EUFI Secure Boot.

                    there are two things you are overlooking:

                    1) you can choose not to buy ARM hardware that has Secure Boot enabled (there are several vendors of unlocked ARM hardware around, at very low prices). A lot of these devices can also be rooted or jailbroken. On top of that, consumer ARM hardware has almost exclusively been "bootlocked" since forever, and secure boot doesn't even change that.
                    2) for x86_64 hardware, you actually have much less competition when it comes to buying from alternative vendors, as almost the entire market is win8.

                    So, it isn't as simple as you claim it to be. I don't think that my employer would be OK with selling hardware that can only run a single proprietary OS - remember, Intel supports Linux with an enormous group of developers. I don't think that Intel would sanction a degraded security under Linux, either. I'd personally love to buy a system pre-installed with e.g. RedHat that has only RedHat keys, and no microsoft keys, BTW. UEFI Secure Boot actually makes that possible.

                    DISCLAIMER: I work for Intel (insert standard corporate disclaimer). I personally like EUFI secure boot, because it allows me to secure my system against people trying to break into my system.
                    There have been boot viruses for decades. Secureboot isnt going to fix that. The -only- thing that it effectively did was grow a hacker community to target it. Before Secureboot it was a small purpose focused community, but now it is a larger and growing community targeting specifically Secureboot. The risk is greater now than it has ever been -because- of it.

                    You know that old saying about the bullseye.... The point of the game is to hit the bullseye.... The game is about notoriety and Secureboot is an awful lucrative bullseye.
                    Last edited by duby229; 03-26-2013, 06:32 PM.

                    Comment


                    • #11
                      Originally posted by johnc View Post
                      Microsoft should have every right to secure their systems as they see fit. This endless whining over SecureBoot is getting ridiculous.
                      Not a chance. End user has to have the rights to do whatever he wants with his computer. M$ can eat dirt if they want, but nothing more.

                      Comment


                      • #12
                        Originally posted by brosis View Post
                        Microsoft console, yes.

                        Personal computer - NO.



                        There two things that you are overlooking.

                        1) Its personal computer. Personal computer means it is illegal to establish monopoly or vendor lock-in.
                        2) UEFI secure boot does NOT allow YOU to secure YOUR system against people trying to break in YOUR system.
                        UEFI secure boot allows PEOPLE to secure THEIR system from YOU, the buyer and user.
                        This is complete nonsense, and factually incorrect. Please stop spreading FUD, you are completely wrong here.

                        Comment


                        • #13
                          Originally posted by duby229 View Post
                          There have been boot viruses for decades. Secureboot isnt going to fix that. The -only- thing that it effectively did was grow a hacker community to target it. Before Secureboot it was a small purpose focused community, but now it is a larger and growing community targeting specifically Secureboot. The risk is greater now than it has ever been -because- of it.

                          You know that old saying about the bullseye.... The point of the game is to hit the bullseye.... The game is about notoriety and Secureboot is an awful lucrative bullseye.
                          People confuse secure boot with "my system is safe", which is not what it intends to do. Secure boot will not prevent viruses, or people pwning your system.

                          But it does cause your system to stop operating in case the system has been found to be compromised (unless, as you point out, the firmware itself, or secure boot is compromised). UEFI Secure Boot will certainly help to protect against boot sector exploits (not to mention that EUFI basically does away with the MBR magic).

                          Comment


                          • #14
                            Originally posted by sofar View Post
                            People confuse secure boot with "my system is safe", which is not what it intends to do. Secure boot will not prevent viruses, or people pwning your system.

                            But it does cause your system to stop operating in case the system has been found to be compromised (unless, as you point out, the firmware itself, or secure boot is compromised). UEFI Secure Boot will certainly help to protect against boot sector exploits (not to mention that EUFI basically does away with the MBR magic).
                            No it was intended to be a vendor lock-in mechanism with the excuse that it would prevent unprotected code from booting. If MS had simply admitted what it was instead of making up an excuse for its existence I doubt it would be as heavily targeted today as it is.

                            MS created the excuse and now it is only a matter of time until secureboot is completely compromised with the largest selection of boot viruses the world has ever seen. It would -not- have happened if secureboot never existed. This means that the next generation of viruses are going to be largely OS agnostic. They wont need an OS to function.

                            MS is just completely retarded. Everything they do blows up. This isnt going to be any different.
                            Last edited by duby229; 03-26-2013, 06:51 PM.

                            Comment


                            • #15
                              Originally posted by frign View Post
                              Thanks for your statement.
                              The last time I checked, I saw Intel actually being part of the SecureBoot-interest-group, but I may be wrong.
                              I have not yet heard from something like that.

                              Intel is one of the companies working on UEFI, and therefore UEFI Secure Boot. As I said, ARM Secure Boot is something completely different as far as I know.

                              Originally posted by frign View Post
                              I may choose not to buy ARM hardware with enabled SecureBoot, but what kind of agenda is this? There is a market to lose, a big potential to bring GNU/Linux to the masses and fighting what we called a monopoly a few years ago before everyone seemingly forgot what that is.
                              SecureBoot is not securing your system, it is just luring you into a state of being locked to a certain operating system, as only a minority of attacks are focused on actually manipulating the bootloader or MBR.

                              What does this lead to?
                              Using Windows 8 imposes all risks of the last years. You will be target of all major virus-authors and be forced to use anti-virus software, because they may have "secured" the booting-process, but they did not get around fixing the actual operating system properly!
                              We had this same discussion years ago with IE and fortunately, the fight was won.
                              We have this discussion today regarding an even more sensitive topic (switching to FF is easier than unlocking your hardware or even buying new one in case of ARM) and I am afraid most users might not even care.
                              UEFI Secure Boot has nothing to do with Windows 8, which is what gets people confused.

                              I've called "UEFI Secure Boot" by a more descriptive name before: "UEFI Validated Boot". In effect, your system isn't secure at all, but at least parts of the boot sequence were *validated* during the boot process. Consequences are:

                              - something modifies kernel code during boot? you're pwned
                              - something runs in unprivileged mode? you're pwned
                              - something modifies your kernel file? you won't be able to boot
                              - something attempts to upload a trojan driver? you won't be able to boot or possibly load that driver

                              Second, NOTHING, absolutely NOTHING prevents a hardware vendor from shipping a system with UEFI Secure Boot enabled with e.g. Linux and NO Microsoft keys, and instead their own keys or someone elses keys. (hell, YOU can even do this).

                              (again, I'm not talking about ARM here)

                              Comment

                              Working...
                              X