Announcement

Collapse
No announcement yet.

The UEFI SecureBoot Saga For Linux Continues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #41
    Thoughts

    Does a package need to be signed at a price of $99 once, or does it need to be re-signed at a price of $99 every time there is a new bugfix release?

    This maybe will work for big players like Red Hat, Novell, etc.
    But what about small hobbyist projects by students?

    Is it only the initial bootloader that needs to be signed, or is it the kernel, and other stuff too?
    $99 * X = $$$$$$$$$

    What about users (people and companies) that tune and compile the kernel themselves?

    What if this $99 price increases over time? $99 becomes $999 which in turn becomes $9999.

    How long does it take to get something signed?
    You send the package to Microsoft and they sign it the minute or later, or its going to be a lengthy process that takes months? Every line of code will need to be audited?

    What if there are any DMCA complaints or intellectual property dispute, the signature will be revoked? retroactively revoked?

    Comment


    • #42
      Isn't this anti-competitive?

      Okay, the idea behind UEFI is great and all, but I fail to see how this isn't taking advantage of a monopoly to enforce anti-competitive behavior. It's not that much different from their bundling of Internet Explorer to stifle competition in the browser market - just slightly more shitty. The $99 license fee takes the cake.

      Comment


      • #43
        Originally posted by Larian View Post
        Okay, the idea behind UEFI is great and all, but I fail to see how this isn't taking advantage of a monopoly to enforce anti-competitive behavior. It's not that much different from their bundling of Internet Explorer to stifle competition in the browser market - just slightly more shitty. The $99 license fee takes the cake.
        Not sure how it's anti-competitive. Secure Boot is not required for X86, it's only required for ARM. Every ARM manufacturer I know of to date implements a locked down bootloader for Android and iOS, so I'm not sure how Microsoft's demand for something that already exists in the ARM space can be described as anti-competitive. UEFI is developed by the UEFI forum of which Microsoft is only one member. Perhaps the Linux community needs to get someone on that forum if nobody is fighting for them.

        Comment


        • #44
          Defeat

          No matter how much lipstick you put on it, this is a defeat for the open source world and for computing in general. Red Hat's efforts to mitigate the problem are laudable, but the truth is that starting from today, your computer is designed not to trust you, doesn't actually belong to you, and you are only "conceded" the grant to write software that doesn't interfere with the interests of the "external owners" of the hardware you paid for. And this is true only as long as "secure boot" isn't made a fixed feature (which is clearly the next step - they've already done it on ARM!). After that we'll only be consumers. First they came for the smartphones, then they came for the tablets...

          Saying that this is done for the user's security is like believing that curfews and censorship are in the interest of the security of well-behaving citizens (ask Franklin about that). So flags down, this is a sad day for the PC architecture. Microsoft won in the end.

          Comment


          • #45
            Originally posted by locovaca View Post
            Not sure how it's anti-competitive.
            I think that making the OSes of all players in the OS market a pain in the a.. to use, except for the one of the dominant player, is definitely anti-competitive, much more than bundling Windows Media Player with the OS, for which MS was massively fined in the recent past. But then I'm not an economist.

            Comment


            • #46
              "No matter how much lipstick you put on it, this is a defeat for the open source world and for computing in general. Red Hat's efforts to mitigate the problem are laudable, but the truth is that starting from today, your computer is designed not to trust you, doesn't actually belong to you, and you are only "conceded" the grant to write software that doesn't interfere with the interests of the "external owners" of the hardware you paid for. And this is true only as long as "secure boot" isn't made a fixed feature (which is clearly the next step - they've already done it on ARM!). After that we'll only be consumers. First they came for the smartphones, then they came for the tablets...

              Saying that this is done for the user's security is like believing that curfews and censorship are in the interest of the security of well-behaving citizens (ask Franklin about that). So flags down, this is a sad day for the PC architecture. Microsoft won in the end. "

              this is pure BS. the problem is the architectural design of the kernel and the bootloader that is making it hard to sign and track it, not MS's evil plans. Linux evangelists have been wallowing in self-pity for twenty years. No-one is "after", mmk. The reason your monolithic piece of crap hasn't taken the world by a storm is because no one is buying what you are selling, sister.

              Comment


              • #47
                Originally posted by Kano View Post
                I still don't get your point, ms definitely stated that on x86 platform the uefi setup MUST provide an option to disable secure boot. Only on ARM there may NOT be an option to disable it. That makes it non trivial if you dont want to desolder the eeprom of course, but maybe you find a spi interface to use. UEFI is not graved into stone, if you want to modify it, you find a way.
                Unless they've changed things recently, that's not true.

                ON x86 platform mobo manufacturer's were supposed to provide the option, but it was optional whether they wanted to include it or not, and some of them were already saying they might not.

                Personally, i expect it will be a lot like the overclocking options MBs come with. Most of the ones you can buy off the shelf will probably have the option. But will that OEM machine you bought from Dell or HP? I wouldn't count on it.

                Comment


                • #48
                  Originally posted by peppepz View Post
                  No matter how much lipstick you put on it, this is a defeat for the open source world and for computing in general.
                  Agreed. This sucks. My respect for Redhat goes down a notch. Don't give 'em an inch, don't play their game.

                  Comment


                  • #49
                    Originally posted by garegin View Post
                    this is pure BS. the problem is the architectural design of the kernel and the bootloader that is making it hard to sign and track it, not MS's evil plans. Linux evangelists have been wallowing in self-pity for twenty years. No-one is "after", mmk. The reason your monolithic piece of crap hasn't taken the world by a storm is because no one is buying what you are selling, sister.
                    In the unlikely case that you're really convinced of what you're saying, no, the problem is not architectural but political. To make it simple:

                    1) Code signing with no access to the "key" is against the interest of the developer, and therefore of the user.
                    2) Microsoft has the "key".
                    3) Everyone else hasn't, and adding other keys is a pain in the a**, and has been done deliberately so by Microsoft.

                    And the only reasons for this royal pain are:

                    1) Windows piracy. Windows is currently cracked by pre-boot tricks and Microsoft understandably want to stop that. Of course, doing so by locking de facto all PCs to their own product is not an acceptable solution for anybody, but them.
                    2) Microsoft store. Microsoft want to sell applications and DRM-protected media through their one and only application store, and in order to to this, they need to assure Hollywood that they're in control of your own machine, not you (hence "integrity measurement").

                    Comment


                    • #50
                      The ms way to "fix" piracy is much simpler, they require activation even for oem systems. currently every oem has got one token in the bios, a cert and one product key (the key is not bound against the cert). so to pirate win the bios token (slic) is emulated or the bios is patched to have got one. btw. that leads to the funny fact that even when you have got the starter edition you just need to exchange the oem key to get the ultimate one the most simple approach to fix this issue is to require unique product keys for each system and reject keys which are activated too often. thats of course much more expensive for the oems as they need to preload the right key onto each system. that has got nothing to do with secure boot in the first place. even when ms would require uefi for oem activation and would not change the rest it would be cracked the day of release. maybe they could require secure boot for the first activation process, would be at least one option to make it harder, but time will tell. i doubt that ppl will buy more retail/update licences - just early adopters who did the same for w7.
                      Last edited by Kano; 06-02-2012, 03:44 AM.

                      Comment

                      Working...
                      X