Announcement

Collapse
No announcement yet.

The UEFI SecureBoot Saga For Linux Continues

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fenrin
    replied
    Linux Tovalds opinion on this:
    [...]
    ?I?m certainly not a huge UEFI fan, but at the same time I see why you might want to have signed bootup etc. And if it?s only $99 to get a key for Fedora, I don?t see what the huge deal is.?
    [...]
    ?The real problem, I feel, is that clever hackers will bypass the whole key issue either by getting a key of their own (how many of those private keys have stayed really private again? Oh, that?s right, pretty much none of them) or they?ll just take advantage of security bugs in signed software to bypass it without a key at all.?
    [...]
    Torvalds concluded, ?Signing is a tool in the tool-box, but it?s not solving all the security problems, and while I think some people are a bit too concerned about it, it?s true that it can be mis-used.?
    [...]
    the full article is here: Linus Torvalds on Windows 8, UEFI, and Fedora

    And I also read that Red Hat actually pays the $99 to verisign (not Microsoft, see here).

    Leave a comment:


  • diriel
    replied
    +1 to what..

    Crazycheese said!

    Leave a comment:


  • crazycheese
    replied
    Originally posted by uid313 View Post
    WGA, WPA, OGA are great.
    Windows is commercial and proprietary software. If people want Windows they should pay for it. If they don't want to pay, they should get a free operating system.
    If people don't like WGA, etc then they should switch operating system to one without it.
    I used to use Windows but got increasingly fed up with WGA and restrictive EULAs, so I switched to Ubuntu.
    Bullsh1t, fact is cracked versions pass checks, do not require revalidations, have no hardware bindings. Fact is - cracked systems are a lot easier to work with than with "legit". It is same as with DVD/BR - unskippable titles/ads, impossibility to backup, huge limitation of platforms. I don't use windows since 2007, but I do keep eye on whats happening there. Fact is: If people want Windows, they MUST pay and MUST endure all trash it throws at them. If people do not want Windows, they are seen as criminals. Like in DDR, the slaves are forced to move the wheel forward and all trespassers are shot on site. People who are using LIBRE operating systems are just FED UP with this BS; they are VERY WELL CAPABLE OF PAYING. They just smart enough not to pay for BS. Enjoy the fukts...

    Leave a comment:


  • crazycheese
    replied
    Originally posted by JanC View Post
    The BIOS can't protect Windows or linux applications from writing to the MBR, because they don't use the BIOS to do disk I/O.

    It worked to protect against (most) DOS malware though...
    When you reboot hardware, who is called? It is very well possible to implement. Of course, "real-time" protection won't work anymore, but just comparing CRC and restoring on failure is sufficient enough.

    The thing that they are doing here is a lot bigger however - they are trying to create semi-HDCP, but for all middleware level. And because they are not giving users the control and understanding, that means they want to decide what is to be allowed all by themselves (corporations).

    Leave a comment:


  • JanC
    replied
    Originally posted by crazycheese View Post
    The best security ever at boot stage has already been invented several decades ago, it was called BIOS MBR protection.
    The BIOS can't protect Windows or linux applications from writing to the MBR, because they don't use the BIOS to do disk I/O.

    It worked to protect against (most) DOS malware though...

    Leave a comment:


  • diriel
    replied
    Bleh

    Yes, I am noting that.

    Leave a comment:


  • uid313
    replied
    Originally posted by diriel View Post
    My next system will either have Coreboot or a regular bios. Under no circumstance will it have UEFI because I simply dissagree with what it stands for. It is NOT secure!
    That will be hard.
    Soon most systems will be UEFI and soon all systems will be UEFI.
    Soon there will be no more systems using BIOS.

    Coreboot support is weak and is mostly limited to some embedded devices and servers. Not much for desktop computers and laptops.

    Originally posted by peppepz View Post
    If piracy wasn't a problem, then why would Microsoft invest millions in the various WGA / WPA / OGA programs, which even have the harmful side effect of annoying their honest customers?
    WGA, WPA, OGA are great.
    Windows is commercial and proprietary software. If people want Windows they should pay for it. If they don't want to pay, they should get a free operating system.
    If people don't like WGA, etc then they should switch operating system to one without it.
    I used to use Windows but got increasingly fed up with WGA and restrictive EULAs, so I switched to Ubuntu.
    Last edited by uid313; 04 June 2012, 04:33 AM.

    Leave a comment:


  • peppepz
    replied
    Originally posted by garegin View Post
    i doubt piracy is such a problem. every computer comes with windows preinstalled. other than that, hackers will always find a way to crack it.
    If piracy wasn't a problem, then why would Microsoft invest millions in the various WGA / WPA / OGA programs, which even have the harmful side effect of annoying their honest customers?

    Yes, hackers will most probably crack the new model, too, but one thing is "double click an exe and you're done", and another one is "solder stuff to your dvd drive to hack its firmware, and hope that MS doesn't remotely blacklist you" (see Microsoft's gaming consoles). I'm not saying that this is happening now (secure boot CAN be disabled for now, after all), but the direction we're heading is clear. Moreover, starting with Windows 8 they're (optionally for now) binding your Windows login to your Microsoft Live account - if I were a pirate, I wouldn't want to get caught by Microsoft cracking Windows when they know everything about me.

    Normally, I'm happy when MS strengthens its copy protection schemes. I'll bet a lot of people in the "software is a tool" camp are actually pirates: I wouldn't otherwise understand how they shun, say, the Gimp for Adobe Photoshop, when the latter costs $700; is there somebody who actually spends that much to remove the red eyes from his holiday photos? So, having them actually pay for the software they use might make those people reconsider the actual value of "free" software.

    However, binding MS' software to everybody's hardware has the unfortunate side effect of subtly forcing people NOT to use free software. Or non-MS software in general. Which is the aspect of "secure" boot that I find unacceptable.

    Leave a comment:


  • uid313
    replied
    Originally posted by x616e View Post
    Just so you know America (USA) is not the center of the world, there is no way we can let American (USA) companies (Microsoft and Verisign) control our hardware, regardless of what OS we are using. Red Hat are an American company and thus are in the pockets of Microsoft and the american government. They cannot be trusted.
    You do have a point. USA is not the center of the world, and I agree that we should not let American companies control our systems.
    It also gives Microsoft an unfair advantage that they get to have their key pre-installed, while other vendors (such as Red Hat, Novell and Canonical) does not.

    Originally posted by x616e View Post
    The point about consumers is if you refuse to buy something because of some reason, then it gets fixed. Therefore what we can do about SecureBoot is boycot. I for one am removing all my contacts, phone, email, social, from any one who will be using a Secure Boot system as it currently stands. I will not be buying any new hardware. If you do not boycot EFI and Secure Boot then you clearly are just another Microsoft/American puppet using Linux and free software to be cool, and not becuase you really believe anything.
    What a joke. Then you will all alone and left with no friends. Everyone will be using SecureBoot systems.

    Consumers refuse to buy something? Wow, I wish we had educated consumers, we don't. Most people are dumb and uneducated.

    Leave a comment:


  • diriel
    replied
    Redhat...

    is a company who owes it's investors a share. I do believe they want to do right. But when you have MS craamming their .. up your A$$ and telling you to smile for the cameras....

    I am unsure what to think about RH. I hope all works out. The next couple of years will certainly shed a light on things.

    Leave a comment:

Working...
X