Announcement

Collapse
No announcement yet.

Free Software Foundation Thinks It Can Stop SecureBoot

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by przemoli View Post
    One GOOD story and we all should be happy?

    Come one. There are dozens of OEMs who do not care about any other OS than Win. They can skimp on BIOS development by just making Win run on it.

    BUT its more about MS twist of SB. Which FORBID options such as meantioned "LEGACY" mode. At release time or as future updates. NO OPTION TO TURN OFF SB (which by itself is make such implementation INCOMPATIBLE with UEFI).

    Personally I do not care if I can disable it by hw switch (like in chromebooks) or by sw switch, but inability to install any software I want to on hardware I OWN, because manufacturer FORBIDS ME?


    And as usual there are voices that consumer rights be damned, companies have right to do anything and they are happy with it......
    FSF is delusional. disabling secureboot in the firmware is easier than the BS people have to go through in using buggy distros like ubuntu or fedora. yesterday i went to best buy and it took me 15 seconds to disable secureboot. sure the grandma user would have problems going into the firmware. she is also gonna have difficulty when the nouveau driver hangs her GPU and she can't use bugzilla to submit a report!

    Comment


    • #12
      While I support what the FSF stands for, this is doomed to be an ineffective campaign. Even if everybody who knows what secure boot is buys a computer with secure boot (a bold assumption, most will), we'd barely put a dent in their sales. I think the best route to pursue is exposing SecureBoot for what it is - an anticompetitive technology thinly disguised as a security measure. It's difficult to buy a new computer that doesn't come with secure boot, anyhow. I wonder how the SEC would feel about such anticompetitive measures if a strong enough case were to be made.

      I'm glad that the FSF is trying to do something about this. While it might not seem so bad now, they're boiling frogs - I expect that legacy mode will be removed soon, and Win 8 SP1 or Win 9 will disable support for BIOS. If we're going to do anything about this, it needs to be soon.

      On a side note, as much as I hate people hiring lobbyists, I wish the FSF had more. People are far too ignorant to the problems at hand to be able to cause change outside of a governmental framework - and I'm also glad that the FSF is fighting ignorance with compaigns like DefectiveByDesign.
      Last edited by chickenlinux; 29 December 2012, 11:20 AM.

      Comment


      • #13
        To me the answer to the SecureBoot problem is blatantly obvious - have an option in the UEFI settings to disable it. Anyone intelligent enough to figure out how to install and set up linux ought to know how to disable that. By having it as an enable/disable feature, the security code doesn't have to be given away so OSes like Linux can use it (giving it away basically defeats the purpose of it).

        By adding a user accessible disable function (even as a mobo jumper), everyone wins - Microsoft can keep their initial security plans without anyone else meddling with it, mobo manufacturers aren't forced to take sides, the development of the feature doesn't have to be a waste of time, but best of all, the user gets to do whatever they want with their hardware. I don't see why this concept is so difficult to grasp. Sharing the key and signing a petition is not going to help.
        Last edited by schmidtbag; 29 December 2012, 12:51 PM.

        Comment


        • #14
          Originally posted by schmidtbag View Post
          ... I don't see why this concept is so difficult to grasp. Sharing the key and signing a petition is not going to help.
          I bet it's gonna help a zillion more times then writing a forum post that says that protesting about it won't help. Taking some action is always better than none at all.

          In Europe, Germany has already made some statements about it:hsecure boot: http://www.h-online.com/open/news/it...s-1753715.html

          Comment


          • #15
            No, no, no, and no, guys. Hardware manufacturers, last I checked, may not provide disabling functionality for Secure Boot on ARM devices if they want Windows 8 certification. On x86 and other desktop hardware they must have Secure Boot in place, but may go out of their way to allow users to disable it if they want to write that code / include that switch / take that development time.

            Now if I've got my facts straight here, this is an anti-competitive measure on Microsoft's part. I remember Ballmer saying they were going to beat Linux at its own game, but I never thought hedging it out of emerging markets in the name of security with hardware fuckery like this was the plan he had in mind.

            Some have said that disabling SB in the BIOS is the way forward. These people are short-sighted. What is actually being advocated is installing another technical roadblock for new users. When one can have Windows 8 auto-magically "just work" and Linux requires poking around in scary assembly code interface options or cracking open the case and putting hands on raw electronics just to get things into a state where they can begin an install - which is a worse situation than we have right now - that's not acceptable. And what do we do when Windows 9 goes UEFI+SB-only and mandates that new hardware can't have BIOS if they want certification?

            Look, you people obviously don't care what happens to your computer. Just send it to me and I'll give it a good home. After all, if you're willing to let hardware and software manufacturers dictate how you use the products that you've bought, why can't I?

            Comment


            • #16
              You might be able to disable "SecureBoot" today in some devices, but the problem is tomorrow the choice will be gone.

              The sole purpose of SB is to stop users from replacing software. They want to turn general computers into appliances, tied forever to the software they ship with.

              Perhaps the FSF should join forces with the EFF on this one.

              Stopping this requires to go against corporations, but in the USA its them who dictate laws. Maybe in EU they might pass a law to make SB optional.

              In short Microsoft wants to forbid deleting windows, akin to phones needing jailbreak to do anything useful.

              Even if it looks easy to do workarounds today, it will become an arms race. Soon it will be considered "circumventing", etc...

              Comment


              • #17
                Originally posted by Sidicas View Post
                I just bought a brand new Windows 8 Dell laptop that has this SecureBoot.
                Booting Linux was as easy as going into the BIOS and selecting "LEGACY" instead of "UEFI". Problem solved.
                So, Linux is considered "LEGACY". Aahaha!

                Comment


                • #18
                  Signed the petion

                  Comment


                  • #19
                    Most of those supporting organisations are free software advocacy groups, distros, retailers or random blogs. Nobody who is going to have any meaningful influence, that's for sure.

                    Comment


                    • #20
                      Originally posted by northar View Post
                      I bet it's gonna help a zillion more times then writing a forum post that says that protesting about it won't help. Taking some action is always better than none at all.

                      In Europe, Germany has already made some statements about it:hsecure boot: http://www.h-online.com/open/news/it...s-1753715.html
                      Ugh you're one THOSE people. The kind where I could hate a song and you're like "I bet you can't sing better" when I'm not the one claiming I can sing (or getting paid to do it). I'm not saying protesting is useless but consider this: SecureBoot was pretty much made because of MS. I don't know if MS actually made it themselves, but they convinced hardware manufacturers to use it. The fact that some seemed to be that easily willing to use it means they were likely offered a nice deal (because it's not the hardware manufacturer's problem if you get a virus, so therefore they have no reason to care about adding something that puts such restrictions on their customers). That being said, simply saying "I want to remove this entirely" is unreasonable when you're talking to companies that are focused more on greed than customer preferences. So, you need a compromise - having the option to disable SB. While Linux isn't popular in the Desktop PC world, I'd say it's more popular on ARM than Windows RT. This isn't a popularity contest anymore, Linux is finally beyond that, SB would likely make a negative impact on sales to hardware manufacturers who support it.

                      Originally posted by Larian
                      No, no, no, and no, guys. Hardware manufacturers, last I checked, may not provide disabling functionality for Secure Boot on ARM devices if they want Windows 8 certification. On x86 and other desktop hardware they must have Secure Boot in place, but may go out of their way to allow users to disable it if they want to write that code / include that switch / take that development time.
                      Why specifically aren't they allowed to have a disable feature? Also, unless Windows simply won't install on an uncertified device (which IMO is worse than Linux's SB problem), why is certification the manufacturer's problem? They can just shoot for Android and still make money. With the way you're putting it, it seems like MS is blackmailing HW manufacturers with very little leverage.

                      Now if I've got my facts straight here, this is an anti-competitive measure on Microsoft's part. I remember Ballmer saying they were going to beat Linux at its own game, but I never thought hedging it out of emerging markets in the name of security with hardware fuckery like this was the plan he had in mind.
                      This is anticompetition but here's the kicker - unlike companies such as Intel, Apple, Sun, and other big names, Linux has no one willing to file the lawsuit, so MS could get away with it. I suppose Red Hat or the Linux Foundation might consider suing MS but the court costs become an awkward burden where they might pressure other companies (or linux users) to fund them, or cause people to look at other companies like Novell and say "why aren't YOU helping!?". As another point to make, since SB doesn't seem to be a MS-only product, it's kinda difficult to sue them when they're not the only one you should be pointing fingers at.

                      Some have said that disabling SB in the BIOS is the way forward. These people are short-sighted. What is actually being advocated is installing another technical roadblock for new users. When one can have Windows 8 auto-magically "just work" and Linux requires poking around in scary assembly code interface options or cracking open the case and putting hands on raw electronics just to get things into a state where they can begin an install - which is a worse situation than we have right now - that's not acceptable. And what do we do when Windows 9 goes UEFI+SB-only and mandates that new hardware can't have BIOS if they want certification?
                      Accusing us of being short-sighted is just as short-sighted as the companies who agreed to support such a technology. Yes, it is another roadblock but like I said before, it doesn't seem like many HW manufacturers are going to give this up so easily, so a compromise needs to be made. IMO, setting up Linux on ARM platforms already is more of a challenge than on x86; with or without SB, there's already several roadblocks to get Linux installed on many ARM devices.

                      Look, you people obviously don't care what happens to your computer. Just send it to me and I'll give it a good home. After all, if you're willing to let hardware and software manufacturers dictate how you use the products that you've bought, why can't I?
                      Uh... where are you getting the impression we don't care? That's pretty presumptuous. What I've been saying is AGAINST SecureBoot, but as I've said a dozen times before, there needs to be a compromise. It doesn't HAVE to be a BIOS option, it could be a motherboard jumper setting. After all, allowing a software method to disable a "security" feature is in itself a security flaw.

                      Comment

                      Working...
                      X