Announcement

Collapse
No announcement yet.

Free Software Foundation Thinks It Can Stop SecureBoot

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by schmidtbag View Post
    Why specifically aren't they allowed to have a disable feature? Also, unless Windows simply won't install on an uncertified device (which IMO is worse than Linux's SB problem), why is certification the manufacturer's problem? They can just shoot for Android and still make money. With the way you're putting it, it seems like MS is blackmailing HW manufacturers with very little leverage.
    You know, I've developed a low opinion of your intellect. I've already answered all these questions in the post you quoted, but I'll slog through again. If you reply a second time with verbatim complaints which I have already addressed, notice is hereby served that the answers are in this post.

    The reason ARM OEMs aren't able to include a disable feature is because Microsoft said so, and that's all I know about it. Also, their market dominance is not something I would write off as being "very little leverage". If you want your OEM hardware to wear the "Certified for Windows 8" sticker on the front, you do what Microsoft says.

    ... since SB doesn't seem to be a MS-only product, it's kinda difficult to sue them when they're not the only one you should be pointing fingers at.
    SecureBoot isn't a Microsoft product? Funny, I thought it was. Especially since you have to get a key from Microsoft -for a fee, no less- to allow your OS to boot. In my little world, if you have to pay someone for something before you can use it, that sounds remarkably like their product.


    Accusing us of being short-sighted is just as short-sighted as the companies who agreed to support such a technology
    You keep using that word. I do not think it means what you think it means. Accusing people of making statements they've not put a lot of quality thought into is not short-sighted, it's an observation of fallacious thinking in action. Neither is supporting SecureBoot a short-sighted measure, but bowing to market pressures leveraged by Microsoft. (Keep in mind this only applies to OEMs who want the certification for what I assume are marketing purposes.) Attempting to get into a logical quibble with a philosopher ... that was short-sighted.

    Uh... where are you getting the impression we don't care?
    Sarcasm is lost on the retarded. Also, people are saying stupid shit that amounts to "This SecureBoot stuff is not a big deal. Just turn it off if you don't like it." And you can't turn it off on ARM devices with Windows 8 certification. What's more, allowing for a disabling measure on x86 hardware is not mandatory.

    What I've been saying is AGAINST SecureBoot
    Then I wasn't talking to you...

    but as I've said a dozen times before, there needs to be a compromise. It doesn't HAVE to be a BIOS option, it could be a motherboard jumper setting. After all, allowing a software method to disable a "security" feature is in itself a security flaw.
    ...but since you insist on not reading a word I've said, A jumper setting is NOT OKAY because it makes things worse than they are now for new users. You're asking unqualified and uneducated people to put hands on raw electronics in a world where scareware and phishing schemes are a multi-billion dollar industry. What's more, Windows users don't have to do it because it'll just work for them out of the box. Your easy fix won't work. Do you understand? It. Will. Not. Work.

    Comment


    • #22
      Originally posted by Larian View Post
      SecureBoot isn't a Microsoft product? Funny, I thought it was. Especially since you have to get a key from Microsoft -for a fee, no less- to allow your OS to boot. In my little world, if you have to pay someone for something before you can use it, that sounds remarkably like their product.
      Strictly speaking you don't need to get a key from Microsoft, you need to get a key from a trusted certificate authority. Microsoft just happens to be the only notable (if not the only) company/organisation that has signed up as a SB Certificate Authority.

      Comment


      • #23
        Originally posted by Larian View Post
        You know, I've developed a low opinion of your intellect. I've already answered all these questions in the post you quoted, but I'll slog through again. If you reply a second time with verbatim complaints which I have already addressed, notice is hereby served that the answers are in this post.

        The reason ARM OEMs aren't able to include a disable feature is because Microsoft said so, and that's all I know about it. Also, their market dominance is not something I would write off as being "very little leverage". If you want your OEM hardware to wear the "Certified for Windows 8" sticker on the front, you do what Microsoft says.
        I could say the same about my opinion of your intellect, but that's besides the point. Microsoft doesn't have a legal right to tell hardware manufacturers to add SB, so that CAN'T be the reason for not offering a disable feature. MS has a market dominance in x86, not ARM. Windows 8 is doing worse than Vista. That being said, you're comparing the wrong numbers. In the ARM world, Windows RT has very little leverage, therefore, HW manufacturers aren't in a situation where they MUST listen to MS; they can just shoot for Android. And again, why does the HW manufacturer have to care if their product is certified? No average joe is going ask a company like Dell "hey is this computer Windows RT compatible?". If Dell ships a computer with Windows RT on it (assuming they're legally allowed to, I'm not sure), they don't HAVE to say "Windows RT Certified". The reason I believe this is because you're allowed to build and sell a computer with a valid Windows license on it. Most people don't care if a computer is known to be certified and many people don't even understand what the difference between Windows XP and Windows 7. As for everyone else, they KNOW the system is Windows compatible if Windows shipped with their computer. I get your point but it's a market scheme that really only works on devices that an individual's computer didn't come with. So for example, all monitors ought to work with whatever GPU they can connect to, but some might say "Windows ## compatible" which helps comfort clueless customers.

        SecureBoot isn't a Microsoft product? Funny, I thought it was. Especially since you have to get a key from Microsoft -for a fee, no less- to allow your OS to boot. In my little world, if you have to pay someone for something before you can use it, that sounds remarkably like their product.
        I didn't say it WASN'T a MS product, I just wasn't sure if it was 100% a MS product - there might be other companies involved with the development of it. I don't do much research on SB.

        You keep using that word. I do not think it means what you think it means. Accusing people of making statements they've not put a lot of quality thought into is not short-sighted, it's an observation of fallacious thinking in action.
        What do you mean "keep using that word"? If its the word I think you're referring to, I only used it twice in the same sentence. Anyways, you made your point - but it seems as though you understood mine, even if I approached it incorrectly.
        Neither is supporting SecureBoot a short-sighted measure, but bowing to market pressures leveraged by Microsoft. (Keep in mind this only applies to OEMs who want the certification for what I assume are marketing purposes.) Attempting to get into a logical quibble with a philosopher ... that was short-sighted.
        Seriously? Now you're just nit-picketing. The "bowing to market pressures" is basically what I was getting at. A hardware manufacturer that supports SB can point straight to "bowing to market pressure". But, as stated before, I don't think HW manufacturers are in enough pressure, so that's why I think them supporting SB in general is stupid.

        Sarcasm is lost on the retarded. Also, people are saying stupid shit that amounts to "This SecureBoot stuff is not a big deal. Just turn it off if you don't like it." And you can't turn it off on ARM devices with Windows 8 certification. What's more, allowing for a disabling measure on x86 hardware is not mandatory.
        Saying comments like that is not going to get anyone to favor you. First of all, I understand the "send it to me, I'll give a good home" was sarcastic but that wasn't what I was referring to - it was the "don't care what happens to your computer" part, which doesn't sound sarcastic at all, especially through text. I never said SB wasn't a big deal, its an extremely big deal. While you could just boycott a certain brand, what if that brand has the best product? And I know you can't "just turn it off if you don't like it", that also isn't what I said OR implied. You accuse me of being retarded (unless that too was ironically sarcastic) but you're being belligerently ignorant. I was saying while MS doesn't have a legal right to force SB upon us, it's also not realistic to remove SB entirely. So, instead of making a petition to remove it (likely unsuccessful, unless Google joins in), there could be a petition to make a compromise by having the option to disable it, or perhaps to have an identical product that doesn't have SB. It's obviously not favorable to either side but its better than letting it be a permanent feature.
        Then I wasn't talking to you...
        For someone as anal about specifics as yourself, you should have been more explicit.

        ...but since you insist on not reading a word I've said, A jumper setting is NOT OKAY because it makes things worse than they are now for new users. You're asking unqualified and uneducated people to put hands on raw electronics in a world where scareware and phishing schemes are a multi-billion dollar industry. What's more, Windows users don't have to do it because it'll just work for them out of the box. Your easy fix won't work. Do you understand? It. Will. Not. Work.
        This is for people who would go out of their way to install Linux on a device that would be considered otherwise completely unsupported by the manufacturer. As I said before, installing Linux on ARM is not a user friendly process and not even an expert friendly process either, depending on the platform. Also, I didn't say that people would be required to open up a their product and take out this jumper. Maybe there could just be 2 identical systems that are sold, one with a jumper, one without. You would then have the option to add or remove the jumper if you chose to do so.
        Last edited by schmidtbag; 30 December 2012, 08:08 PM.

        Comment


        • #24
          Originally posted by schmidtbag View Post
          I could say the same ...
          Fail. You either don't understand what is being argued or you intentionally miss the point. I leave you to your opinions as I am wasting my time arguing with you.

          Comment


          • #25
            Originally posted by Larian View Post
            Fail. You either don't understand what is being argued or you intentionally miss the point. I leave you to your opinions as I am wasting my time arguing with you.
            Isn't that what I'm supposed to be saying to you right now? At least I can admit I've made mistakes. You're the one twisting or ignoring my words in your favor. You're the one who has failed to prove your point.

            My point was simple but you had to be an ass about it, which is what lead us here. You can't expect this petition to work because MS isn't going to let this go. They have way too much power to simply just drop SB altogether. However, due to the relative unpopularity of Windows 8, HW manufacturers aren't obligated to do what MS says; they can always turn to Android which gives THEM the leverage, not MS. The benefits of getting their devices certified don't outweigh the cons of adding SB. And again, they could just simply install Windows RT without the certification. I'm sure 95% of customers wouldn't notice.

            It does seem some HW manufacturers are getting something extra that is convincing them to use SB that we don't know of (or you do but didn't bring it up). This is why there needs to be a compromise, because nobody will come to an agreement. Perhaps manually enabling/disabling SB might not be the best solution, but it's better than hoping a petition will somehow stop this ENTIRELY. If the petition fails, we might not get another opportunity and we'll be stuck with SB permanently enabled.

            Comment


            • #26
              so much hate

              The issue is quite clear in the surface article:
              "The challenge with loading Linux (or any non-Microsoft operating system) on the new ARM-based tablet is that while it implements UEFI SecureBoot, it doesn't have the "Microsoft Windows UEFI Driver Publisher" key. This is the key used to sign Windows drivers and other non-Microsoft software (e.g. the signed Linux UEFI boot-loaders)."

              Any device, ARM or not, will load non-Microsoft software if it has the Publisher key. Not need to disable anything.
              That includes signed linux distributions, and that quite possibly includes anything once the Linux Foundation sorts out its signed boot system..

              Comment


              • #27
                Originally posted by erendorn View Post
                The issue is quite clear in the surface article:
                "The challenge with loading Linux (or any non-Microsoft operating system) on the new ARM-based tablet is that while it implements UEFI SecureBoot, it doesn't have the "Microsoft Windows UEFI Driver Publisher" key. This is the key used to sign Windows drivers and other non-Microsoft software (e.g. the signed Linux UEFI boot-loaders)."

                Any device, ARM or not, will load non-Microsoft software if it has the Publisher key. Not need to disable anything.
                That includes signed linux distributions, and that quite possibly includes anything once the Linux Foundation sorts out its signed boot system..
                Right but if MS made SB and pretty much did it to snuff out competition, what makes you think they'll let any Linux distro have it? I have heard about an attempt to get this key but I haven't heard of any success of it yet, otherwise I'm sure this petition wouldn't be in progress.
                Last edited by schmidtbag; 31 December 2012, 11:40 AM.

                Comment


                • #28
                  Originally posted by schmidtbag View Post
                  Right but if MS made SB and pretty much did it to snuff out competition, what makes you think they'll let any Linux distro have it? I have heard about an attempt to get this key but I haven't heard of any success of it yet, otherwise I'm sure this petition wouldn't be in progress.
                  What do you think Ubuntu and Fedora are signed with?

                  Comment


                  • #29
                    Originally posted by mjg59 View Post
                    What do you think Ubuntu and Fedora are signed with?
                    They managed to get the signature to bypass SB? If so, great for them. But are they under a contract to not reveal the key? Because what's stopping them from giving it away to other distros? Or, what's stopping other distros from just taking the same files involved that make the key operate? If other distros are able to use this and assuming the signature applies to pretty much any device made, why does FSF care about stopping SB? Obviously I know the answer to that question if the sig is locked with just Ubuntu and Fedora.

                    Comment


                    • #30
                      Originally posted by przemoli View Post
                      Come one. There are dozens of OEMs who do not care about any other OS than Win. They can skimp on BIOS development by just making Win run on it.
                      Most OEMs don't do any firmware development at all (at least not on that level), they buy & configure "off-the-shelf" UEFI implementations that already include that functionality.

                      Comment

                      Working...
                      X