1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Windows 8 Secure Boot: Designed to Lock Out Linux?

Discussion in 'News' started by qubit, Sep 21, 2011.

  1. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,821 (4.07/day)
    Thanks Received:
    3,479
    Proposed changes to the Unified Extensible Firmware Interface (UEFI) firmware specifications would mean PCs would only boot from a digitally signed image derived from a keychain rooted in keys built into the PC. Microsoft is pushing hard to make this mandatory, so that users cannot override it. This feature would have the handy benefit of excluding alternative operating systems such as Linux and FreeBSD. This is according to Professor Ross Anderson of Cambridge University and other industry insiders. Also, it's not at all clear that it actually secures against viruses and other malware and appears to be solely designed to appease corporate self interests for unbreakable Digital Restrictions Management (DRM).

    UEFI supercedes the 30 year old veteran BIOS found in most PCs today, which is very inefficient and slow for modern PCs, carrying a lot of old, legacy compatibility baggage that's just not needed in today's PC. UEFI, a key component of Windows 8, is designed to work on several CPU architectures, such as ARM and is streamlined and efficient. It also includes a much improved graphical interface that replaces the keyboard-driven menu system of the BIOS.

    If the changes are adopted, then any system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux. Tech blogger Matthew Garrett explains that while a signed version of Linux would work, this poses problems:
    However, there's no need to panic just yet, concluded Garrett.

    The effect of all these changes is to return to the dark days of 2003, when the Trusted Computing platform was being pushed as a way to completely DRM your entire PC to satisfy the content industries. However, this version will be far worse:

    Anderson concludes that this restrictive technology might violate EU competition law, on Cambridge University's Light Blue Touchpaper blog.

    Source: The Register
  2. Sean8

    Joined:
    Mar 7, 2009
    Messages:
    289 (0.15/day)
    Thanks Received:
    10
    Doesn't mac osx have this? and you can dual boot it.
  3. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,821 (4.07/day)
    Thanks Received:
    3,479
    No, it has UEFI, but not this digital signing. This is something new - well, resurrected. :rolleyes:
  4. v12dock

    v12dock

    Joined:
    Dec 18, 2008
    Messages:
    1,538 (0.76/day)
    Thanks Received:
    297
    It would be cracked before launch anyways
    Easy Rhino says thanks.
  5. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,821 (4.07/day)
    Thanks Received:
    3,479
    Nah, don't be silly - just look at all the other secure and successful DRM solutions out there. :laugh:
    hellrazor says thanks.
  6. DannibusX

    DannibusX

    Joined:
    Aug 17, 2009
    Messages:
    2,527 (1.41/day)
    Thanks Received:
    979
    Location:
    United States
    Interesting read.
    qubit says thanks.
  7. OneMoar

    OneMoar

    Joined:
    Apr 9, 2010
    Messages:
    2,869 (1.84/day)
    Thanks Received:
    606
    Location:
    Rochester area
    Way to add some sensationalism there qubit
    a sniplet from > http://arstechnica.com/business/new...tured Content)&utm_content=Google Feedfetcher <
    Disabling secure boot

    “Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled,” Red Hat developer Matthew Garrett writes on his blog in reference to a recent presentation by Microsoft program manager Arie van der Hoeven. The Microsoft exec notes that UEFI and secure boot are “required for Windows 8 client” with the result that “all firmware and software in the boot process must be signed by a trusted Certificate Authority.”

    Microsoft has a good reason for this. A “growing class of malware targets the boot path [and] often the only fix is to reinstall the operating system,” van der Hoeven said. “UEFI and secure boot harden the boot process [and] reduce the likelihood of bootkits, rootkits and ransomware.”

    Importantly, though, Garrett writes that “there’s no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code.”

    For many (and hopefully most) Windows 8 machines, this means that users have a good chance of successfully entering the UEFI settings interface to turn off secure boot. But this will depend on the hardware vendor.

    “Experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market,” Garrett writes. “It's almost certainly the case that some systems will ship with the option of disabling this. Equally, it's almost certainly the case that some systems won't. It's probably not worth panicking yet. But it is worth being concerned.”

    Technically, vendors can ship Windows 8 PCs without meeting Microsoft's "designed for Windows 8" logo requirements, but major OEMs typically would not do that.

    The Windows 8 developer tablet Microsoft handed out at this month’s recent BUILD conference did include the ability to turn off the secure boot process. This is reminiscent of Google’s Cr-48 Chromebook, which allowed users to turn off the Verified Boot process and install another operating system, though this involved flipping a physical switch instead of changing a software setting.
  8. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,201 (11.41/day)
    Thanks Received:
    13,572
    Location:
    Bangalore, India
    The only "DRM" that ever actually worked is Casino security.
    Chevalr1c and hellrazor say thanks.
  9. OneMoar

    OneMoar

    Joined:
    Apr 9, 2010
    Messages:
    2,869 (1.84/day)
    Thanks Received:
    606
    Location:
    Rochester area
    its not really DRM its no different the driver signature enforcement its there to keep bad people from doing bad things and it has a "off switch"
  10. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,821 (4.07/day)
    Thanks Received:
    3,479
    Thanks, I'll take that as a complement. ;) My writing style is a combination of irreverent, humourous and at times cynical and sarcastic. I particularly liked my headline "Customer Agony over Netflix's Price Rises & New Split Personality". I loved the "Customer agony" bit. :D

    Of course Microsoft are gonna dress it up as something positive and benign, they're trying to get it established! People like the prof and the blogger however, can see right through it. As you see in the article, it was only widespread opposition eight years ago that stopped this restrictive practice from becoming standard. This stuff is like Apple lock-ins on steroids; you ain't seen nothin' yet, baby!

    Personally, I think once more it will fail, because it's too blatant an attempt at shutting out the competition, but society must remain eternally vigilant against such abuses.
  11. OneMoar

    OneMoar

    Joined:
    Apr 9, 2010
    Messages:
    2,869 (1.84/day)
    Thanks Received:
    606
    Location:
    Rochester area
    typical foss user ranting lulz :banghead: people like you are why linux has less then a 5% share of the desktop market
  12. Katanai

    Katanai

    Joined:
    Mar 15, 2008
    Messages:
    939 (0.41/day)
    Thanks Received:
    106
    This article: Designed to start a flamewar?
    TRWOV says thanks.
  13. EastCoasthandle

    EastCoasthandle New Member

    Joined:
    Apr 21, 2005
    Messages:
    6,889 (2.04/day)
    Thanks Received:
    1,505
    I have to wonder if this would have any effect on 3rd party software that is not driver signed?
    And would we need to update our bios if we want win8?
  14. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,821 (4.07/day)
    Thanks Received:
    3,479
    Thanks for the personal attack. :rolleyes: I would have appreciated an intelligent response to my intelligent (and pleasant) response.
  15. OneMoar

    OneMoar

    Joined:
    Apr 9, 2010
    Messages:
    2,869 (1.84/day)
    Thanks Received:
    606
    Location:
    Rochester area
    pretty much its your typical twist the facts and bend words to make it looks like the big evil corporation has it out for them
    not what I like to see on tpu :(
  16. OneMoar

    OneMoar

    Joined:
    Apr 9, 2010
    Messages:
    2,869 (1.84/day)
    Thanks Received:
    606
    Location:
    Rochester area
    there was nothing intelligent or pleasant about your post its badly edited and copypasta and its apparently made to look like OMG Microsoft is evil and disregards both the fact that A: if Microsoft wanted to _block linux_ they could have done so years ago b: thats not what this is intended for
  17. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,821 (4.07/day)
    Thanks Received:
    3,479
    You are really becoming blatantly insulting now. And you really need to stop. How about you just unsub from this thread and stop crapping in it?
  18. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,319 (6.34/day)
    Thanks Received:
    3,344
    Location:
    IA, USA
    On the surface, I reach the same conclusion. This is bad joo joo.
    hellrazor and qubit say thanks.
    Crunching for Team TPU
  19. OneMoar

    OneMoar

    Joined:
    Apr 9, 2010
    Messages:
    2,869 (1.84/day)
    Thanks Received:
    606
    Location:
    Rochester area
    and no I was making a generalization not a _personal attack_
    THIS is a personal attack
    [example] qubit is the stereotypical FOSS zelot that doesn't know his carriage returns from his brackets and should go burn in the fiery pits of mordor [example/]
  20. Fx

    Fx

    Joined:
    Oct 31, 2008
    Messages:
    497 (0.24/day)
    Thanks Received:
    87
    Location:
    Portland, OR
    I didnt see this coming but it doesnt surprise me either

    smh
  21. bear jesus

    bear jesus New Member

    Joined:
    Aug 12, 2010
    Messages:
    1,535 (1.07/day)
    Thanks Received:
    200
    Location:
    Britland
    This sounds like it may suck for pre built computers, i know it does not seam like much of an issue for most of us but that would include laptops, netbooks and other things that people like us would buy pre built.

    Oh and qubit i must say i have been enjoying your news posts, one of the reasons is the late night posing, well late night for users like me in britland. :toast:
  22. micropage7

    micropage7

    Joined:
    Mar 26, 2010
    Messages:
    5,564 (3.54/day)
    Thanks Received:
    1,272
    Location:
    Jakarta, Indonesia
    so
    because this the user of cracked windows will rise high than before?
    i guess this is interesting
  23. Fx

    Fx

    Joined:
    Oct 31, 2008
    Messages:
    497 (0.24/day)
    Thanks Received:
    87
    Location:
    Portland, OR
    aye, +1 for qubit
    qubit says thanks.
  24. OneMoar

    OneMoar

    Joined:
    Apr 9, 2010
    Messages:
    2,869 (1.84/day)
    Thanks Received:
    606
    Location:
    Rochester area
    the lot of you keep overlooking the point that it HAS a off button AND its A uEFI foundation spec NOT a Microsoft one its not any different the SLIC embedded in most oem bios's
    http://mjg59.dreamwidth.org/5552.html
    Jack Doph says thanks.
  25. DrPepper

    DrPepper The Doctor is in the house

    Joined:
    Jan 16, 2008
    Messages:
    7,483 (3.15/day)
    Thanks Received:
    813
    Location:
    Scotland (It rains alot)
    Actually it's more to do with the fact Linux is a niche OS that is only used by professionals and techies since the average user doesn't want to go through all the hoops to get what they want out of software.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page