Controversial Windows 8 Secure Boot Feature: FSF Issues Rallying Cry

[Derek12]

But would this affect to BIOS based computers or only for UEFI ones? This wasn't me clear , or would Windows 8 ban BIOS computers?

 

[qubit]

But would this affect to BIOS based computers or only for UEFI ones? This wasn't me clear , or would Windows 8 ban BIOS computers?

Only UEFI implements secure boot. I would expect Windows 8 will install on old machines though, or Microsoft would leave itself with a tiny little market to sell the operating system into.

 

[micropage7]

so m$ think coz they own the market what they do the market will follow and say yes?
like titanic that said unsinkable but history prove it
just lets see...

 

[pr0n Inspector]

When you guys say "signed", do you mean the bootloader or the petition? (hah!)

 

[qubit]

When you guys say "signed", do you mean the bootloader or the petition? (hah!)

I was nearly gonna answer that.

 

[Bo$$]

ah, they are taking the apple route....

 

[pantherx12]

Wait wait wait, so how can windows 8 effect what the motherboard is doing during boot up?


This won't be able to stop people installing linux at all I'm so confussed :S

 

[digibucc]

Wait wait wait, so how can windows 8 effect what the motherboard is doing during boot up?


This won't be able to stop people installing linux at all I'm so confussed :S

restricted boot only allows signed executables to boot, most linux distros will not be signed on every release, so if restricted boot is enabled, only signed linux installs will work. there will be some,. but it will greatly limit the control you have over our own machine (if it is implemented wrong).

 

[tomkaten]

It's Microsoft. If something can go wrong it will go wrong. I'm sick of "features" designed to help the users in their first two iterations and horrifyingly restrictive after the initial public protests. So I signed it as well.

 

[Kreij]

A signed bootloader/kernel is not enough. The firmware on the mobo must be aware of the signed executable too (it's key). This means that if the OEM did not include keys for a given OS, it will not work. Period. If I write a bootloader and kernel and want to test to see if it works with this option, I can't even if I self-sign it.

Let's say that you are happily running (legit) Windows and some malware (ie. rootkit) infects your bootloader.
It would seem that from that point on, your system will no longer boot at all, and force a complete wipe and reload of the OS. While that is probably what you would do in the event of a bootloader compromise, it's really going to put non-technical people in a panic situation.

I like the idea in concept, but the execution leaves quite a few questions unanswered (at least for now).

 

[Mussels]

kreij: they'll just put a repair tool for the bootloader on the installation DVD, like they already have now for other repair functions.

 

[Kreij]

kreij: they'll just put a repair tool for the bootloader on the installation DVD, like they already have now for other repair functions.

That sort of fixes one of the problems, but what about the OEM systems that do not come with installation disks and require you make your own (which many, many people completely overlook)?

 

[Mussels]

That sort of fixes one of the problems, but what about the OEM systems that do not come with installation disks and require you make your own (which many, many people completely overlook)?

as always, they'll expect you to take it back to where you bought it for repairs. (in reality, they take it to that family friend who "can fix these stupid things")

 

[Kreij]

I agree with that, Mussels, as most of us fall into the category of someone who "can fix these stupid things".
I just wonder how many people will just shut off the option, hand the computer back and say "fixed" even though the bootloader is still compromised.

I just can't help but feel that there is a better way to do this.

 

[Mussels]

I agree with that, Mussels, as most of us fall into the category of someone who "can fix these stupid things".
I just wonder how many people will just shut off the option, hand the computer back and say "fixed" even though the bootloader is still compromised.

I just can't help but feel that there is a better way to do this.

all microsoft really want is to block OEM machines from pirating newer OS's. they dont give a shit about custom builds. this is a piracy fix for prebuilt machines, especially laptops and tablets and nothing else.

 

[[H]@RD5TUFF]

signed

 

[laszlo]

qubit since you star posting news& "editorials" i felt like tpu gained "virility" ; i must admit that slowly get bored by all the hardware news,test,benches etc...life is not all about hardware & tech and i think is good having more infos from all domain in pc area and related ones

keep up the good work and don't give a s..it about critics;those who criticize you read what you post so they're readers even they want or not.

only good work is criticized bad is almost never mentioned

 

[qubit]

qubit since you star posting news& "editorials" i felt like tpu gained "virility" ; i must admit that slowly get bored by all the hardware news,test,benches etc...life is not all about hardware & tech and i think is good having more infos from all domain in pc area and related ones

keep up the good work and don't give a s..it about critics;those who criticize you read what you post so they're readers even they want or not.

only good work is criticized bad is almost never mentioned

Thankyou very much! I'm glad to be making a positive difference to TPU.

 

[[H]@RD5TUFF]

Everyone should sign this regardless of your OS choice, being forced into having to use only 1 OS to "fight piracy" is a terrible thing!

 

[fusionblu]

So this is the reason Microsoft is releasing a new OS so soon than rather let Windows 7 have a long life span. I thought the release of a new OS this soon was suspicious since there are not as many serious faults with Windows 7 as there were with Windows Vista, but it would appear that this Restrict-Boot is the only option Microsoft have to fight the rather helpful SLIC Activation Loader which is used my millions of people worldwide.

I guess this won't matter much as an alternative crack would eventually be made if this "feature" (as Microsoft might like to call it) were to be implemented into all motherboards as piracy is always inevitable when a product is released regardless of any anti-piracy methods that may have been put in.

I think it would be safe to say that when the "Secure-Boot" is bypassed it would only become an unnecessary "feature" that motherboard manufacturers would eventually get rid off, but let's hope that it would fail before it can be used so it won't interfere with the hardware and software that has yet to be released.

 

[Mussels]

fusionblu: or maybe microsoft always released OS's this fast in the past?


95/98/98SE/ME/NT/2000/XP/XP MCE/XP 64/vista/7 ?

 

[fusionblu]

fusionblu: or maybe microsoft always released OS's this fast in the past?


95/98/98SE/ME/NT/2000/XP/XP MCE/XP 64/vista/7 ?

I suppose that part could be true, but from how far they've gone it's clear that the new release is mostly about the anti-piracy and not as an actual improvement, that much is clear.

 

[newtekie1]

I suppose that part could be true, but from how far they've gone it's clear that the new release is mostly about the anti-piracy and not as an actual improvement, that much is clear.

Clear? Not really, I think there are more improvements between Win8 and Win7 then there were between Win7 and Vista. Vista didn't really have that many problems by the time Win7 was released, SP1 and SP2 made sure of that.

 

[FordGT90Concept]

There's nothing to stop malware from getting signed. e.g. most Adobe and Apple software.

I've never encountered a malicious boot anyway unless UEFI is extremely vulnerable to such things. I haven't used a UEFI system yet.

 

[newtekie1]

There's nothing to stop malware from getting signed. e.g. most Adobe and Apple software.

I've never encountered a malicious boot anyway unless UEFI is extremely vulnerable to such things. I haven't used a UEFI system yet.

Well UEFI is far more capable when it comes to network booting, so one of the main concerns that people voiced about it was that malicous booting was a larger concern due to the better network booting support. Secure Boot is one of the ideas to help close those holes created by the network booting improvements.