[PCWorld]

Post your comments for Linux and Windows 8's Secure Boot: What We Know So Far here

[linuxrants7xpg]

Let's assume best case scenario for a second. It's turned on by default, but can be turned off by the user. Windows 8 still boots with it off. Even in this scenario, Microsoft has added at least one layer of complexity to the Linux installation, and Linux is stuck with the stigma of having to turn off security features in order to run. All of a sudden, Microsoft gets to look like it's "more secure" despite that probably not being the case, and Linux gets harder to use.

If we assume worst case scenario, the hardware vendor won't let the user disable the secure boot, and Linux won't even run on the system.

Worst case scenario, best case scenario, or anywhere in between, it's bad for Linux.

This post has been edited by linuxrants7xpg: 27 September 2011 - 06:16 PM

[harrismh777]

Katherine has provided another balanced article; thank you. I have an addition, a correction, and an @linuxrants response:

First off, grub has supported EFI for some time, and various flavors of EFI (UEFI) are just details. The actual work involved might even amount to a long weekend; seriously. Many folks are running linux today on Mac Books without emulated bios... yep, EFI. Ubuntu is running on several 64 bit EFI systems and doing just fine. Eventually, everyone everywhere will be using EFI... just which one?

Secondly, many folks are running linux from live cds, or (like my staff) from usb keys. If the hardware ships with EFI on by default with no way to modify the keys or disable the feature, this will preclude purchasing the hardware. It really is a simple equation for many of us... prevent dual or alternate boot-up and we will not purchase the hardware.

My latest HP g series notebook was a $330 dollar loss-leader that I found at Radio Shack--- dual core, 360 gig drive, 17 inch led flat-panel, 4 gig memory, all the ports, yadda yadda... running Windows7 and having *no* real software inside (seriously). The first thing I did was boot it up in the store with a Trisquel usb boot key... came right up and all the hardware checked out, including the built-in camera and the track pad... the second thing I did was wipe the drive clean and install a clean load of Ubuntu (not unity thank you very much) with only non proprietary software. Its free as in freedom baby, or I do not run it.

@linuxrants: This is not bad for linux... believe it or not its bad for Microsoft. You've probably heard, " give em enough rope they'll hang themselves..."? They have pushed things just about as far as they can. I think this move will be their swan song. It's not only bad for Microsoft, its bad for OEMs. Live CDs and USB keys have made testing hardware so easy... and people are just plain sick and tired of being locked in. The business equation is just not making sense for this to happen across the board... and if everyone (all OEMs) fail to jump on the band-wagon then the ones who hold out for freedom will make the bucks.

I would not say the sky is falling just yet... unless you're looking out for falling NASA space junk... but, this is certainly worth keeping on the front burner with both eyes wide open. Let's try to keep the FUD out of it though...

Cheers,

[RobertQuance]

Bottom line for me is that if the machine comes locked to Microsoft and is not able to be swayed I will not buy it. PERIOD. I use Linux in my repair business to save many Windoze systems so maybe this is a way Microsoft is trying to terminate itself.

[JonTeatxdg]

I can understand Microsoft wanting a secure boot process, but in all honest if they actually took the time to make Windows more secure instead of forcing vendors to comply with their standards.

I'm happy with my install of Linux Mint on my desktop, and my CR-48. Remember this is all about freedom, and the choice to do what you want with equipment you own. That is why we "purchase" the hardware, and we get a license for the software. Anyways with Windows or Mac.

My whole opinion is we own the hardware, and we the user should have the freedom to do with as we see fit. If that means leaving Windows on it, making a Hackintosh, and putting Linux of one flavor or another.

[NathanAnderson]

Sounds like Microsoft is trying to make home PC's work like XBOX's where the user is treated like he never really owns his own PC hardware, and forces only MS approved peripherals and software. This also opens the door for Microsoft to push other OS's out of the market under deCSS style "illegal circumvention device" law suits. Most modern PC's already have the eXecuteProtect Bit option why do we need a MS only proprietary version of that?

[JamesLiptontw68]

At our company, we always re-image all the machines with our own image of Windows; either XP or 7, and we have thousands of users! We never use the generic OS that comes with machines from the factory. Of course, we do install many Linux desktops too. I am sure we will figure out a way around it, but it will cost us a lot time and effort.

So I am not sure that it would be a wise idea for hardware makers to allow MS lock down the Windows on their machines. They will loose a lot of business!!

[CannibalCat]

Microsoft, as usual, is trying to make it so that they are the only option as for as O/S's are concerned.
This will end up biting them in the arse.
I'm currently sitting on a quad boot xp/vista/7/ubuntu laptop and only use the windows variants when i have to troubleshoot a windows problem in the field.
For anything else, It's ubuntu all the way.
MS is just pushing people away from them with stunts like this, which is fine by me. When I show people the power and cost effectiveness of Linux, they are all for it except for power gamers.
MS should give up on the O/S market and just become a gaming company. That's the only thing keeping them alive nowadays anyway.

[BigOkieTechie]

Why is Microsoft requiring this at the hardware level for "executables and drivers"? Isn't this an OS function?

Seems to me that this not only means that you can't load another OS on your machine. But, Microsoft is now going to make it to where no program (other than what they give you) or driver (other than what they approve...even if made by the device manufacturer) will work on your PC.

Can you say...no more 3rd party help?

This is indeed a monopolistic move.

[QUADICON]

Clueless. First. Secure boot is enabled by default, because that is the only way Windows 8 will boot.


Can be disabled in theory? There are plenty of motherboards on the market right now that use UEFI. It can be disabled. When it comes to OEM branded systems, it will be up to them to allow a disabling option. Since they are aware people will multiboot OS', it is assured there will be PC's with an option. Some may not have an option and really dont need one.

You don't need the option if you are onlygoing to use Windows 8. People who buy branded systems in the vast majority, use the OS the system come with. I would find it stupid for a person to buy a brand new Windows 8 system just to wipe it and install somethign else. Theer are plenty of options available now. And since Windows 8 requirements match those of Windows 7, if anyone has Windows 7 based hardware; they would be foolish to even go and buy a Windows 8 system.

Even if there is NO option on the hardware front, there is still an option on the software front. Linux does have distros that support UEFI booting.

And stop trying to awn thsi off as it is something against Linux.

All operating systems that predate Windows 8 also don't support Secure Boot. Which means if anyone wants to dualboot Windows 7, Vista, XP, ME, 98, 95 and 3.1; they won't work either.

WLinux has supported UEFI since 2000 and Windows has supported it since 2002. if you don't need Secure Boot, then you simply dont buy a PC with it. Anyone who is tech savvy enough to boot multiple operating systems are smart enough to figure it out. Obviously we can tell the writer isn't tech savvy enough.

[QUADICON]

@Linuxrants7xpg - You are still wrong. Linux supports UEFI Secure Boot. You simple need to use a distro that supports it.

You need to ascertain whther you even need to move up to a Windows 8 UEFI system in the first place. Its not bad for Linux. Its bad per se for anyone wanting to run an older operating system period.

Again, Linux supports UEFI and has done so since 2000. if your didtro doesn't support it, you simply download the distro that does and update/grade.

If a person needs Linux that bad and is smart enough to use Linux and don't want changes, then they shoudl be smart enough not to buy hardware that doesn't support the type of setup they want.

[QUADICON]

@JohnTetxdg - You obviously don't understand what secure boot is for. Its has nothing to do with how secure the OS is itself.

It secures the boot process against rootkits that can be placed in the MBR. It simply causes the hardware to not boot unless the OS provides a secure signature. It does nothing more.

Its the same things Macs do. OSX boots native using EFI, which is why Windows can't directly boot. Booycamp supplies the signature needed to allow Windows to boot on Macs. Microsoft is simply going a similar. However UEFI and EFI have some differences.

@Harrismh777- UEFI is not going to stop OEM's from making money. I am sure the top OEM's liek HP and Dell will provide system that allow the option to choose. However, even if they locked the vast majority of them, it sint going to stop them from mamking any money.

What you guyes dont understand is this Secure Boot option DOES NOT effect Enterprise systems. It effects retail options only. Businesses who buy systems will always have this option to choose as OEM's know that businesses will need this. A person buying a Windows 8 system wants Widows 8. Explain why they need an option to disable secure boot?

Any PC enthusiast who needs an option shoudl be smart enough to check details before buying. Its that simple. If you are smart enough to use Linux, then you should be smart enough to know how to shop. if you dont then why are you using Linux in the first place. That si how simple this is.

Microsoft isn't shooting itself in the foot. You are shooting your ownself because you are allow blos like this who dont even understand the deatils of what is happening to tell you what is happening.

Katie Noise is just trying to cause issues and so is Garrett. Since Windows 7 and 8 both use the same hardware credentials, it basically means you dont even need to upgardes your hardware.

if you want to dualboot Windows 8 on a non uEFI system, you can. If you dont think so, then you need to install the Windows 8 Preview.

I installed it on a system that is dualbooting Windows 7 and Ubuntu and Windows 8 creted its own boot loader and I was still able to choose either of the 3.

The whole problem with Katie Noise and Garrett is they dont understand the facts. if you buy a system that comes with Windows 8 installed, yes your options could be limited. But they are easily handled but either purchasing hardware where you have an option, or sticking with what you have.

I mean, do you really need Windows 8? Its not offering that much above Windows 7. Unless you wanta t ablet running Windows 8, Windows 8 isnt bring anythng to the desktop that requires you to have it.

[QUADICON]

@NathanAnderson - Really? So Macs use UEFI too. is it the same? You dont know what you are ta;king about.

All EFI does is requires a signature that allows for sofwtare to access the hardware. In this case the OS. It doesn't do anything else. Its jib is to protect you against rogue software designed to hack into the boot process and make your system less secure. if you dont understand EFI or UEFI, then you need to read up on it. Because you obviously like Katie Noise don't get it.

And what you said was 100% inaccurate. Knowledges is power. But you wont gain any knowledge by listening to fools who have no idea what is really happening and are just parrotting what others say.

Microsoft is doing what is best for the platform. It is up to hardware makers to offer you an option.

Apple doesn't offer an option to disable secure boot on Macs because if they did, you could install any OS you want. Thats is why you need Boot Camp. if you dont want this type of lockdown, yo simply dont buy a Mac or any UEFI based system.

[QUADICON]

To all the clueless posters below who keep saying Microsoft is trying to lock down PC's to just run Windows, you simply are wrong.

The OS is using the benefits of hardware that has existed since 2000. Linux and OSX both support this option. Windows is now supporting this option. Theer are plenty of workarounds and no they dont require all that much time and effort. Only if you dont know what you are doing.

The best thing you can do so that you dont confuse yourself any further is to keep Linux and its present setup on the box you have it on now, and if you want Windows 8 run Windows 8 on its own box. That way you wont have a problem.

For IT guys that know whatthey are doing and aren't Linux hobbyist, you dont see any of them complaining about the move because the move isn't as serious as Katie Noise and Garrett are trying to make it. If you go and Google the issue and actually read all the facts you will see that not only is Katie Noise wrong, and Garrett is wrong; you would see you're all wrong too.

[linuxrants7xpg]

QUADICON, on 28 September 2011 - 06:11 AM, said:

@Linuxrants7xpg - You are still wrong. Linux supports UEFI Secure Boot. You simple need to use a distro that supports it.

You need to ascertain whther you even need to move up to a Windows 8 UEFI system in the first place. Its not bad for Linux. Its bad per se for anyone wanting to run an older operating system period.

Again, Linux supports UEFI and has done so since 2000. if your didtro doesn't support it, you simply download the distro that does and update/grade.

If a person needs Linux that bad and is smart enough to use Linux and don't want changes, then they shoudl be smart enough not to buy hardware that doesn't support the type of setup they want.

Good morning. I respectfully disagree with you. The problem isn't with UEFI. You're right in that Linux already supports UEFI both with LILO and GRUB. No worries there. The problem comes in with the Secure Boot portion of UEFI, which Microsoft is requiring to be enabled. This makes it a requirement for drivers and executables to be "signed". If they're not signed, then they don't run. Further, they have to be signed with a key that's already present in the firmware of the system. The only authorities that have the ability to do that currently are the OEMs and Microsoft. Even if you disregard the obvious implications for the GPL (how do you sign a binary when you're distributing source code?) Linux distributions will be required to get their key embedded into the firmware of every single system that is Windows 8 Certified. While none of this is impossible (so far) it does add significant complexity to using a computer to run Linux, which is bad.

[wildlinux]

For those opposed to building machines from parts bought at one of the many fine stores selling them like New Egg...there are many fine Made in the U.S.A. companies making nice machines only with Linux installed System 76 and zareason are likely best known;I've heard of others in Europe. So far good machines with Windows if you catch them on sale has been a great source for Linux machines cheap but it would be nice to see some of those installing Linux at the factory grow.

[waldojim]

harrismh777, on 27 September 2011 - 06:29 PM, said:

Katherine has provided another balanced article; thank you. I have an addition, a correction, and an @linuxrants response:

First off, grub has supported EFI for some time, and various flavors of EFI (UEFI) are just details. The actual work involved might even amount to a long weekend; seriously. Many folks are running linux today on Mac Books without emulated bios... yep, EFI. Ubuntu is running on several 64 bit EFI systems and doing just fine. Eventually, everyone everywhere will be using EFI... just which one?

The issue at hand is NOT UEFI. It is SECURE BOOT. No, Linux can not magically be supported on secure boot enabled systems, thus the problem. YOUR individual machine MUST have a security key in place to boot LINUX. A UNIQUE KEY that it is NOT required to have. OR the ability to disable secure boot, which it is also NOT required to have.

Quote

Secondly, many folks are running linux from live cds, or (like my staff) from usb keys. If the hardware ships with EFI on by default with no way to modify the keys or disable the feature, this will preclude purchasing the hardware. It really is a simple equation for many of us... prevent dual or alternate boot-up and we will not purchase the hardware.

That is not an option for many different scenarios.
EG: If a manufacturer wants to sell a laptop with Windows 8, they MUST enable secure boot. Can you realistically BUILD your own laptop? No. So you are stuck with whatever the manufacturer decides to do to you.

Quote

My latest HP g series notebook was a $330 dollar loss-leader that I found at Radio Shack--- dual core, 360 gig drive, 17 inch led flat-panel, 4 gig memory, all the ports, yadda yadda... running Windows7 and having *no* real software inside (seriously). The first thing I did was boot it up in the store with a Trisquel usb boot key... came right up and all the hardware checked out, including the built-in camera and the track pad... the second thing I did was wipe the drive clean and install a clean load of Ubuntu (not unity thank you very much) with only non proprietary software. Its free as in freedom baby, or I do not run it.

guaranteed the CHEAP machines like that are the FIRST machines locked down. Simply because HP makes money on the crapware. That crapware won't be quite so optional any more.

Quote

@linuxrants: This is not bad for linux... believe it or not its bad for Microsoft. You've probably heard, " give em enough rope they'll hang themselves..."? They have pushed things just about as far as they can. I think this move will be their swan song. It's not only bad for Microsoft, its bad for OEMs. Live CDs and USB keys have made testing hardware so easy... and people are just plain sick and tired of being locked in. The business equation is just not making sense for this to happen across the board... and if everyone (all OEMs) fail to jump on the band-wagon then the ones who hold out for freedom will make the bucks.

I would not say the sky is falling just yet... unless you're looking out for falling NASA space junk... but, this is certainly worth keeping on the front burner with both eyes wide open. Let's try to keep the FUD out of it though...

Cheers,

Tech nerds are tired of being locked in. The average person just wants to get work done. More often than not, that does not include Linux. Sorry, just the truth. As mentioned in other threads, I would bet that manufacturers use this to lock down the cheap machines. Essentially forcing people to use included copies of Windows so they can load up all the crapware they want to while keeping you from either installing Linux or even a 'generic' copy of Windows.

[MarioJP]

I could see why all of a sudden (finally) the bios is getting a face lift. For starters the bios is a mess from the start. On some systems it either boots too fast, missing the key press or too slow (some systems don't even have the option to adjust the speed). Worst the keys are hidden until you finally guessed the right one!! and this is where problem number 2 comes in!!.

Problem number 2. too many combo keys to guess. is it DEL F1 F10 F12 F6 F2? Now its gets even better with newer systems! and you would think by now in this time in age someone would actually think to have a standard key to access the bios but NOPE!. they added another key combo CTRL+F2!!! Geeze!. cmon guys think!!!. This is getting ridiculous!. No matter what version of Windows you are using. Its is always F8 to boot up in safe mode!. What is so hard to have a standard key to get into the bios!??

Problem#3 If you have one of those odd-system with a odd wonky bios. Boot loader are unstable especially for live cd's I have seen live distro would report a address error or just a simple retry error of and you hit the key couple of times till it finally boots. Other times the disc would load and freeze half way. Yet you try that same disc on another machine AND IT WORKS, only to find out for whatever odd reason it does not like your raid setup forcing you to disable raid and switch to ide, which by then defeats the purpose to use a live cd since your disks were constructed in RAID. ANOTHER PERFECT EXAMPLE!!. GRUB DOES NOT LIKE MY BIOS but yet if i disable the raid it works fine. with some boot loaders causes the bios to freeze completely while others just gives you retry error until it finally works.

Now with all that said it is time for a change!, but at the same time not favoring a closed firmware. We just have to wait in see I hope its Bios 2.0 or something. Anything to get away from this low res dreadful bios!.

[DrewBeckett]

This is a stunningly totalitarian move on the part of Microsoft. Once again an attempt to create a Monopoly and remove competitiveness. This is more than a business decision however. We have yet to see how this binding of hardware to a 'First World Operating System' would effect the creation, distribution and use of computer systems for Medical applications around the world. I doubt every free clinic in Africa that has a computer will be able to upgrade their computer to Windows 8, but if they do not- these people will be left with inferior computational abilities where they are needed most. Microsoft/Gates once again disgusts me by placing greed above quality, free will, and openness. This may spark a revolt into using systems such as Ubuntu once Microsoft alienates entire markets with their 'digital native architecture' model of sales.

[linuxitpro]

Quote

This is a stunningly totalitarian move on the part of Microsoft. Once again an attempt to create a Monopoly and remove competitiveness. This is more than a business decision however. We have yet to see how this binding of hardware to a 'First World Operating System' would effect the creation, distribution and use of computer systems for Medical applications around the world. I doubt every free clinic in Africa that has a computer will be able to upgrade their computer to Windows 8, but if they do not- these people will be left with inferior computational abilities where they are needed most. Microsoft/Gates once again disgusts me by placing greed above quality, free will, and openness. This may spark a revolt into using systems such as Ubuntu once Microsoft alienates entire markets with their 'digital native architecture' model of sales.