Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Dual Boot Not Trusted, Rejected By Vista SP1

timothy posted more than 6 years ago | from the that's-south-of-luckless dept.

Bug 525

Alsee writes "Welcome to our first real taste of Trusted Computing: With Vista Enterprise and Vista Ultimate, Service Pack 1 refuses to install on dual boot systems. Trusted Computing is one of the many things that got cut from Vista, but traces of it remain in BitLocker, and that is the problem. The Service Pack patch to your system will invalidate your Trust chain if you are not running the Microsoft-approved Microsoft-trusted boot loader, or if you make other similar unapproved modifications to your system. The Trust chip (the TPM) will then refuse to give you your key to unlock your own hard drive. If you are not running BitLocker then a workaround is available: Switch back to Microsoft's Vista-only boot mode, install the Service Pack, then reapply your dual boot loader. If you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are S.O.L."

cancel ×

525 comments

Sorry! There are no comments related to the filter you selected.

But what if... (4, Interesting)

ivan256 (17499) | more than 6 years ago | (#24407911)

What happens on systems without a TPM?

Re:But what if... (5, Funny)

eln (21727) | more than 6 years ago | (#24407939)

It will detect the lack of a TPM and notify the FBI that you are probably a terrorist.

Re:But what if... (0, Offtopic)

Anonymous Coward | more than 6 years ago | (#24408039)

I love that this post was first modded Informative

Re:But what if... (5, Informative)

gparent (1242548) | more than 6 years ago | (#24408591)

Informative gives Karma but Funny doesn't. Therefore, people who appreciate the post and wish to give the user some karma will choose Informative.

Re:But what if... (5, Funny)

Iphtashu Fitz (263795) | more than 6 years ago | (#24408091)

Probably?

Re:But what if... (1, Informative)

Anonymous Coward | more than 6 years ago | (#24408211)

Terrorizing the poor multi billion $ business of M$

Re:But what if... (4, Funny)

dashesy (1294654) | more than 6 years ago | (#24408447)

Thy shalth devote wholeheartedly to evil or the good. No point in between.

Re:But what if... (-1)

Anonymous Coward | more than 6 years ago | (#24408499)

The mac pro users must be shit out of luck hope they don't drop the soap.

Re:But what if... (2, Insightful)

KDR_11k (778916) | more than 6 years ago | (#24407947)

I would guess you can't enable the encryption.

Re:But what if... (5, Insightful)

ivan256 (17499) | more than 6 years ago | (#24408007)

Of course, the article says the problem exists even if you don't have the encryption enabled.... However it looks like what happens in that case is the same as what's always happened when a windows update contains a MBR change: It overwrites your third party bootloader. (Or in this latest case, forces you to do it yourself manually).

I'm failing to see why this is a big deal. Software is in place to check for a piece of third party code intercepting your encryption key... It successfully detects GRUB as such software, and stops. So what?

Re:But what if... (4, Insightful)

Cley Faye (1123605) | more than 6 years ago | (#24408403)

I'm failing to see why this is a big deal. Software is in place to check for a piece of third party code intercepting your encryption key... It successfully detects GRUB as such software, and stops. So what?

When you don't have the choice to disable this "option", it IS a big deal.

Re:But what if... (2, Insightful)

mpapet (761907) | more than 6 years ago | (#24408003)

There's no TPM module to establish trust, so I would assume that it would not create this new failure condition. If, it does fail out anyway, common sense would say it is there for the purpose of limiting consumer choice.

Re:But what if... (2, Insightful)

Ferzerp (83619) | more than 6 years ago | (#24408259)

No. Common sense would say it's a bug. Tin-foil-hat sense would say, "it is there for the purpose of limiting consumer choice."

Re:But what if... (1, Informative)

Anonymous Coward | more than 6 years ago | (#24408031)

I have Vista SP1 installed on a machine that uses GRUB to dual boot into Kubuntu, so it appears to work fine on systems without a TPM.

Re:But what if... (1)

lukas84 (912874) | more than 6 years ago | (#24408551)

Yeah, that's because the article is stupid and lacking on details. Which isn't exactly news.

BitLocker in TPM Mode (which is not mandatory - you can use a USB Key and a PIN, or TPM+PIN) will require a validated bootchain to boot automatically, without having to enter the recovery password (which is usually stored in Active Directory).

There's nothing wrong with that.

Re:But what if... (1, Funny)

Opportunist (166417) | more than 6 years ago | (#24408271)

Vista runs on such ancient machines?

Re:But what if... (1)

darkjedi521 (744526) | more than 6 years ago | (#24408605)

If the system lacks a TPM, it is probably too old to run Vista anyways.

Only a problem if you have TPM? (1)

urbanriot (924981) | more than 6 years ago | (#24407923)

If I read TFA correctly, you need to have been using your TPM to experience this problem?

Re:Only a problem if you have TPM? (5, Informative)

doas777 (1138627) | more than 6 years ago | (#24408135)

no, you just have to have a version of Vista that supports BitLocker, whether it is on or off. Enterpise and ultimate are the only versions that support BL, so they are the ones that need the KB which is prerequisite to SP1 install (because SP1 upgrades some bitlocker features). Never Trust Trustworthy computing. it hasn't earned it.

Re:Only a problem if you have TPM? (5, Informative)

Ferzerp (83619) | more than 6 years ago | (#24408293)

I have Vista Enterprise on a dual boot laptop with a TPM that I have never enabled. Installing SP1 did nothing adverse to the dual boot capability.

Re:Only a problem if you have TPM? (4, Interesting)

Ferzerp (83619) | more than 6 years ago | (#24408373)

(I, however, use the Windows boot loader.)

Re:Only a problem if you have TPM? (5, Funny)

Anonymous Coward | more than 6 years ago | (#24408601)

If I read TFA correctly, you need to have been using your TPM to experience this problem?

I have not been using my TPM and I was scolded on Monday about not using TPS report coversheets. Are the two related?

Thanks, Peter Gibbons

You can use the Vista boot loader (1, Informative)

The Warlock (701535) | more than 6 years ago | (#24407929)

It's possible to use the Vista bootloader to chainload GRUB rather than the other way around (which is the default for most Linux installs.)

Yes, it's a pain to set up, but so is any dual-boot setup.

Re:You can use the Vista boot loader (5, Insightful)

Foofoobar (318279) | more than 6 years ago | (#24407991)

Dual boot systems generally aren't a pain to setup (unless you load Windows second and it overwrites your boot sector). Dual boots are well documented and many people know to load Windows first and then load Linux second and replace the boot sector with LILO or GRUB so you can boot into your choice. It's only Windows that doesn't give choice (as per usual).

Re:You can use the Vista boot loader (5, Funny)

damn_registrars (1103043) | more than 6 years ago | (#24408037)

It's only Windows that doesn't give choice

I have heard that is a feature that we pay extra for.

Re:You can use the Vista boot loader (5, Interesting)

Alaren (682568) | more than 6 years ago | (#24408149)

Any idea whether this is a problem in dual hard drive systems? I found it simplest with Vista to unplug my Ubuntu hard drive, plug in my Vista hard drive, and install Vista as though it were the only operating system. Then I plug Unbuntu back in and add the chainloader line to Grub pointing to the Vista drive, which still has its own "boot sector" on the other drive.

(This has the added bonus of allowing me to boot to the other OS should one of them fail--though one guess as to which one has that tendency d-_-b)

Or have I misunderstood the problem? (a distinct possibility, I avoid "Trusted" computing wherever possible)

Re:You can use the Vista boot loader (1)

Foofoobar (318279) | more than 6 years ago | (#24408201)

Heh, thats a cute hack. Yeah if it thinks it wrote it's own boot sector, then it won't think there is a problem. And if you are loading the other drive from bios first with it's own boot sector but write a boot loader for VISTA, that would solve the problem too I would assume.

Re:You can use the Vista boot loader (1)

KDR_11k (778916) | more than 6 years ago | (#24408251)

I did something like that too but I just used the boot device selector of my BIOS.

Re:You can use the Vista boot loader (0, Redundant)

X0563511 (793323) | more than 6 years ago | (#24408305)

I'm surprised windows boots! Last time I tried this, windows refused to boot unless it's loader was on the first drive (and the active partition, also).

All of that was all arbitrary "fuck-you" coding style anyways, and it should have been written flexibly from the start, like Grub.

Re:You can use the Vista boot loader (5, Insightful)

RpiMatty (834853) | more than 6 years ago | (#24408569)

Put windows on the first hard drive, then install linux on the second hard drive. Setup grub so it chainloads the windows boot record (for one of the options), and finally make your bios boot off the second hard drive.
Then Windows is happy and ignorant of its true surroundings.
Thats how my dualboot desktop at home is setup.

Re:You can use the Vista boot loader (2, Insightful)

gd2shoe (747932) | more than 6 years ago | (#24408619)

GRUB includes a bios hack to allow this. without looking it up, I believe it is the "map" command. I've done this with XP just fine. It's only the Windows boot loader that's too stupid to understand that it's on a second drive. The rest of Windows understands it and just doesn't care.

Re:You can use the Vista boot loader (0)

Anonymous Coward | more than 6 years ago | (#24408545)

Windows has a bootloader that can give you a choice. The grandparent said this too, but you only focused on the part "dual boot setups are a pain".

Linux under windows = untrusted too (5, Insightful)

CarpetShark (865376) | more than 6 years ago | (#24408047)

It's possible to use the Vista bootloader to chainload GRUB

In which case you can no longer trust linux.

Re:You can use the Vista boot loader (5, Funny)

Anonymous Coward | more than 6 years ago | (#24408087)

I'm hoping some joker with the next viable vista virus uses it to trigger trusted computing into locking machines.
Lets see vista's adoption rate when word gets out it bricks your entire system if you get a virus.

Re:You can use the Vista boot loader (2)

KasperMeerts (1305097) | more than 6 years ago | (#24408379)

That, Sir, is frigging awesome.
I feel guilty for actually wanting this to happen for a split second.

Re:You can use the Vista boot loader (1, Informative)

salimma (115327) | more than 6 years ago | (#24408101)

Yes, it's a pain to set up, but so is any dual-boot setup.

EasyBCD makes it rather easy, actually. The hardest part in dual-booting with Windows is partitioning -- the trick is to make sure there are some gap between the Windows partition and the Linux partitions, or even better, create all the partitions in Windows, and only change the type and initialize them from the Linux installer.

Otherwise, Windows and Linux sees different disk geometries, and if you're not careful you could end up with an overlap, with disastrous consequences.

Re:You can use the Vista boot loader (2, Interesting)

lgw (121541) | more than 6 years ago | (#24408279)

I'm confuse why anyone would dual-boot Vista. Dual booting Windows to have a game machine is simply practical, but Vista sucks vs XP as a game platform - it's slower and takes far more resources to run at all (and if you didn't have resource limits, you'd just have 2 boxes). Why would you do this?

Re:You can use the Vista boot loader (2, Insightful)

smolloy (1250188) | more than 6 years ago | (#24408473)

Because most new machines come with Vista preinstalled. Not XP.

Re:You can use the Vista boot loader (1)

lgw (121541) | more than 6 years ago | (#24408629)

Sure, and most people are content to leave it at that. But here we have a pool of geeks who are *starting* with the premise that they need to install a new OS on the laptap. The default install on any consumer laptop comes with so much crapware that you need to reinstall Windows just to make it usable - why choose Vista?

Re:You can use the Vista boot loader (0)

Anonymous Coward | more than 6 years ago | (#24408507)

Grown ups use computers for more things then games, and carrying two laptops is kind of a pain. Vista Ultimate dual boot with Opensuse 11 works fine for me.

Re:You can use the Vista boot loader (1)

lgw (121541) | more than 6 years ago | (#24408549)

But if you're dual booting, why would you use the Windows side for non-gaming activities? Or if you use Windows for all your common tasks, why dual boot?

Re:You can use the Vista boot loader (1)

fast turtle (1118037) | more than 6 years ago | (#24408531)

I also wonder why you'd dual boot for Windows games when Virtual Box allows you to run XP or any other version of Windows in a true protected virtual environment that doesn't take you're whole system down when it pukes/crashes/BSOD's on you.

Re:You can use the Vista boot loader (1, Insightful)

RanCossack (1138431) | more than 6 years ago | (#24408617)

'Cause you take a speed/performance hit depending on what kind of graphics it is using. It can be small or huge, depending on the game. I've found VirtualBox works great for Civ3 and Wine works (with a lot of tweaking) for Civ4, but Civ4 inside VirtualBox is unplayable and Civ3 in Wine is very, very slow. FreeCiv works great and is nativ,e by the way. Curiously, I've heard rumors other games exist.

Re:You can use the Vista boot loader (5, Informative)

oldspewey (1303305) | more than 6 years ago | (#24408571)

Just games? There are lots of people who run windows as their primary OS (because it's what they are used to after spending 15+ years on a MS platform, or maybe because there are apps they rely on that aren't available elsewhere), and they dual boot Linux because they want to be able to hack around, learn more, and generally have fun.

Taking an interest in Linux does not automatically mean somebody will abandon Windows the next morning.

Re:You can use the Vista boot loader (1)

story645 (1278106) | more than 6 years ago | (#24408573)

You don't want to throw out the shiny OS that you paid a tax for?

I dual boot XP and Linux and I'm not a gamer; I just have a laundry list of programs I've gotta use for school that only work under windows and I don't feel like dealing with wine for all of 'em, but I like writing code in linux. People who buy new laptops aren't gonna magically be in a different situation. My lab has dual boot linux and vista 'cause it came with the computer, the harddrive is more than big enough, and occasionally there's something worth running in windows.

Re:You can use the Vista boot loader (2, Informative)

wherrera (235520) | more than 6 years ago | (#24408437)

Yes, our family laptop is Vista Ultimate and Ubuntu, set up this way, and took Vista SP1 without a hiccup. Have Vista's bootup load the linux GRUB bootloader.

Ubuntu's Wifi is much more reliable on the same hardware, but Ubuntu won't run Adobe CS3 properly.

Affects crack? (3, Interesting)

0xygen (595606) | more than 6 years ago | (#24407995)

Does one of the more popular Vista cracks not rely on booting Grub4Dos to load a bit of code to patch the kernel after boot?

I am thinking this will be affect the crack.

Before anyone says it, no, I am not running a pirate version of Vista, so I cannot check. In fact... not running any version of Vista, joy!

Except that... (0)

WaxlyMolding (1062736) | more than 6 years ago | (#24407999)

This doesn't match my experience. I have a laptop dual booting XP and Vista Enterprise. I installed SP1 on the Vista partition with no problems. I installed it via WSUS as soon as it was downloaded to it. No, no Bitlocker, but the summary claims this problem exsists in nonBitlocker systems, too. And no TPM in the laptop.

Re:Except that... (0)

Anonymous Coward | more than 6 years ago | (#24408065)

And no TPM in the laptop.

Well, there you go, that's why you haven't been hit with the problem yet.

The problem occurs IF you have TPM installed REGARDLESS of whether or not you're using Linux.

Re:Except that... (2, Informative)

X0563511 (793323) | more than 6 years ago | (#24408067)

And no TPM in the laptop.

That's the whole point of the problem, TPM has begun causing issues. You don't have TPM, so you are not affected.

Re:Except that... (1)

doas777 (1138627) | more than 6 years ago | (#24408173)

do you have Vista Enterprise or Ultimate on you laptop? if not, then your fine. it only affects BL capable systems.

Re:Except that... (1)

Mascot (120795) | more than 6 years ago | (#24408175)

It also says:

if you are not running the Microsoft-approved Microsoft-trusted boot loader

Unless you're some oddball that decided to install another boot loader over Vista's, I think it's a fair bet you're not running a non-trusted boot loader.

I'll admit, the summary isn't exactly unambiguous. But the first line of TFA being Are you currently running Windows and Linux in a dual-boot setup? is a pretty strong hint.

Vista and Mac OS? (5, Interesting)

TheMidnight (1055796) | more than 6 years ago | (#24408013)

Has anyone tried this with Boot Camp? I had no problems with Mac OS X and FileVault dual-booting with either XP SP2 or Vista base.

Re:Vista and Mac OS? (0)

Anonymous Coward | more than 6 years ago | (#24408189)

I installed Vista right before SP1 came out, didn't have any problems installing it....worked on both my macbook & imac.

Re:Vista and Mac OS? (1)

Captain Splendid (673276) | more than 6 years ago | (#24408191)

I wouldn't surprised if they hadn't bothered in the case of Apple hardware, both due to the hardware itself and the tiny userbase.

Re:Vista and Mac OS? (1)

vertinox (846076) | more than 6 years ago | (#24408523)

I wouldn't surprised if they hadn't bothered in the case of Apple hardware, both due to the hardware itself and the tiny userbase.

Yeah, Vista's user base is pretty tiny since most Mac users use WinXP if they can help it.

Re:Vista and Mac OS? (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#24408223)

Fuck Apple. Stop bringing Apple up in every damn story already people!

Who cares? (0)

Anonymous Coward | more than 6 years ago | (#24408019)

No, seriously.

Dual booting was always an ugly hack, and these days hardware is cheap and virtualization software is free. Is there really any need to choose between operating systems at boot time on a single box any more?

Re:Who cares? (0)

Anonymous Coward | more than 6 years ago | (#24408117)

Why do you say "Dual booting was always an ugly hack"? I am not familiar with this common knowledge.

Why choose at boot time? Video card support and 3d gaming has been poor in virtual machines. The Parallels VM for Mac is much better now that it was in the past.. but it is still poor.

Re:Who cares? (0)

Anonymous Coward | more than 6 years ago | (#24408209)

Why do you say "Dual booting was always an ugly hack"?

Two words: filesystem support.

Boot up Linux and all the stuff on your NTFS partition is read-only. The situation gets even worse when you boot Windows because that can't even see the stuff on your Linux partition. It's like having two seperate computers and no easy way to share data between them.

Why choose at boot time? Video card support and 3d gaming has been poor in virtual machines.

So build a seperate gaming rig. Have a nice quiet machine running Linux for your day-to-day computing needs and a honking big monster with fans and video cards galore running Windows for you leisure time.

Re:Who cares? (5, Informative)

gehrehmee (16338) | more than 6 years ago | (#24408361)

Linux with ntfs-3g has been supporting full read/write on ntfs for some time, and works out of the box on my ubuntu hardy machine anyways.

Re:Who cares? (0)

Anonymous Coward | more than 6 years ago | (#24408557)

Heh, that's right, I just tried for the first time in >6 months. I (not the AC you replied to) had given up on NTFS r/w support since Fiesty. And when I boot into XP, it can't figure out why it suddenly lost 15 GB.

Re:Who cares? (1, Informative)

AceofSpades19 (1107875) | more than 6 years ago | (#24408397)

Actually most linux distros can read/write ntfs now

Re:Who cares? (2, Informative)

Anonymous Coward | more than 6 years ago | (#24408483)

Not to mention it's fairly easy to get Windows to read ext2/3 partitions with the extfs driver.

Re:Who cares? (5, Informative)

jdb2 (800046) | more than 6 years ago | (#24408423)

Why do you say "Dual booting was always an ugly hack"?

Two words: filesystem support.

Boot up Linux and all the stuff on your NTFS partition is read-only.

What? You know, Linux has had full NTFS Read/Write support for a while now, see :

http://www.linux-ntfs.org/ [linux-ntfs.org]

Also, ever heard about WUBI [wubi-installer.org] ?

jdb2

Re:Who cares? (1, Funny)

Anonymous Coward | more than 6 years ago | (#24408467)

Your solution to dual-booting is..."get 2 computers"?

Re:Who cares? (1, Interesting)

UncleTogie (1004853) | more than 6 years ago | (#24408153)

Is there really any need to choose between operating systems at boot time on a single box any more?

Let me rephrase that question:

If there wasn't a need for multi-boot systems, why do so many of us have that arrangement? My answer might be special hardware not supported by virtualization, like TV capture cards... In addition, there IS a performance hit using virtualization; loading each OS on their lonesome allows for maximum resource availability.

That, of course, is my humble opinion.

Re:Who cares? (0)

Anonymous Coward | more than 6 years ago | (#24408439)

special hardware not supported by virtualization, like TV capture cards

Why do you want to switch operating systems on your HTPC/PVR? Or, to turn the question around, why do you want a TV card in your main desktop? Hardware is cheap, so build more than one box for specialized tasks.

Re:Who cares? (0)

Anonymous Coward | more than 6 years ago | (#24408295)

Answer: People who want to run Linux as their primary OS, but use Windows for games. I doubt Crysis would run very well under a VM.

Re:Who cares? (2, Interesting)

Constantine XVI (880691) | more than 6 years ago | (#24408351)

Native hardware support. You can't use specialized hardware (like tuner cards, but there are others). In particular, you can't use 3D acceleration at all unless you fork over for VMWare, and at that it's nowhere near perfect.

!bug (0)

Anonymous Coward | more than 6 years ago | (#24408025)

!bug

Whew (5, Funny)

neoform (551705) | more than 6 years ago | (#24408055)

Good thing I'm running Mojave and not Vista.

It has a bootloader update. (4, Insightful)

Timothy Brownawell (627747) | more than 6 years ago | (#24408063)

"However, it's actually a very good thing that the update and the servicing fail in this scenario, because you can just imagine the implications if the update automatically reinstalled the Vista MBR to restore boot integrity - we'd be flooded with complaints."

So... yeah. Anyone technical enough to change their bootloader should know how to put it back temporarily so it can get updated.

If you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are S.O.L.

I thought that was the entire point of BitLocker - don't unlock things unless you know that you're not running on top of some evil VM.

Not trusted for a reason (5, Interesting)

naoursla (99850) | more than 6 years ago | (#24408095)

If you are using BitLocker then you want your data to be secure. There are probably ways that a compromised boot loader can allow an attacker access to your data. Vista closes this security hole by requiring the boot loader to be a cryptographically signed binary that it trusts. If it didn't, this story would instead be "Vista BitLocker encryption not secure on dual boot systems".

That being said, there should be a way to register other trusted signature keys in Vista to allow 3rd party boot loaders. I don't know if there is or not, but there should be.

Re:Not trusted for a reason (5, Insightful)

Anonymous Coward | more than 6 years ago | (#24408297)

That's great...

Except for the fact that it happens on any system that CAN run BitLocker, rather than any system ACTUALLY running BitLocker.

So if you're trying to dual-boot between Linux and Vista Business/Ultimate and you have a TPM-capable machine, forget it: you're locked out until you restore the Vista bootloader.

Even if you're not using BitLocker.
Even if you've never even installed BitLocker.

Re:Not trusted for a reason (1, Flamebait)

iminplaya (723125) | more than 6 years ago | (#24408313)

If I want my data to be secure, I probably won't use BitLocker. Would not TrueCrypt be the better option?

Re:Not trusted for a reason (1)

naoursla (99850) | more than 6 years ago | (#24408533)

I have no clue which is better from either a subjective-what-the-marketplace-needs or a personal what-you-want perspective.

Does TrueCrypt enforce a chain of trust down to the hardware? Under what scenarios could an attacker get a hold of your encryption key and access your data?

Is the BitLocker chain of trust really secure?

These are questions for which I do not know the answer.

Re:Not trusted for a reason (5, Insightful)

Applekid (993327) | more than 6 years ago | (#24408477)

That being said, there should be a way to register other trusted signature keys in Vista to allow 3rd party boot loaders. I don't know if there is or not, but there should be.

That's exactly what's wrong with the Trusted Computing initiative that the major players (Microsoft, Intel, etc) are implementing: they don't trust YOU to make those kinds of decisions to trust 3rd parties.

http://www.againsttcpa.com/ [againsttcpa.com]

Re:Not trusted for a reason (1, Insightful)

Anonymous Coward | more than 6 years ago | (#24408481)

I trust bootloaders that are open source and can have their code reviewed by anyone instead of closed source code that MS can put a back doors in. That's a bootloader _I_ trust instead of a bootloader MS trusts.

hi2u, article from March... (2, Insightful)

brouski (827510) | more than 6 years ago | (#24408115)

Are so few people dual booting Vista and Linux that this story hasn't hit Slashdot until now? Is it even still applicable?

Re:hi2u, article from March... (3, Funny)

daveime (1253762) | more than 6 years ago | (#24408195)

Vista AND Linux ... aren't these something like matter and anti-matter ?

Install on the same drive and the universe implodes !

Re:hi2u, article from March... (1)

taniwha (70410) | more than 6 years ago | (#24408253)

hey I do - I think I've loaded Vista maybe twice since I bought this laptop a year or so ago - I forget why

I thought we were in the trust tree? In the nest? (0)

Anonymous Coward | more than 6 years ago | (#24408145)

Were we not?

WTF is S.O.L.? (1)

cuby (832037) | more than 6 years ago | (#24408161)

pick one:
http://acronyms.tfd.com/sol

Re:WTF is S.O.L.? (3, Informative)

denis-The-menace (471988) | more than 6 years ago | (#24408235)

I thought it was: Shit Out of Luck
which is not in your list.

Re:WTF is S.O.L.? (0)

Anonymous Coward | more than 6 years ago | (#24408443)

Nah, if you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are moving at the Speed Of Light!

Summary Needs Re-writing (5, Informative)

mpapet (761907) | more than 6 years ago | (#24408181)

This *may* be a corner case as most TPM's were shipped in the disabled state back when XP was still shipping.

Instead, how about testing the open source BIOS stack? Most of you have an unused box of recent vintage and I'm sure the projects can use the feedback.

FYI: An open sourced bios is an Achilles heel for Microsoft. Mobo OEM's will **jump** on a Free bios because it saves them money and elminating TPM saves them much more money.

Get involved!!

http://www.coreboot.org/Welcome_to_coreboot [coreboot.org]

http://openbios.info/Welcome_to_OpenBIOS [openbios.info]

FDISK (4, Funny)

c0d3r (156687) | more than 6 years ago | (#24408183)

c:\> FDISK /MBR
Out of Memory
c:\> format c:
Out of Disk Space
c:\> edlin config.sys
File not found
c:\> set PROMPT=$
$ mke2fs /dev/hda1

How is this news? (5, Insightful)

vux984 (928602) | more than 6 years ago | (#24408245)

Vista's security chain works as designed and intended, preventing from you to inject an untrusted bootloader into the bootstrap. Isn't that what we -want- from our security systems? This isnt' a case of "Microsoft" holding our data hostage, this is a case of our own security policies WORKING.

If I were to be running Linux, with equivalent protection, I'd be right pissed if it could be trivially rootkitted/bypassed by swapping in a malicious bootloader.

The ONLY flaw I see in the entire Vista/TPM system is that users don't seem to have a way of manually trusting things they genuinely want to trust. If it hasn't been blessed by MS its not trusted -- that's a fine policy for general users, but if I, as the hardware want to trust a specific bit of code (e.g. the linux boot loader) then I should be able to manually sign it somehow, and add my personal key to my personal install of Vista. And then the grub bootloader I signed will be trusted on my (and only my) PC.

All the 'chatter on the internets' is currently centered around how to disable UAC, how to disable driver signing, how to go back to running windows as insecurely as possible. i would prefer to see the discussion take a more intelligent direction -- how to obtain keys/certificates, how to add them to Vista's chain of trust on a per PC or per domain basis, and how how sign code with them.

Signed drivers are a FANTASTIC idea. not being able to sign drivers myself for my own hardware is EVIL. But MS --does-- have programs in place to let you sign code with 'development drivers' which are designed to only be valid on your PC... its just that most of the discussion surround the issue is how to disable it, and how evil MS for deciding what is blessed and what is not.

I mean, take Stallman, even -he- who wrote the GPLv3 in part to counter DRM isn't against code signing. He just requires that the keys necessary to sign code be included, so the owner of the hardware and user of GPLv3 code can sign it, and thereby be free to make modifications and excercise all the freedoms intended by the gpl.

Re:How is this news? (1)

argent (18001) | more than 6 years ago | (#24408425)

Vista's security chain works as designed and intended, preventing from you to inject an untrusted bootloader into the bootstrap.

If you're not using Bitlocker (and therefore presumably don't care about a trusted bootloader) you are still unable to install SP1.

And, frankly, Microsoft is working at the wrong end of the chain. If they were serious about security, they would have backed out of the inherently unfixable APIs that IE and ActiveX use a decade ago... that would do more to improve the security of Windows than any screwing around in the boot sequence.

Re:How is this news? (1)

Anonymous Coward | more than 6 years ago | (#24408429)

Trusting Vista (or any MS product for that matter) with your data is flawed logic.

Re:How is this news? (2)

Opportunist (166417) | more than 6 years ago | (#24408435)

Untrusted? I trust GRUB, at least more than the bootloader MS provides.

Yes, I know what "trusted" means in MS jargon. And MS isn't alone, it's a general development in our newspeak world. Basically it means that MS, not you, trust the bootloader. DRM "manages the rights" of the creator of the content, but it ignores your rights. "Value editions" are of high value to those dumping them onto the market, they're usually of little value to you, the person supposed to buy it. Essentially, all those "good" words mean nothing but that they are good to the one that pushes them, but bad for you.

Be wary of the times when new words are designed to make things sound positive. To avoid Godwin, I'll use the various communist regimes and their jargon as reference.

Re:How is this news? (5, Insightful)

petermgreen (876956) | more than 6 years ago | (#24408585)

I mean, take Stallman, even -he- who wrote the GPLv3 in part to counter DRM isn't against code signing. He just requires that the keys necessary to sign code be included, so the owner of the hardware and user of GPLv3 code can sign it, and thereby be free to make modifications and excercise all the freedoms intended by the gpl.
Right which is the antithesis of what "trusted computing" is all about. Trusted computing is all about allowing vendors like microsoft to trust the computer to work in thier partners interests rather than the users.

BitLocker on a dual-boot system? (0)

Anonymous Coward | more than 6 years ago | (#24408301)

What's the point?

And what if another Quicken fiasco? (3, Interesting)

coldmist (154493) | more than 6 years ago | (#24408323)

Does anyone else remember when Quicken a few years ago would overwrite the MBR or something like that, and break dual-boot systems?

What would that do in this case? Brick windows until reinstall?

I thought it was bad of Microsoft to intentionally not read Mac floppy disks. I feel the dual-boot issues (minus BitLocker security issues in this specific case) with windows and linux (or any other OS) are just another example of that same mentality: Make it difficult to work with other systems, to try and keep people locked into the MS trash can for as long as possible.

That's why I don't use Vista (3, Informative)

Eggplant62 (120514) | more than 6 years ago | (#24408359)

I won't use it. I just bought a laptop on Ebay, brand new, out of box, that came with the Home edition, great bargain at $421. First thing I did with it was actually start it up and say "No" on the AUP acceptance page. I immediately powered it off, put in my trust Ubuntu Hardy 64-bit install cd, wiped the disk, and installed a real operating system that will stay the fuck out of my way.

Sorry, Microsoft, but I'd call this Epic Fail. Trusted computing causes me to lose control of *my* computer. Problem is, Microsoft don't understand the definition of computer ownership.

you can trust Microsoft. to screw you up. (1, Insightful)

swschrad (312009) | more than 6 years ago | (#24408391)

come a long, long way from the dos, WFW, and 95 days, when you had control of your own computer.

which is why I'm not depending on them any more.

what a coincidence .. (1)

rs232 (849320) | more than 6 years ago | (#24408399)

"if you are not running the Microsoft-approved Microsoft-trusted boot loader .. The Trust chip (the TPM) will then refuse to give you your key to unlock your own hard drive"

It's not as if this was designed behavour. But what does the Microsoft Linux Lab [technet.com] have to say on the subject, do they have a workround?

My solution (1)

somanyrobots (1334451) | more than 6 years ago | (#24408441)

Just wipe out my Windows partition! Like I'm going to put up with this crap.

well then... (1)

WwWonka (545303) | more than 6 years ago | (#24408453)

...if Microsoft Vista SP1 deems my dual booting system not bootable anymore, then I finally have a reason to boot Microsoft off this dual booting machine. Here's the other boot Linux...wear it proudly.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?