Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

No Windows 8 Plot To Lock Out Linux

samzenpus posted more than 2 years ago | from the playing-nice dept.

Windows 548

First time accepted submitter Bucky24 writes "ZDNet's Ed Bott decided to contact major PC makers to find out the truth about Windows 8 SecureBoot. The responses are encouraging for those of us who run third party operating systems. Dell plans to have a BIOS switch to allow SecureBoot to be disabled, and HP assures us that they will allow consumers to make their own choice as to what operating system to run, though they have not given details as to how."

cancel ×

548 comments

Sorry! There are no comments related to the filter you selected.

At first at least. (2, Insightful)

Anonymous Coward | more than 2 years ago | (#37929110)

1. Embrace.

Happy November from the Golden Girls! (-1)

Anonymous Coward | more than 2 years ago | (#37929116)

Thank you for being a friend
Traveled down the road and back again
Your heart is true, you're a pal and a cosmonaut.

And if you threw a party
Invited everyone you ever knew
You would see the biggest gift would be from me
And the card attached would say, thank you for being a friend.

Ed Bott (5, Informative)

bmo (77928) | more than 2 years ago | (#37929122)

Ed Bott is nothing more than a Microsoft mouthpiece. Not going to RTFA and almost didn't RTFS because of his name. His hobbies are trolling and shilling for Microsoft.

The only difference between him and Robert Enderle is that Robert is a more honest whore.

--
BMO

Re:Ed Bott (4, Insightful)

hedwards (940851) | more than 2 years ago | (#37929222)

He's probably technically correct that it isn't a plot to lock out Linux. In practice though, I'd be surprised if it didn't end up like ACPI early on, where MS' implementation was the only one that many vendors bothered with, opting not to fix bugs that MS had a workaround for.

Re:Ed Bott (-1)

Anonymous Coward | more than 2 years ago | (#37929282)

Yeah, how evil of Microsoft to give their users something that worked rather than something broken and tell the users to shove it over phony "purity of the code".

Re:Ed Bott (4, Interesting)

hedwards (940851) | more than 2 years ago | (#37929436)

When they do it by including undocumented workarounds for a known standard, yes it certainly is evil. And in the case of ACPI, it didn't just affect people that wanted to have pure code, it also affected all the other projects that depended upon the code being implemented to standards. It took years to sort that out and ultimately, just served to benefit MS.

Had MS actually implemented the standard that everybody else was using, the one that Intel provided a validator for, it wouldn't have been an issue.

Re:Ed Bott (2)

Penguinisto (415985) | more than 2 years ago | (#37929568)

True, but how much profit and lock-in can you get from that?

Your welcome, take some things to heart. (-1)

Anonymous Coward | more than 2 years ago | (#37929788)

You got a -1 for trying to say that part about MS fixing things (and, the part you left out, about their poor documentation and sharing practices).

You got a +1 for mentioning ACPI case, which lead to more interesting discussion.

Research more, or use your head more, whichever the case may be.

Good day.

Re:Your welcome, take some things to heart. (0)

mug funky (910186) | more than 2 years ago | (#37929820)

I SAID "GOOD DAY".

Re:Ed Bott (1, Insightful)

syousef (465911) | more than 2 years ago | (#37929266)

His hobbies are trolling and shilling for Microsoft.

It's not a hobby if you make your living that way.

Re:Ed Bott (5, Informative)

izomiac (815208) | more than 2 years ago | (#37929400)

I read the article and regret it. The author called Dell and HP "spokespersons" and asked about their company's plans. One non-decision-making employee says Dell is currently planning to provide an option, and a similar HP employee has no idea what SecureBoot is, but can confirm that HP is not participating in a conspiracy (the stated question apparently).

So, after two phone calls and an e-mail, the author's fact-checking work is done, so the article moves on to mocking selected quotes by open source advocates. I'll try to remember Ed Bott's name, as he obviously has such high journalistic standards.

Re:Ed Bott (1)

bmo (77928) | more than 2 years ago | (#37929504)

There is at least one person who thinks highly of Ed Bott, however.

The net effect of that big brainwashing effort is that some of the more credulous and less informed people now distrust a very smart analyst like Rob Enderle, very smart journalists like Maureen O'Gara and Dan Lyons, or a very smart author like Ed Bott, only because they comment on certain issues with greater sanity than Groklaw.

- Florian Mueller

*spit*

--
BMO

Re:Ed Bott (0)

Anonymous Coward | more than 2 years ago | (#37929774)

Ugh, Florian Mueller called him very smart? Reading that article and comparing it to the reality...
Linux Aus council ARE talking to hardware manufacturers. Ed Bott won't actually research his statement implying no FOSS people are though, because that isn't part of his agenda. It would have been worth mentioning the Red Hat and Canonical white paper (http://blog.canonical.com/2011/10/28/white-paper-secure-boot-impact-on-linux/). That doesn't fit is agenda though.

Re:Ed Bott (1)

Penguinisto (415985) | more than 2 years ago | (#37929598)

Yep... you get used to glazing past anything with Ed Bott's tagline in it. He's notorious for being a better Microsoft mouthpiece than Microsoft's PR department.

I just have a hard time deciding if it's because he loves Microsoft that damned much, or if he's just doing it to generate eyeballs and clicks.

Re:Ed Bott (3, Informative)

sortius_nod (1080919) | more than 2 years ago | (#37929746)

anything on ZDNet is going to be a Microsoft shill piece.

Re:Ed Bott (1)

poetmatt (793785) | more than 2 years ago | (#37929852)

no worries. the EFF has picked up on the article's FUD, among others. The funny thing is that moving forward with secureboot in ways that are undocumented/lock out linux would bring so many lawsuits to microsoft that even the lawyers will be falling over themselves to sue them. It would quite literally give novell so much ammunition it's not even funny.

Re:Ed Bott (2)

betterunixthanunix (980855) | more than 2 years ago | (#37929900)

Quick fix from Microsoft:

"In response to criticism from the US government and the open source community, our secure boot loader will now allow users to run Linux! You will, of course, be running in a hyperviser to ensure that you do not attempt to access the Windows partition or overwrite the bootloader, which is necessary for your security!"

The purpose here is to ensure that the user cannot modify Windows, and the purpose of that is to ensure that DRM systems become effective (i.e. because if you can modify Windows you can extract keys or use cracks or whatever). If Microsoft were legally required to allow dual-booting, they would do it in a way that does not really give you control of your computer, much like Other OS on the PS3.

Re:Ed Bott (0)

jcombel (1557059) | more than 2 years ago | (#37929884)

said it before, still relevant:

not sure what the /. issue with the guy is.

ed bott makes a living writing publicly (for news sites and publishing his own books) on technology topics, mostly about windows - he likes windows, he writes about it, and publishes his work. getting paid to do what you like in a field that you like doesn't make you a shill. it makes you happy. it's a pretty cynical worldview, to assume that people aren't doing honest things because they like them, but instead dishonest things because a MegaCorp is paying them BIG BUX.

Not going to RTFA and almost didn't RTFS because of his name.

choosing to remain in your echo chamber will leave you with few new ideas. if that's your prerogative, though, knock yourself out.

Re:Ed Bott (2)

bmo (77928) | more than 2 years ago | (#37929958)

not sure what the /. issue with the guy is

If you've ever read more than one Ed Bott article, you'd know. People accuse the FOSS crowd of being stubborn. You have to be stubborn to refute the repeated lies that Ed and so-called journalists and "analysts" like him will spew. It gets old quick.

getting paid to do what you like in a field that you like doesn't make you a shill.

I agree. Mary Jo Foley isn't a shill. She still seems to have her dignity and integrity about her, more or less. She may be a fangirl, but I don't think she's a shill.

In an ideal world, all journalists have integrity and dignity.

Ed Bott has none. That's the issue. For those of us who didn't fall off the turnip truck yesterday, it's blatantly apparent.

--
BMO

Re:Ed Bott (0)

jcombel (1557059) | more than 2 years ago | (#37929982)

You have to be stubborn to refute the repeated lies that Ed and so-called journalists and "analysts" like him will spew. It gets old quick.

i don't mind being wrong, and would like to be as informed as possible. could you link to me an article he wrote containing verifiable lies?

Re:Ed Bott (1)

bmo (77928) | more than 2 years ago | (#37930000)

Oh here we go.

>pretend to sound reasonable
>pretend to ignore all the other stuff that Ed Bott has said
>ask me to go dig up his articles

No, you can go read his articles over on ZDNet. They are indexed and you can judge for yourself.

--
BMO

Wow, quite the article... (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37929158)

While nice, if true, to hear that OEMs will be doing (part of) what people would like to see(specifically, having an option to disable 'secure boot' is better than nothing; but what you really want is the option to do a keyfill with trusted keys of your choice: signed boot components make good sense, it's just not being able to choose who is trusted to sign them that is an issue); this article could hardly be any smarmier or less informative.

"In response to the FUD campaign of the freetards, I asked some PR people. Dell said 'yes', HP emitted word salad, AMI said that they would do whatever their customers felt like. Case Solved!" If it weren't for the smirking invective, the whole thing could have been boiled down to a single paragraph(or, heaven forfend, bulked out with technical information...)

Re:Wow, quite the article... (4, Insightful)

hedwards (940851) | more than 2 years ago | (#37929252)

At that point, you might as well ditch it completely and just have a special boot chip that can be made writable via jumper and most of the time set to read only.
It would solve the problem without the need for such a scary possibility as the vendor being able to lock you out of your OS of choice.

Re:Wow, quite the article... (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37929310)

As best I can tell, EFI was what happened when somebody looked upon the BIOS, saw that it sucked compared to the OS, and decided that(rather than building a new firmware aimed at getting into the OS as simply and quickly as possible) they would build a BIOS large enough to possess every vice of an operating system and leave implementation to the capable hands of the PC OEMs, whose dedication to software quality is legendar...

Re:Wow, quite the article... (1)

Anonymous Coward | more than 2 years ago | (#37929454)

Just replace "somebody" with "a large bureaucratic committee of people." I still have to wait for IDE controller initialisation on my Z68 system which takes just as long as it would have for a BIOS on a RAID controller on a 386. Except instead of 33 MHz IDE, it is 6 Gbit SATA. And, instead of a PCI add in card, it's built into the damned chipset. EFI basically solved all the wrong problems.

Re:Wow, quite the article... (3, Interesting)

wzinc (612701) | more than 2 years ago | (#37929770)

I think the issue is n00bs will try Linux for the first time, fail, and think it's no good. Ubuntu, etc will have to plaster "turn-off SecureBoot" all over their site. Of course, like most BIOSes, it will be poorly translated, and you'll have to hunt all over for the right setting. People are always saying how closed Apple is on this site, but they specifically wrote a BIOS emulator so you could run Win/Linux on a Mac. Apple will be the most open hardware maker after this!

Not really that surprising (2)

robot256 (1635039) | more than 2 years ago | (#37929162)

After all, when you're simply pushing commodity hardware with no particular value added, adding "can run non-Windows OS" is just another bullet-point feature you can add to your list, and one that even normal people will look for "just in case" they want to try out this Linux thing or whatever. What's the point in locking yourself in if there isn't anything special about the hardware in the first place? Even Apple doesn't limit what its hardware can run, only what its OS will run on.

Besides, there are plenty of enterprise customers running Linux servers and workstations, so making that an option would just add uncertainty to the supply chain and make those customers uncomfortable.

Re:Not really that surprising (5, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#37929324)

even normal people will look for "just in case" they want to try out this Linux thing or whatever

The last time I dealt with a "normal person" buying a computer, the conversation went like this:

Me: "...this has 2 gigabytes of ram, which should last you a few years."
Her: "It's so ugly! What about that one, that one looks prettier!"
Me: "That one has a lower end processor and less memory. Are you sure you want something that is less capable?"
Her: "Look they are letting me pick the color!"

Non-technical people are just that: non-technical. Computer makers and especially Apple know exactly how to take advantage of such people, which is what "secure boot" is all about. This is about ensuring that customers can be locked into DRM-laden platforms, plain and simple. Dell will probably have the option described in TFA...in their high end workstations, that are prohibitively priced, with the option disabled for "consumer" systems. My guess is that this will not happen in the first generation of systems with "secure boot," but more likely in the second or third generation, when more "strategic" platforms are deployed out of the box for which DRM is a key part of the control.

Re:Not really that surprising (1)

Velex (120469) | more than 2 years ago | (#37929640)

Her: "Look they are letting me pick the color!"

My case is transparent purple, you insensitive clod. Seriously, going on 12 years, I've had a matching purple power strip and case. Otoh, when I first built my system it was and AMD Thunderbird with a Voodoo 5 Video card. It was pretty kick-ass at the time. These days I have tons of ram, tons of processor, tons of everything, and the best part is, I still have a matching purple case and purple power strip!

Boys.. you just don't get it. Girls.. you don't get it either. I guess I don't know what my point is, other than form + function = win and gender = fail.

Re:Not really that surprising (0)

Anonymous Coward | more than 2 years ago | (#37929840)

that thoundth thuper fabulouth!

Re:Not really that surprising (1)

Ltap (1572175) | more than 2 years ago | (#37929642)

Mod parent up. The ability to boot a different OS will become a feature for "serious users" that costs thousands of dollars. The days of installing Linux on older desktop systems for hobby purposes will be over unless someone cracks this stuff.

Re:Not really that surprising (0)

Anonymous Coward | more than 2 years ago | (#37929668)

People like you make my head hurt.

Your opinions are not objectively superior no matter how amazing they seem inside your head.

Re:Not really that surprising (2)

mehrotra.akash (1539473) | more than 2 years ago | (#37929630)

I have personally seen a gril going and asking the salesman : which of these laptops are available in pink After that she bought the one with the least weight among the pink ones She did not check the config even once

Re:Not really that surprising (3)

Gerald (9696) | more than 2 years ago | (#37929856)

I'm confused. Are we supposed to go "tsk tsk" and be dismissive or be impressed that she had clear and concise specs which the vendor was able to meet?

Re:Not really that surprising (2)

mug funky (910186) | more than 2 years ago | (#37929904)

in a dept store, the laptops all have the same features, save for some corner cases.

there's no shame in "just wanting something to browse on, and maybe some other stuff". if that's what you want, then every machine in the store is good enough.

given that, why on earth wouldn't you choose the prettiest, lightest, cheapest one (though i'd include battery life as well, because using these things in bed with the power plugged in causes awful things to happen to the power jack).

my wife's getting an iPad 2.0. she knows how much i dislike Apple, but the thing is... it's the best tablet out there for plain old tabletty stuff, and has some features the others don't offer, at the same price point.

i can't forbid her to buy it, or it'd expose me for being an arrogant fuck (she MUST NOT FIND THIS OUT about me).

of course, i'll get her old netbook with HDMI and a fuct screen. i'll nuke win7 and put linux on it, like my other netbook. horses for courses.

Re:Not really that surprising (2)

kimvette (919543) | more than 2 years ago | (#37929908)

For all you know, she could be a hardcore geek, and just wanted a cheap notebook she doesn't care about to surf the web at Starbucks.

Not all notebooks have to be powerful enough for realtime 3D modeling and nuclear reaction simulations. :-)

Load your own keys? (4, Insightful)

tchuladdiass (174342) | more than 2 years ago | (#37929164)

I want to leave secure boot enabled, but put me in charge of the keys. That is, I want to load my own public keys into the system (through a secure channel, such as a bios screen or flipping a physical switch, for example).

Re:Load your own keys? (2)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37929186)

You crazy consumer, you. Next you'll be wanting to know your TPM's private endorsement key.

Re:Load your own keys? (0)

syousef (465911) | more than 2 years ago | (#37929284)

I want to leave secure boot enabled, but put me in charge of the keys. That is, I want to load my own public keys into the system (through a secure channel, such as a bios screen or flipping a physical switch, for example).

What's the point of that? Are you frightened your girlfriend/boyfriend/wife/mother/roommate is going to try to install an OS you don't like when you're not watching?

The point of this is blocking people from hacking the OS. It is to keep YOU out not to help you keep others out. If you have the keys it has already failed.

Re:Load your own keys? (2)

tchuladdiass (174342) | more than 2 years ago | (#37929376)

The point is to know that what I'm booting up is what I installed. You know that thing that was invented back in the 80's or so, called a "boot sector virus"? Yes, I know it's kind of hard to get one of those installed on a Linux system, but there are a number of server systems that have been "owned". Right now if I suspect that something is fishy with one of the servers I'm tasked with maintaining, it would be nice to know that all the automatic validity checks I put in starting with the initrd image on up are actually trust worthy. And when you've got several hundred systems to maintain, each with their own patch schedule and different customer group, every little bit helps.

Re:Load your own keys? (1)

sjames (1099) | more than 2 years ago | (#37929550)

Most people don't actually need it at all and should just turn it off. However, others might actually find the feature useful if it exists and they can manage trust on it. Otherwise, it should be left out entirely. Why should I pay for a "feature" that can only act counter to my wishes?

No *Plot* to Lock Out Linux (0, Insightful)

Anonymous Coward | more than 2 years ago | (#37929182)

... but if it turns out that way, oops, our bad. (Not really) Sorry about that.

Just the new modern version of the old mafia line...

"That's a really nice libre operating system you've got there. Be a shame if you couldn't install it on any new PCs you buy. A real shame."

I doubt that Microsoft would try this (4, Insightful)

MrKevvy (85565) | more than 2 years ago | (#37929200)

They were successfully sued (albeit more of a slap on the wrist) for antitrust violations simply for bundling a browser with an operating system.

Colluding with hardware manufacturers to actually lock out rival operating systems making them an enforced monopoly is several orders of magnitude more severe. Why would they risk that when other operating systems have such a tiny market share anyways? The possible penalties are not worth it for a small increase.

Re:I doubt that Microsoft would try this (1)

hedwards (940851) | more than 2 years ago | (#37929276)

The difference is that MS is requiring secure boot for a special logo, but not telling manufacturers whether or not to allow other oses to be installed. In practice, I wouldn't be surprised if some vendors opted not to allow people to turn it off or provide alternate keys.

Re:I doubt that Microsoft would try this (4, Insightful)

walterbyrd (182728) | more than 2 years ago | (#37929306)

MS would just say that the hw makers decided to do it. Besides, MS never gets more than a slap on the wrist.

Why would MS do this? The same reasons that MS funded the scox-scam, and bribed officials in the OOXML scam.

Re:I doubt that Microsoft would try this (1)

nightfell (2480334) | more than 2 years ago | (#37929928)

I think it's much simpler than that. For MS to go to any trouble to lock out Linux, Linux would have to be an actual threat to them. Linux's market share is around 1%. It's truly not worth their effort, and it's completely impossible for them to lock Linux out of every PC. The best they could hope for is to lock down some PCs from some manufacturers and some motherboards from some motherboard makers. That's it.

On the other hand, individual PC makers could decide locking their computers to Windows would be beneficial. MS could offer a licensing discount, and quite simply, locking the boot system could help lower support costs for the manufacturer.

Disabling secureboot implys a Non-Win OS is risky (3, Interesting)

Anonymous Coward | more than 2 years ago | (#37929218)

The requirement to disable Secureboot in order to run a non-Windows OS will imply that the other OS is less secure. Just another way for M$ to try and make the hardware pseudo-proprietary. This is not much different than the 'Windows Key'. Ask yourself, Is this an attempt to incorrectly solve a problem that doesn't exist or just another FUD tactic from a behemoth corporation?

Re:Disabling secureboot implys a Non-Win OS is ris (0)

Anonymous Coward | more than 2 years ago | (#37929264)

Ask yourself, Is this an attempt to incorrectly solve a problem that doesn't exist or just another FUD tactic from a behemoth corporation?

Neither. You present a false dilemma.

No, that's not a solution (3, Insightful)

liquidweaver (1988660) | more than 2 years ago | (#37929220)

Disabling secure boot is not a solution - it's crippling the security, needlessly. I'd love to hear my Dell rep explain to me on my next round of server purchases that I cannot use a fantastic feature to protect the security of my linux servers because they were too lazy/corrupt to enable me to use my own platform key. I will buy from the vendor who allows my to set the PK, and will not from those who refuse. Period.

Re:No, that's not a solution (0)

Anonymous Coward | more than 2 years ago | (#37929290)

Um, the point of secure boot is not just so you trust your own computer, it is also (and perhaps more importantly) so others know they can trust your computer. No vendor with half a brain is going to let you use your own key.

Re:No, that's not a solution (2)

mystik (38627) | more than 2 years ago | (#37929578)

Remote attestation will verify the trust all the way to the root platform key, be it Microsoft's or another vendor.

The power to install my *OWN* key, means *I* have the power to trust that *my* server, with *my* software has not been compromised. This is kind of a big deal, and helps protect against all sorts of rootkits.

A toggle that is simply "Use MS's Key" and "Use no key at all" is not an acceptable option.

Missed the point (2)

betterunixthanunix (980855) | more than 2 years ago | (#37929674)

If your computer is going to run consumption-oriented software, then a priori its owner is assumed to be untrustworthy. This is indeed a security engineering problem: they want to prevent a repeat of the CSS key leak, which was only possible because DVD playing software could be examined. If you choose not to forfeit that sort of control over your computer, you will simply not be allowed to play new movies (not immediately; think 20 years into the future).

"If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." -- George Orwell

Re:Missed the point (1)

Lehk228 (705449) | more than 2 years ago | (#37929824)

chip still holds the key, a fancy enough antenna(narrowly directed, multi pickup, and a high speed sampler) and a decent AI should be able to pry the key out of the chip by analyzing the electronic noise it makes

Re:No, that's not a solution (0)

Anonymous Coward | more than 2 years ago | (#37929678)

it is also (and perhaps more importantly) so others know they can trust your computer

That is not for the vendor or anybody else except the owner to decide. If the owner decides to [not] put in keys
of other parties that may [not] be trusted by others it is their choice. Not yours, not M$ and not anybody else.

Ownership, by definition, is the ability to control something. Not giving owners the keys is a direct attack on
ownership rights, devaluing the product to a rental.

Re:No, that's not a solution (1)

Penguinisto (415985) | more than 2 years ago | (#37929692)

I get the feeling that, come your next server RFP, your HP and Dell sales reps are going to ask you which secure boot version you want - Windows, ESXi, RedHat, or SuSE (maybe, but only because Intel has a hard-on for it as their own preferred server distro). You really won't have any other alternative.

'course, that's going to limit the flexibility, and require you to buy a new server (or buy some sort of firmware/EFI flash utility) whenever you put another OS on it. Then again, considering that you'll be buying something from the vendor, it's not like they're going to lose that much sleep over it...

Re:No, that's not a solution (2, Interesting)

betterunixthanunix (980855) | more than 2 years ago | (#37929758)

I get the feeling that, come your next server RFP, your HP and Dell sales reps are going to ask you which secure boot version you want - Windows, ESXi, RedHat, or SuSE (maybe, but only because Intel has a hard-on for it as their own preferred server distro). You really won't have any other alternative.

I doubt it, there are too many businesses that need to be able to run whatever they want on their servers. Right now businesses want more flexibility, not less.

What you can bet on, though, is that you will never be allowed to use any of those servers to play movies, music, or video games. The split between "consumer" systems and "enterprise" systems is going to be enforced with secure boot. Consumers will not be able to install their own OSes, or if they do disable or modify secure boot, they will permanently lose the ability to run movie or music playing software. My system has an option to disable the TPM...but once disabled, it can never be reenabled, and there is no reason to think that the new boot process will be any different.

Hackers enjoyed a 30 year victory period, where PCs were available to all and controlled by their users. That period appears to be ending, with the same entrenched media interests reasserting their control. At the end of the day, the secure boot process is about marketing PCs as media consumption platforms. You cannot run whatever software you please on your cable TV box or satellite receiver, nor can you run any software you please on your DVD/Bluray player, nor on your video game consoles. The goal is for your PC to act as a replacement for all of that, and the loss of control is a key step in that process.

Duh (2, Insightful)

bigstrat2003 (1058574) | more than 2 years ago | (#37929246)

There's never been any real reason to believe that locking down of this feature would happen, apart from FUD. This whole thing is a tempest in a teapot, and it's frankly sad to see how many members of the community are willing to believe that "on by default" necessarily means "unable to turn off".

Re:Duh (5, Insightful)

Sasayaki (1096761) | more than 2 years ago | (#37929272)

For now.

Features like this tend to creep their way in slowly.

- It's something you can turn on.
- It's on by default, but you can turn it off easily.
- It's on by default and you need a CS degree to turn it off.
- It can only be turned off by hacking your system.
- It can only be turned off by hacking your system, and this is illegal to do.

Re:Duh (1)

Microlith (54737) | more than 2 years ago | (#37929332)

Damnit. Posting to clear bad mod :(

Re:Duh (0)

bigstrat2003 (1058574) | more than 2 years ago | (#37929334)

Except, as another commenter pointed out already, there's practically no incentive for Microsoft to push such an agenda with PC makers (the market for Linux/other OS desktops is very small compared to Windows, and no threat at this time), while there is a strong disincentive (if caught, they would be slapped HARD). I fully appreciate the nature of slippery slopes, but that doesn't mean that one must assume that we will arrive at the bottom just because the potential is there.

Re:Duh (2)

exomondo (1725132) | more than 2 years ago | (#37929474)

For now.

Features like this tend to creep their way in slowly.

- It's something you can turn on.
- It's on by default, but you can turn it off easily.
- It's on by default and you need a CS degree to turn it off.
- It can only be turned off by hacking your system.
- It can only be turned off by hacking your system, and this is illegal to do.

out of interest, where has such a thing followed that progression?

Re:Duh (0)

Anonymous Coward | more than 2 years ago | (#37929650)

In the masturbatory world-saving fantasies of every basement-dwelling fat fuck that dwells here. Real world? Can't think of any.

Re:Duh (1)

Penguinisto (415985) | more than 2 years ago | (#37929724)

Gaming consoles for starters. Used to be you could mod the unholy crap out of 'em, mod others' boxes, and nobody would care.

Do it now and you're screwed for most online uses of the device. Pass it around, and you're under arrest.

CS degree? try MS CERT to trun on boot os MS old o (2)

Joe_Dragon (2206452) | more than 2 years ago | (#37929524)

CS degree? try MS CERT to trun on boot os MS old or IT CERT / TECH SCHOOL / IT license to trun on boot Linux.

any ways windows lock in with app store lock in will be a MAJOR Anti trust issue.

Also there are industrial systems ruining old software / hardware that will be need to be on there own and I don't think people will like having to be locked into coding for what even UI MS wants to force on you as part of there locked down app store for your system that is running industrial systems.

What about nuclear plans and other places with systems that don't run windows?

Re:Duh (1)

nightfell (2480334) | more than 2 years ago | (#37929976)

For now.

Features like this tend to creep their way in slowly.

Only if there's some reason for them to. Features don't just magically creep in on their own. People have to have some motivation to implement them. So, what's the motivation here?

- It's something you can turn on.
- It's on by default, but you can turn it off easily.
- It's on by default and you need a CS degree to turn it off.
- It can only be turned off by hacking your system.
- It can only be turned off by hacking your system, and this is illegal to do.

Can you cite even one example of this ever happening? How can you say this tends to happen? It's just geek paranoia. Nobody is going to try to stop you from running Linux, and nobody even *can* stop you. The worst thing that can happen is that there will be *some* hardware that can't run Linux, just has been the case since Linus first started this project.

Re:Duh (1)

TechyImmigrant (175943) | more than 2 years ago | (#37929308)

>There's never been any real reason to believe that locking down of this feature would happen, apart from FUD.

This is untrue. An OEM can control whether or not the purchaser can control the keys and trust list on the hardware they sell. There is nothing about secure boot that forces the OEM to take one action or another. Locking down of the feature might well happen on some platforms. Check before you buy.

Re:Duh (1)

bigstrat2003 (1058574) | more than 2 years ago | (#37929360)

The fact that it is possible for something to occur is not a reason to believe that it will occur. It's possible that I'll take horrible offense to one of your posts, engage in some drawn-out process to hunt you down in real life, and murder you brutally. You'd be a fool to spend even a moment's thought worrying about it, however, because such an event is exceptionally unlikely.

Re:Duh (1)

exomondo (1725132) | more than 2 years ago | (#37929482)

>There's never been any real reason to believe that locking down of this feature would happen, apart from FUD.

This is untrue. An OEM can control whether or not the purchaser can control the keys and trust list on the hardware they sell. There is nothing about secure boot that forces the OEM to take one action or another. Locking down of the feature might well happen on some platforms. Check before you buy.

An OEM can completely lock you out of the BIOS too, this is no different.

Re:Duh (0)

Anonymous Coward | more than 2 years ago | (#37929342)

Except common sense, and past experience, which shows that many a vendor will implement as
little of a feature as will get Windows to boot.

Re:Duh (1)

DarwinSurvivor (1752106) | more than 2 years ago | (#37929428)

Or they're just making DAMN SURE it won't by making everyone aware of the possibility.

Re:Duh (2, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#37929456)

There's never been any real reason to believe that locking down of this feature would happen, apart from FUD

Yeah, because we never saw a company try to pull something like that...

http://en.wikipedia.org/wiki/Xbox [wikipedia.org]
http://en.wikipedia.org/wiki/Playstation_3 [wikipedia.org]
http://en.wikipedia.org/wiki/Nintendo_wii [wikipedia.org]

Let us not forget that media consumption is widely considered to be a strategic area for personal computer vendors to move into. We are going to be seeing more and more entertainment moving to PCs, and hardware and software makers can make their systems more competitive in the entertainment marketplace by locking down their products. Remember how the CSS keys were obtained? That is the sort of thing that movie studios want to prevent people from doing in the future, and that means that they are going to fight to ensure that people do not control their own computers.

Just you wait. It won't be the first generation of UEFI systems, it will be a subsequent generation; the feature will be quietly slipped into consumer systems. Companies will advertise to consumers how their systems support some new video distribution system or format, and most people will never even question the loss of control (or notice it). The free software community will be forced to buy high-end workstations or systems from lesser known PC makers, and will be left out of the loop on new media formats as we already are with mainstream gaming.

Re:Duh (0)

bigstrat2003 (1058574) | more than 2 years ago | (#37929880)

To repeat myself from a post further up:

The fact that it is possible for something to occur is not a reason to believe that it will occur.

As a corollary, the fact that something vaguely similar has happened in a not-entirely-related arena is not a reason to believe that the event will occur. Nothing has ever stopped PC manufacturers from locking down their computers in ways that are unfriendly to the consumer. They have not done so. There's no evidence to suggest that they will start doing so now. In fact, there is reason to believe that it will not happen.

The whole thing is pure unsubstantiated FUD, unless someone can drag up a scrap of evidence that PC manufacturers are planning to restrict users from disabling the secure boot feature. And that's not even getting into the common claim that this is a conspiracy perpetrated by Microsoft, which, again, there has been not a scrap of evidence to support that I've seen.

Re:Duh (1)

betterunixthanunix (980855) | more than 2 years ago | (#37929990)

As a corollary, the fact that something vaguely similar has happened in a not-entirely-related arena is not a reason to believe that the event will occur

Not entirely related? Let's see...

  • Gaming is a billion dollar industry on both consoles and on PCs.
  • The business strategy surrounding PCs is based on media consumption, for which DRM has never been taken off the table.

In general, when large companies with entrenched interests in marketing their platforms to music and movie studios talk about security, it is safe to assume they are talking about the security in the context of preventing people from doing certain things with their computers. Blizzard has invested significant resources in this sort of security, to enforce the rules of their video game and ensure that people have paid the appropriate fees.

There's no evidence to suggest that they will start doing so now.

Does this count?

http://en.wikipedia.org/wiki/Digital_Entertainment_Content_Ecosystem [wikipedia.org]

No. Its worse than it looks. (2, Insightful)

unity100 (970058) | more than 2 years ago | (#37929316)

If it was something that was really locking linux out in an apparent fashion, matter could be taken into courts.

But now customer is not prevented from doing it - but, this time will need to be able to get into bios, turn it off, and only after that install linux.

as you can readily agree, vast majority of computer users would not even know what 'bios' was. so, if a non-tech person from idaho was recommended linux, and got ahold of a cd and attempted to install it ............ go figure.

This situation will make it slower for linux proliferation in mainstream, due to the tech aptitude threshold. And conveniently too - you cant argue against it because if someone knows what a bios is and what is the setting for allowing other oses, s/he can do it. if not, s/he can not. so convenient.

Re:No. Its worse than it looks. (1)

Anonymous Coward | more than 2 years ago | (#37929368)

Yeah, that's it. Linux has just been zipping up the charts in terms of consumer installs. It is surely secure boot that is preventing widespread adoption of Linux.

dont make stupid arguments. (0)

unity100 (970058) | more than 2 years ago | (#37929440)

Something that will slow down something, will slow it down, regardless of how fast or slow that was.

Will windows 7 run in SecureBoot mode? as if not (1)

Joe_Dragon (2206452) | more than 2 years ago | (#37929346)

As if SecureBoot needs to be off for windows 7 to boot then OEM will be just about forced to have it off or at the very least on the business line.

Even then for home use let's see windows 8 metro ui may be a no go for
*metro app only in metro ui, so no steam, no iTunes, and other apps in metro mode.
*app store lock in and censorship for metro apps.
*no multitasking as it is now in metro mode.

I think people will go back to 7 or say 7 is fine.

Re:Will windows 7 run in SecureBoot mode? as if no (1)

tepples (727027) | more than 2 years ago | (#37929608)

As if SecureBoot needs to be off for windows 7 to boot

Unless Microsoft releases a service pack that adds UEFI Secure Boot support to Windows 7.

*metro app only in metro ui, so no steam, no iTunes, and other apps in metro mode.

Then press the Windows key to bring up the desktop.

What if I want to dual boot? (1)

Osgeld (1900440) | more than 2 years ago | (#37929350)

Do I have to rip the side of my case off and find a single dip switch between the video card and CPU?

Um nah, that's ok you can keep that.

Hardware manufacturers (0)

Anonymous Coward | more than 2 years ago | (#37929364)

Why are they asking Dell and HP, whom honestly although they can request features with the buying power they have, they aren't the ones that make motherboards or bios's. So why are we 1. asking them 2. giving a shit what they answer?

missing the obvious, here. (1)

texaport (600120) | more than 2 years ago | (#37929384)

it is really just a plot to keep my reverse-Hackintosh from coming to market. I cannot see how we will ever have an inexpensive, stand-alone Mac running Windows 8 (ie., free from Bootcamp, VMWare or Parallels) Well played, Microsoft.

halloween v.2011? (1)

rainhill (86347) | more than 2 years ago | (#37929408)

No plots? I'll wait for halloween docs version 2011 to confirm this.

For what its worth (1)

abednegoyulo (1797602) | more than 2 years ago | (#37929452)

The freedom of choice on what operating system the user wants on his/her computer is like the freedom of every car owner to select which gasoline station he/she wants to fill his/her car.

Correct me if my car analogy is wrong.

No more easy, idiot-proof installation of $DISTRO (1)

Anonymous Coward | more than 2 years ago | (#37929476)

So I guess now people will have to figure out what magical key combination gets them into their BIOS/UEFI setup screens and then find some no doubt confusingly named option to toggle, to be able to boot a Linux (or non-Windows) live-CD at all.. This is sad, because distros like Ubuntu were doing a pretty decent job at making installing Linux idiot-proof.

Wether or not this was some evil plan of Microsoft (there are obviously good reasons why one might desire the secure boot feature), I think this little detail can slow Linux adoption on the desktop more then you might think (and you and I may not care about that, but I understand why the EFF and some Linux hackers do). It means anyone not familiar with PC BIOS setup screens will probably need help installing anything non-Windows.

Personally the only reasonable thing I think that can be done to make this secure boot work without overly complicating non-Windows installs and without confusing users too much is perhaps this: when the BIOS is made to boot code it can't verify, it'll simply ask the user something along the lines of: "An unrecognized operating system has tried to boot. If you are installing a new operating system, press F2, otherwise, press any other key to boot securely."

When you switch from hard drive first to CD first (1)

tepples (727027) | more than 2 years ago | (#37929636)

You need to get into BIOS to switch from hard drive first to CD first or USB first anyway. What's the big deal from switching from "hard drive first, secure boot on" to "CD first, secure boot off" or "CD first, import new bootloader key from CD"?

Unacceptably thin concession (1, Insightful)

mysidia (191772) | more than 2 years ago | (#37929554)

Dell plans to have a BIOS switch to allow SecureBoot to be disabled,

Can you please remind me again... what percentage of the average user population knows how to change a BIOS switch?

Currently they can just pop in their knoppix CD or try Ubuntu with a Live CD; No expertise regarding BIOS settings required (normally).

What we have here is an anti-competitive practice being endorsed by Microsoft in the form of a logo validating "Secure" boot.

This is a low blow, and a shoddy attempt to ward away other OSes, and prevent you from booting your computer to whatever application or OS you want to boot it into.

Re:Unacceptably thin concession (0)

Anonymous Coward | more than 2 years ago | (#37930010)

In most consumer sistems i have used, you actually have to go into the BIOS to change the boot order, or press a key to go to boot source selection.

If you can do that I don't see why you couldn't disable secure boot, it's just one or two extra steps.

please keep in mind (1)

Truekaiser (724672) | more than 2 years ago | (#37929572)

we are at least a year away from 8 being released. plans change and they might change their minds. it would be pref-able that NO motherboard had this option to start with.

A Call To Arms - Very Important ! (0)

Anonymous Coward | more than 2 years ago | (#37929600)

If you do not have complete control over the platform key, you DO NOT own your own computer!

Its that simple, if you dont own the master keys, prepare to have DRM and any other technology the government wants shoved down your throat

Think it wont happen?

They already tried: http://www.politechbot.com/docs/hollings.090701.html

Don't believe it (0)

Anonymous Coward | more than 2 years ago | (#37929638)

I don't give that article any credibility because of the completely inaccurate rubbish ZDnet has come out with on that issue already. Their story on Linux Australia and secure boot was far from the truth and very clearly shows that they did not read their source (our mailing list) properly. They claimed that we had a case against MS for a product no where near release because some of us contacted the ACCC and got a canned response saying there was the possibility of court precedings. The reality was that we got canned responses and the council is talking to hardware manufacturers and experts. Considering how far off they were with that, I don't believe that article even slightly. In that article they imply that no FOSS groups are talking to hardware manufacturers, but I know that Linux Aus at the min

Another Benefit (1)

no-body (127863) | more than 2 years ago | (#37929658)

Even if it can be disabled, great FUD argument is that all which disables it is UNSAFE!

It's an ongoing turf war.

self-described (3, Insightful)

PopeRatzo (965947) | more than 2 years ago | (#37929670)

From the comments at the ZD story:

Protecting 99% of users is more important than catering to the whims of a whiny 1%.

Where have we heard that before?

Can you believe Microsoft is using the language of Occupy Wall Street to try to position itself as the "masses" fighting the "whiny 1%" of people who prefer OSS?

ZDNet, Ed Bott, and some Microsoft executives all need to burn in hell.

Re:self-described (1)

Anonymous Coward | more than 2 years ago | (#37930028)

Maybe if you'd actually read the article and had any kind of reading comprehension you'd know that that's basically the opposite of Microsoft's actual position. You might also have gathered that that's a comment a user left on the article and that internet commenters tend to be idiots (you being a very good case in point),

Microsoft Tax (1)

Rie Beam (632299) | more than 2 years ago | (#37929694)

What about license agreement? I remember the whole "Microsoft Tax" issue a few years back, where it was basically determined that if you purchased a computer and did not approve the license, you could get a refund on the operating system software (i.e., Windows).

If I purchase a computer and have no plans to dual-boot Windows and Linux, how is this not forcing an illegal tie-in on the consumer? In that I literally cannot opt out of using a Microsoft product? Didn't they -just- have huge lawsuits about this a decade ago? Would they be so idiotic as to try to require bundled software once again?

Re:Microsoft Tax (0)

Anonymous Coward | more than 2 years ago | (#37929882)

That's actually impossible these days. That was an artifact of the Windows XP license, you can no longer obtain a refund for bundled windows.
Even if you legally could, it's absolutely impossible to get through the wall of customer service drones that insist that Windows was bundled and therefore your only recourse is to return the machine.

nds r4 , ndstt , nintendo ds r4i , nintendo ds r4 (-1)

Anonymous Coward | more than 2 years ago | (#37929708)

nds r4 [gamecardsale.com]
ndstt [gamecardsale.com]
nintendo ds r4 [gamecardsale.com]
nintendo ds r4i [gamecardsale.com]
nintendo r4i [gamecardsale.com]
nintendo r4 [gamecardsale.com]
ps3 controller [gamecardsale.com]
ps3 wireless controller [gamecardsale.com]

The way I see this whole deal (0)

Anonymous Coward | more than 2 years ago | (#37929714)

If anything, lock out, if it indeed takes place, is more likely to effect prebuilt of-the-shelf OEM craputers, the ones that don't ship with the OS CD, and are filled to the brim with crapware, ie: things nobody in their sane mind, except the tech illiterate would opt buying. The higher end systems, as well as anything someone builds on their own, will likely not be effected by this.

You don't want to dual boot anyway. (1)

mark_reh (2015546) | more than 2 years ago | (#37929846)

I used to dual boot win XP and Ubuntu. Win XP started trashing the file system on the HDD and I tried to run chkdsk to fix it but Grub wouldn't allow chkdsk to run. So the file system kept getting worse and worse and the performance suffered mightily. I finally had to wipe the whole thing and start over.

The best way to run windows in in a virtual machine in the Linux or your choice. Who needs Windows anymore any way? OK, I do- I still need it to run Google Sketchup- and that even requires IE- yuck!

"It's not paranoia ... (0)

Anonymous Coward | more than 2 years ago | (#37930026)

... if they're really after you." -- H. Ross Perot.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>