Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Free Software Foundation Campaigning To Stop UEFI SecureBoot

timothy posted about 2 years ago | from the no-one-will-ever-name-a-child-uefi dept.

DRM 355

hypnosec writes "The Free Software Foundation is on an offensive against restricted boot systems and is busy appealing for donations and pledge in the form of signatures in a bid to stop systems such as the UEFI SecureBoot from being adopted on a large-scale basis and becoming a norm in the future. The FSF, through an appeal on its website, is requesting users to sign a pledge titled 'Stand up for your freedom to install free software' that they won't be purchasing or recommending for purchase any such system that is SecureBoot enabled or some other form of restricted boot techniques. The FSF has managed to receive, as of this writing, over 41,000 signatures. Organizations like the Debian, Edoceo, Zando, Wreathe and many others have also showed their support for the campaign."

Sorry! There are no comments related to the filter you selected.

Grub? (4, Interesting)

TheRealMindChild (743925) | about 2 years ago | (#42423315)

Hasn't Ubuntu made GRUB a SecureBoot [h-online.com] boot loader? How isn't this sufficient?

Re:Grub? (-1, Flamebait)

Anonymous Coward | about 2 years ago | (#42423363)

Because RMS and other GNU maintainers think implementing SecureBoot is hard.

Re:Grub? (3, Insightful)

Microlith (54737) | about 2 years ago | (#42423421)

Hard? No.

The problem is how inherently Microsoft-centric and user-hostile it is.

Re:Grub? (-1, Flamebait)

Osgeld (1900440) | about 2 years ago | (#42423715)

its not user hostile, most users will never even know its there, its only hostile to people who see it as hostile

Re:Grub? (5, Insightful)

Nerdfest (867930) | about 2 years ago | (#42423811)

Someone wanting to try Linux to see what it's like will most definitely see that it's there.

Re:Grub? (-1, Flamebait)

Osgeld (1900440) | about 2 years ago | (#42423977)

then they can use ubuntu

Re:Grub? (3, Insightful)

sjames (1099) | about 2 years ago | (#42423849)

I.e. any user that actually wants to tinker with the system.

Re:Grub? (5, Insightful)

Ynot_82 (1023749) | about 2 years ago | (#42423435)

How isn't this sufficient?

It's not sufficient, because it doesn't solve the problem.

The problem is that MS's implementation of secure boot allows them to control what can and cannot boot on a device.
It is entirely at their discretion.

This is already in practice with the surface tablets
See Mathew Garrett's recent blog post
http://mjg59.dreamwidth.org/21189.html [dreamwidth.org]

As you can see, locking out other OSs is already in place for the Surface tablet, which is unable to boot any other system (even with the boot-loader shims done by RedHat, Ubuntu and the Linux foundation.)

Re:Grub? (3, Funny)

drankr (2796221) | about 2 years ago | (#42423479)

Irrelevant - this would be a problem if people were actually buying and using "surface tablets".

Re:Grub? (5, Insightful)

Ynot_82 (1023749) | about 2 years ago | (#42423609)

and when will it become relevant to you?

When they push Windows-only "secure boot" on laptops?
When they push Windows-only "secure boot" on servers?
When they push Windows-only "secure boot" on desktop machines?

When, exactly, will this obviously evil and anti-competitive move be of relevance to you?

Re:Grub? (5, Funny)

Anonymous Coward | about 2 years ago | (#42423703)

When they put Windows-only "secure boot" on Surfaces I didn't say anything because I didn't own a Surface.
When they put Windows-only "secure boot" on laptops I didn't say anything because I didn't own a laptop.
When they push Windows-only "secure boot" on servers I didn't say anything because I didn't own a server.
When they push Windows-only "secure boot" on desktop machines I didn't say anything because I didn't own a Desktop.
Boy, am I glad I own an iMac, iPad and iPhone ... um, wait ...

Re:Grub? (1)

Hentes (2461350) | about 2 years ago | (#42423941)

So how many laptops, servers and desktops does Microsoft produce?

Re:Grub? (1)

Anonymous Coward | about 2 years ago | (#42424029)

how many do they need to produce if they are the gate keeper?

Re:Grub? (1)

Anonymous Coward | about 2 years ago | (#42424025)

The Niemoeller poem [wikipedia.org] comes to mind.

If I bought it, it's my computer and I want to control it.

Re:Grub? (1)

Anonymous Coward | about 2 years ago | (#42423759)

>The problem is that MS's implementation of secure boot allows them to control what can and cannot boot on a device.

It is MS's hardware specifications that motherboard and hardware OEMs are adhering to and that has been the case all the way back to the DOS era. Linux x86 and x64 was and is still piggybacking on the design of motherboards designed and tested to run Windows. Clearly, the Linux community has zero standing to complain about how MS's standards don't meet their requirements.

The FSF or some other OSS entity needs to come up with their own hardware spec and get OEM to manufacture systems to that standard.

Re:Grub? (3, Insightful)

mellon (7048) | about 2 years ago | (#42423867)

Not exactly, but you're on the right track. A hardware spec is kind of useless—hardware changes too fast. But a BIOS spec that supports open source would be worth defining, even if it's largely what we have right now. This would allow manufacturers to badge their machines as supporting Linux, which I would expect to be a key feature in the server hardware business, and a viable niche feature in desktops and laptops.

The long term outcome of this might actually be a serious win for the open source community, because it would create market differentiation where before we've been skating on vague hopes of compatibility.

Re:Grub? (2, Insightful)

Anonymous Coward | about 2 years ago | (#42423559)

Why can't they use a hardware jumper for this instead of requiring signed code?

Re:Grub? (3, Insightful)

Alex Belits (437) | about 2 years ago | (#42423639)

Because then it won't keep those computers Windows-only.

Re:Grub? (3, Interesting)

Sir_Sri (199544) | about 2 years ago | (#42423805)

Probably because people may still want to update their MOBO firmware without opening the case, same with installing a new OS.

It's one thing to do it on your machine at home. It's another to deploy 500 machines where you have to change a jumper on each one, and then change it back.

Re:Grub? (5, Interesting)

cheesybagel (670288) | about 2 years ago | (#42423631)

What Ubuntu did was very unsatisfactory. You still cannot easily compile your own kernel. What that ex-RedHat guy did was a lot better since you can load anything you want as long as you confirm your choice on boot.

Here is what RMS should be doing instead of this petition which is going to get nowhere:

1. Restart work on coreboot
2. Make coreboot work with Windows and Linux as is
3. Convince more motherboard manufacturers to support coreboot
4. Ask Linux users on install if they want to backup their old BIOS and install coreboot as their default BIOS

Re:Grub? (5, Insightful)

Anonymous Coward | about 2 years ago | (#42423969)

This is almost as simple as "write high quality open source drivers for all graphics chips". Let's do it!

Re:Grub? (3, Insightful)

sjames (1099) | about 2 years ago | (#42423845)

It's not sufficient because it leaves MS, a company known for it's extreme hatred of Free software, able to decide what will and will not boot on locked down SecureBoot devices. As a bonus, it sends a message to others who implement different lick-in schemes that they could be next on the boycott list.

Even on SecureBoot systems that aren't completely locked down, it establishes a very definite class system where only MS OSes and those that pay tribute to the king are first class citizens.

Not objecting suggests that it's OK for MS to further erode the meaning and value of property rights (other than their own, of course).

i wont buy hardware like that (-1)

Anonymous Coward | about 2 years ago | (#42423317)

screw it ill start getting parts and building my own and i bet that will make me a ton a cash
so go on microstupid and apple keep it up your making me flush with doh i love you idiots er guys

Re:i wont buy hardware like that (4, Funny)

TheRealMindChild (743925) | about 2 years ago | (#42423375)

I'm pretty sure your shift key is broken. Possibly, your comma key as well

Re:i wont buy hardware like that (0, Funny)

Anonymous Coward | about 2 years ago | (#42423615)

I'm pretty sure your shift key is broken. Possibly, your comma key as well

Punctuation isn't free. You and your "I'll use it 'cuz I got it" attitude doesn't fly in our txt/140 world.

Re:i wont buy hardware like that (-1)

Anonymous Coward | about 2 years ago | (#42423665)

i am pretty sure we don't give a shit, now aren't you late to your lecture on how to tighten anuses?

Re:i wont buy hardware like that (0)

Anonymous Coward | about 2 years ago | (#42423405)

screw it ill start getting parts and building my own and i bet that will make me a ton a cash
so go on microstupid and apple keep it up your making me flush with doh i love you idiots er guys

Huh?

in soviet russia (-1, Offtopic)

Anonymous Coward | about 2 years ago | (#42423321)

the petiton signs you

Straight jacket clipart (2, Insightful)

Anonymous Coward | about 2 years ago | (#42423329)

I like the straight jacket clipart - It reminds me of how this is all just insanity.

Secure Boot is a good thing people! It means I can actually lock out my machines so they'll only boot linux and never windows!

Too late (0)

Anonymous Coward | about 2 years ago | (#42423333)

It's already commonplace, and almost no one noticed.
There's nothing that can be done. Regardless of which half of the Party is in power, no one's going after the monopolists.

Concealed defect (3, Interesting)

jandar (304267) | about 2 years ago | (#42423337)

It should be mandated that any restriction on a general purpose computer has to be stated clearly as such on the packing, otherwise it would a intentionally concealed defect.

Re:Concealed defect (1)

bbelt16ag (744938) | about 2 years ago | (#42423399)

i didnt have any problems booting from usb, although it was turned off by default, but i am not buying tablets and what not so they just going to loose money on me..

Re:Concealed defect (2)

Kjella (173770) | about 2 years ago | (#42423613)

i didnt have any problems booting from usb, although it was turned off by default, but i am not buying tablets and what not so they just going to loose money on me..

Anything that wants the "Made for Windows 8" sticker must ship with Secure Boot enabled, whether it's tablets, laptops, desktops or whatever. In practice that is any Win8 machine shipped from a major OEM, I'm guessing there's smaller stores who might install Win8 without enabling it but try it on any HP, Dell, Lenovo, Acer, Asus or any other big name machine shipping with Win8. Clearly the machine you tried isn't one of them, because you will find it is very, very hard to boot anything else...

Re:Concealed defect (4, Informative)

Missing.Matter (1845576) | about 2 years ago | (#42423859)

Any x86 machine must also include the ability to turn secure boot off as well, according to ms win8 certification guidelines.

Re:Concealed defect (2)

jbolden (176878) | about 2 years ago | (#42424017)

Microsoft has been pretty clear about where UEFI is and the spec. They've been publishing papers, having websites, publishing books, giving talks, having videos on channel 9 for over a dozen years. You may disagree with them, but you can't accuse them of lack of disclosure.

Not realistic (4, Insightful)

girlintraining (1395911) | about 2 years ago | (#42423367)

Richard, it's a nice sentiment, but what are the alternatives? Signing something saying I won't buy a UEFI-enabled system is basically saying I've doomed myself to the stone age. Every company is switching over. Nobody's going to go for that in the long term, anyone signing that is doing it just to make a statement. Eventually, their decrepit pre-UEFI system is going to fry, and they're going to go looking for a new one.

Rather than do something useless like a petition, which have a very low success rate on the internet, why not give us something useful: Like a list of motherboards and builds that do not have UEFI and sport otherwise modern hardware and features?

Re:Not realistic (1)

Anonymous Coward | about 2 years ago | (#42423415)

1. It must be disabled at first boot (it can enable itself from windows setup or something)
2. It should be able to have a trusted key loaded from a usb drive, ONLY WHILE IN UEFI/BIOS

This solves everyone's problems, I think

Re:Not realistic (1)

jbolden (176878) | about 2 years ago | (#42424033)

No it doesn't. You don't want the key to be loadable at all you want it installed in hardware and unchangeable. You might want the OS to change, but you don't want to change how the OS is signed.

Re:Not realistic (2, Insightful)

Microlith (54737) | about 2 years ago | (#42423431)

a list of motherboards and builds that do not have UEFI

Which will trend to zero very rapidly. The problem, of course, is not UEFI but the Microsoft-centric architecture behind Secure Boot.

Re:Not realistic (2, Informative)

tftp (111690) | about 2 years ago | (#42423485)

Which will trend to zero very rapidly.

If there is a demand there will be the offer. I will personally make m/boards for you that run whatever CPU you want and use whatever booting technology you want. If you insist I can use an entirely FPGA-based design that is 100% F/OSS. It may not be as good as an Intel CPU, but it will work.

OpenCores Projects [opencores.org]

The only way to block this is to make it illegal. But I cannot imagine how you can make microcontrollers illegal today. Would I need a license to own a debugger or a soldering iron?

Re:Not realistic (2)

Kjella (173770) | about 2 years ago | (#42423769)

I will personally make m/boards for you that run whatever CPU you want (...) It may not be as good as an Intel CPU, but it will work.

So which is it, can you make me a LGA1155 socket motherboard or can't you? Or did you mean "any CPU you want, as long as it's an ancient and outdated one with open specs"?

Re:Not realistic (3, Informative)

tftp (111690) | about 2 years ago | (#42424001)

So which is it, can you make me a LGA1155 socket motherboard or can't you? Or did you mean "any CPU you want, as long as it's an ancient and outdated one with open specs"?

I can make any motherboard, with LGA1155 or any other socket - or with direct attachment of a CPU that is packaged as a BGA. Why not? It's not rocket science. The pin grid is 0.91 mm [intel.com] , which is pretty generous today. My last BGA design involved a part with a 0.5 mm pitch; that was expensive. You may want to have Intel's reference designs, but they are obtainable today, and I have some for Atom (because that's what I need.) The DDRx routing will have to be carefully done, but that's also not an impossible task. I built 20A, 0.9V polyphase power supplies before, for a PowerPC project. There is hardly anything else that is notable.

But super-fast and super-hot motherboards of this kind are not what the digital rebel needs, IMO. He needs a small, lightweight, portable system - a tablet would be ideal, especially if it accepts external attachments like the monitor and USB. In reality all modern tablets are already suitable for the task. Communication, not data crunching, is the primary use of computers today - and any low-power system can do it just as well as a hot desktop.

Another reason for a digital rebel to not depend on Intel is that Intel can be asked (or forced) to make sure that their CPUs don't even start until they authenticate with the BIOS. You can build such a system already. For example, the CPU will refuse to access most of its address space until it issues a challenge to the BIOS (or TPM) and receives a correct response. The pre-auth mode would be just good enough to boot up, but if you need to run an OS you need the CPU unlocked. The private key to the CPU is in the mask, and the chances of getting to it are nearly zero.

In this situation it is essential to have an entirely free CPU design that is not constrained by artificial barriers. There are already lots of good CPUs that are ready for an FPGA. If there is a need, a SoC can be synthesized from existing RTL components and then manufactured as an ASIC. If that is illegal, use FPGA and program your own bitstream. Either way, computers are here to stay, and the only way to restrict access to them is not technical but social (like public beheading of underground engineers.)

Re:Not realistic (-1)

Anonymous Coward | about 2 years ago | (#42423619)

You are an ignorant douche.

Re:Not realistic (1)

fredprado (2569351) | about 2 years ago | (#42423543)

I don't see your predictions with the same surety you do. Having MS in the control of what runs in all general purpose computers is not good for anybody but to Microsoft. Even if manages to push it at first, there will be enough interest from other companies to make systems outside their control.

Re:Not realistic (1)

Frosty Piss (770223) | about 2 years ago | (#42423979)

there will be enough interest from other companies to make systems outside their control.

Absolutely true. There is enough of a Linux presence in the server market to insure appropriate motherboards are available, and there will always be niche companies providing PC boards as well.

Re:Not realistic (1, Insightful)

DigiShaman (671371) | about 2 years ago | (#42423625)

What's wrong with supporting UEFI secureboot by default, but still providing users a BIOS option of disabling it for legacy/alternate OSes? Secureboot should be an added feature, not a forced requirement for motherboards. If Microsoft Windows X is require secureboot, the user can toggle secureboot on. Why does this have to be such a big deal?

Is there really some conspiracy going on in which Microsoft will own the PC market with Intel as the -unofficial- official Microsoft hardware developer locking out all other OSes?

Re:Not realistic (2)

fredprado (2569351) | about 2 years ago | (#42423991)

MS, as all big companies, wants control, at least enough of it to eliminate any possibility of competition. It cannot force total control out of the blue, but it can try to erode resistance with time, pushing it bit by bit. The current UEFI implementation is just one more attempt to do exactly this.

Re:Not realistic (2)

jbolden (176878) | about 2 years ago | (#42424037)

What you are describing is what Microsoft is doing on x86 systems, pretty much.

Re:Not realistic (0)

Anonymous Coward | about 2 years ago | (#42423643)

"Every company is switching over."
I believe ZaReason said they wouldn't.

Re:Not realistic (1)

sjames (1099) | about 2 years ago | (#42423895)

The pledge does NOT demand non-UEFI systems. It demands:

To respect user freedom and truly protect user security, manufacturers must either allow computer owners to disable the boot restrictions, or provide a sure-fire way for them to install and run a free software operating system of their choice.

Where in there do you see UEFI being rejected? It says the signers will not buy a system that doesn't allow SecureBoot to be disabled by the owner or offer a reasonable alternative for loading any Free Software OS of the owner's choice.

Re:Not realistic (0)

Anonymous Coward | about 2 years ago | (#42423957)

The problem is that UEFI is essentially required if the system disk is bigger than 3tb as the old partition table can't handle a bigger disk. So the manufacturers have to go to UEFI to be able to put bigger disks on (Dell now offers desktop systems with 2tb drives so its not long till it becomes a big problem to not go UEFI). Of course then the question becomes can windows be a host for Linux guest systems? If so then the only object is paying MS for its software. So beyond the issue of secure boot it is the issue of increasingly bigger disks that forces the demise of the older Bios.

Re:Not realistic (0)

Anonymous Coward | about 2 years ago | (#42423961)

Oops make that bigger than 2tb. It bit me when I added a 3 TB disk to windows 8 and repartitioned and 800 gb went into a black hold. I changed the partition table size and the space came out of the black hole.

Antitrust in EU? (5, Informative)

Anonymous Coward | about 2 years ago | (#42423371)

The secure boot crap could be an antitrust issue.
German goverment has spoken abit about it
http://www.h-online.com/open/news/item/German-government-advocates-security-in-the-hands-of-users-1753715.html

Lower the minimum (-1)

Anonymous Coward | about 2 years ago | (#42423395)

The minimum donation is $50. Give me a break. That's a lot of money. How about $5.

Re:Lower the minimum (1)

arth1 (260657) | about 2 years ago | (#42423731)

Yes, saying they don't want my measly $20 or $40 doesn't really endear them to me. The cause is good, but I will look for other ways to support it where my meager contribution would actually be appreciated.

What do distros where signing isn't an option do? I would think that a good portion of LFS and Gentoo users chose it because it gives them control over what they put on their systems, not because of any perceived speed benefits.

UEFI Signature Infrastructure (5, Insightful)

Microlith (54737) | about 2 years ago | (#42423411)

If anything, the FSF should push to have how UEFI handles its signature database, and who handles signing, fixed so that it isn't so wholly Microsoft centric. You can tell because it puts key acquisition and installation in the hands of the system vendors, and the only one they'll independently acquire with any regularity is Microsoft's. And as a result everyone goes to them for signing.

If key handling were decentralized and standardized across all vendors, and adding your own key wasn't mutually exclusive with other keys (as it effectively is now,) then it probably wouldn't be such a problem. Hell, if they included a system-specific key installed on each platform and a hardcopy of the key, that would probably eliminate most of the concerns expressed here.

Unfortunately, doing this would likely require them becoming a promoter ($200,000) and contributing code out the ass to see it happen. As it stands the only OS vendor at that level in the UEFI Foundation is Microsoft. All the Linux vendors are Contributor or lower and can't possibly have a voice as loud as Microsoft. Net result a perfectly good security concept gets twisted into a Microsoft-specific hazard.

Re:UEFI Signature Infrastructure (0)

Anonymous Coward | about 2 years ago | (#42423453)

The signing is the real issue - is it not an antitrust issue as well?

Re:UEFI Signature Infrastructure (1)

Microlith (54737) | about 2 years ago | (#42423583)

Only if they abuse it, which is why Microsoft is treading carefully.

Re:UEFI Signature Infrastructure (3, Informative)

EdZ (755139) | about 2 years ago | (#42423807)

fixed so that it isn't so wholly Microsoft centric

Good news, it's already fixed then!

So who decides what keys can be added to the bootloader? The end user, in the case of every x86 board. Microsoft requires any system vendor to allow end users to add their own keys (either directly, or by wiping the existing keys and requiring the user to add their own and microsofts back in). No user-modifiable Secure Boot, no Windows 8 for you. No windwos 8 certification? The manufacturer can do whatever they want, from locking down the loader to only one key of their choice, or not implementing secure boot at all/ Basically, the current state of affairs.

If key handling were decentralized

It is decentralised. It's so decentralised, that it's handled on a per-end-device basis. Because you manage the keys on your device by entering them.

and adding your own key wasn't mutually exclusive with other keys (as it effectively is now,)

No, it isn't. If you can add your own keys, you can add any keys.

The level of FUD over Secure Boot, and it's non-relation to Windows 8, is astounding.

Re:UEFI Signature Infrastructure (0)

Anonymous Coward | about 2 years ago | (#42423905)

But if you add your own keys then you lose the Windows 8 keys which means you have to hack Windows 8 to think it is running in secure boot mode or risk losing functionality.

Re:UEFI Signature Infrastructure (2)

jbolden (176878) | about 2 years ago | (#42424041)

If the FSF were more responsible about these things, they could register with Microsoft as a signing authority and have their key be one of the default signing keys embedded in hardware. Then we have asian manufacturers, Microsoft and FSF and everyone is going to trust one of them.

hail! (0)

Denihil (1208200) | about 2 years ago | (#42423483)

neckbeards, unite!

Steve Jobs had a neckbeard (1)

tuppe666 (904118) | about 2 years ago | (#42424009)

neckbeards, unite!

I like the way that ad hominem works better than rational discussion. The sad fact is I was watching an article a video about replacing Ballmer...and the main reason given was he wasn't telegenic (I had to look it up). Have we really reached a stage where what we look like is more important than what we are. I do think you would benefit a little more if you looked at he issues in hand.

What about severs and web hosts / ECT (3, Interesting)

Joe_Dragon (2206452) | about 2 years ago | (#42423501)

What about severs and web hosts / ECT.

Windows 7 UEFI secure boot??? enterprise use is way to big for that to get locked out.

Where is HP and DELL in this???

Supermicro??

Tyan??

Linux in Medical Devices (do really want MS windows to be the only choice there??)

http://blogs.windriver.com/medical/2011/11/using-linux-in-medical-devices-what-developers-and-manufacturers-need-to-know.html [windriver.com]

pseudo synchronicity whilst reading (0)

Anonymous Coward | about 2 years ago | (#42423521)

Don't work towards freedom, but allow the work itself to be freedom.

- Dogen Roshi

Bread buttered (5, Insightful)

EmperorOfCanada (1332175) | about 2 years ago | (#42423531)

Desktop motherboard manufacturers know that in the past and in the present that following the dictates of Microsoft is how to survive. But those days are mostly over. I doubt any of the MB manufacturers are going to stand up and fart in Microsoft's face and say NO. But I suspect they know the trend is moving away from Microsoft and with the Linux noises that companies like Valve are making that Microsoft will only get weaker. Thus they will probably pretend to put UEFI onto the motherboard but make it really really easy for anyone with the capability to install linux to turn it off. So I suspect that the motherboards will soon come with UEFI enabled by default (maybe) but that you can either go into the bios and turn it off or short a jumper.

Other options would be to leave a weakness in the system so that it is easily hacked and thus bypassed; this way they can meet the letter of Microsoft's law but not at all the spirit. And of course they don't need to make a hole, they know people will find a hole and they won't bother patching it. But I just don't see the manufacturers coming out and directly attracting Microsoft's rage. Plus companies know that all kinds of businesses will want to put a whole range of products on their systems from oddballs like DOS with many wanting XP, Vista, and Windows 7. It wasn't that long ago that I saw an ATM running OS/2. I suspect the guts of the ATM were newish.

But in the near term Microsoft is going to ask "Who farted?" and the various manufacturers are going to pretend that they didn't.

All that said, Microsoft's worst nightmare would be for a company to start releasing Motherboards/Machines with UEFI disabled as a feature and telling the world that smart discerning high-end customers buy systems without UEFI and that the drones buy what the suits at Microsoft tell them. What microsoft seems to forget that while computer nerds running things like Linux are not a significant market share in and of themselves they are who guides, or outright chooses what systems get picked. Minimally how many slashdoter's are involved by their families when they are picking machines. Without starting a religious war about my personal tastes I can say that when people around me are buying a system I give them a fairly narrow range of choices that if they stray from I won't take their "urgent" calls at 10pm when things are going wrong a month later. "Oh your poorly designed laptop that sucks cooling air in only from the bottom overheated when sitting on the sofa and now you need your data pulled from its carcass? How about no." So while people like us probably only represent 1% of the market we probably influence 30+% of the market. So if we don't like UEFI the manufacturers will soon find that we have a bigger vote than simplistic market surveys might otherwise suggest. So even if they totally cave to MS I suspect cracks will appear fairly quickly.

windows 8 stink as well hurts ms a 7 boot loader (1)

Joe_Dragon (2206452) | about 2 years ago | (#42423603)

windows 8 stink as well hurts ms a 7 boot loader will help alot of this may be DOA as it will be a hard sell with a MB that can only boot windows 8

Re:Bread buttered (1)

Kjella (173770) | about 2 years ago | (#42423727)

Desktop motherboard manufacturers know that in the past and in the present that following the dictates of Microsoft is how to survive. But those days are mostly over. I doubt any of the MB manufacturers are going to stand up and fart in Microsoft's face and say NO. But I suspect they know the trend is moving away from Microsoft and with the Linux noises that companies like Valve are making that Microsoft will only get weaker. Thus they will probably pretend to put UEFI onto the motherboard but make it really really easy for anyone with the capability to install linux to turn it off.

Whether Microsoft is experiencing competition from Macs or iPads or Android tablets doesn't matter, the only thing is how many repurpose a machine that came with Windows installed. That market share is still 1% and more importantly the motherboard manufacturers don't care - they got their sale back when it had Windows on it. Hell if Linux fans have to buy a different motherboard to run Linux on it, they get double sales.

Plus companies know that all kinds of businesses will want to put a whole range of products on their systems from oddballs like DOS with many wanting XP, Vista, and Windows 7.

And Microsoft will, if they're kind, sign MS-DOS, XP, Vista, Windows 7 and anything else Microsoft has made just not DR-DOS, OS/2, BSD or Linux.

All that said, Microsoft's worst nightmare would be for a company to start releasing Motherboards/Machines with UEFI disabled as a feature and telling the world that smart discerning high-end customers buy systems without UEFI and that the drones buy what the suits at Microsoft tell them.

Yeah, because getting on Microsoft's shit list so they get trouble getting validated for the next Windows version and lose all their big OEM contracts is so going to help business. Nobody's going to do that for a number of reasons.

Re:Bread buttered (0)

NicknamesAreStupid (1040118) | about 2 years ago | (#42423753)

This is the end of the motherboard era. LIke Mainframes (that are doing well, BTW), the motherboard has seen its heyday. Intel is de-emphasizing them in favor of processors for mobile, and AMD is looking pretty sad, see http://www.techradar.com/news/upgrades/graphics-cards/motherboards/computing-components/processors/computing/pc/why-the-pc-of-2020-could-be-bad-news-for-modders-1117302 [techradar.com]

As a desktop guy from way back (my 1st was a H89 that I built myself), I find this news to be depressing. However, the handwriting is on the wall. Once the volumes of desktops drop, the motherboard will become the exotic anomaly and hardware hacking will be the domain of the Raspberry PI generation.

Re:Bread buttered (1)

Joe_Dragon (2206452) | about 2 years ago | (#42423965)

what about SBC cpu / chipset cards with a backplan / MB with all the pci-e slots on them.

Secure Boot is just a waste and fixes no problem. (5, Interesting)

VortexCortex (1117377) | about 2 years ago | (#42423541)

Let's put on our thinking caps folks. Return Oriented Programing is an exploit engineering technique that uses the existing signed and/or encrypted code to create the exploit code. That means Secure Boot is defenseless to stop this type of exploit. If the application or OS code has mistakes in it then a function pointer on the stack, or in the heap (read/write memory) can be overwritten and be used by exploits via return oriented programming, and SecureBoot won't help one bit -- The code that's running is signed and/or encrypted. So if the Application or OS code isn't secure (which it won't be) then SecureBoot is pointless. What that? It won't be able to infect a boot sector? Well, if you've got malicious code running on your system then there exists an exploit vector that cane simply be re-exploited next time you boot up. See? Pointless.

Ah, but what if the Application and OS code could be written to be secure against stack smashing and undesired code pointer manipulations? Well then, there wouldn't be any exploit vectors that you needed SecureBoot to protect you against. See? Pointless.

Well, I say "Pointless", but what I mean is useless from an end user perspective. I don't mean to gloss over the only real use SecureBoot has: To prevent you from installing your own OSs and Applications, and having control over your own computers.

Re:Secure Boot is just a waste and fixes no proble (1)

Bengie (1121981) | about 2 years ago | (#42423949)

So if the Application or OS code isn't secure (which it won't be) then SecureBoot is pointless.

SecureBoot is about booting securely, anything after the boot is up to the OS to handle.

I hear the OS/Apps can be by exploited, so no point in using a firewall.

SecureBoot can protect you against against physical access.

I am not saying SecureBoot is the best implementation, but the basic idea of it is good. We need some form of DRM system that the user can manage to protect their system from physical access or general boot exploits.

White House Petition thing (1)

karit (681682) | about 2 years ago | (#42423551)

Any American's thought of starting a thing on the White House Petition thing? Get 25k American's and Obama has to comment on it. Would have thought that would be a cheap easy way to raise some awareness on the topic.

Re:White House Petition thing (1)

Joe_Dragon (2206452) | about 2 years ago | (#42423611)

Obama says I am not a tech guy and free markets are good.

$50 Minimum Donation (1)

nuckfuts (690967) | about 2 years ago | (#42423571)

I'm supportive of this campaign, but I'm turned off by their $50.00 USD minimum for individual donations. I don't have a lot of spare income, but will often donate $5 or $10 to what I think is a good cause. I've always assumed that if enough people do likewise, my small contribution will add up to something significant.

The only reason I can think of to justify a minimum contribution amount would be if they are issuing receipts for tax deductions and there is some cost involved in doing so. Even if that case, however, they could simply have a statement that says tax receipts won't be issued for donations below a certain amount.

Re:$50 Minimum Donation (0, Flamebait)

Osgeld (1900440) | about 2 years ago | (#42423697)

I see this often with FSF shenanigans, they hype something up to get the freetards all bent out of shape, and when the froth is at its peak they start hitting up the donations. Not even sure what good they actually do other than making noise and collecting money.

Cut and Dried (2, Insightful)

tuppe666 (904118) | about 2 years ago | (#42423983)

freetards

I know adding "tard" to the end of thinks magically makes you cleverer than they are. It doesn't

But I love the irony of you defending Microsoft an abusive multiple offending monopolist, a nasty company by every measure, has shenanigans, by recent favourite by this awful awful company is to hirer Mark Penn who unlike you is a professional shit slinger, who has has a department to match “strategic and special projects” http://www.nytimes.com/2012/12/15/technology/microsoft-battles-google-by-hiring-political-brawler-mark-penn.html?_r=0 [nytimes.com] what a nice man

Re:Cut and Dried (0)

Osgeld (1900440) | about 2 years ago | (#42424023)

posting a inflammatory rant off topic doesnt make you look any smarter. I am not defending microsoft, I just happen to notice every time FSF gets worked up there's always a required "donation".

How you magically tie this in to being a YAY GO MS post is beyond me, and your ongoing blather about some nytimes writer is pointless in context

Re:$50 Minimum Donation (2)

enrevanche (953125) | about 2 years ago | (#42423937)

The article is wrong. I went through the links in the article and donated $10 without a problem.

I know what will help RMS (1)

professional_troll (1178701) | about 2 years ago | (#42423573)

Cunt flaps. Seriously that guy needs to get laid... BIG TIME. But he is more likely to hit on 6 year olds than women his own age.

I have no problem with UEFI as long as.... (2)

mark-t (151149) | about 2 years ago | (#42423579)

... it is possible for the owner to disable it.. I have no problem with this being accomplished either in BIOS settings or even if it requires placing a pin jumper on the motherboard.

As for OS's that won't run with UEFI disabled. I have no use for them.

Re:I have no problem with UEFI as long as.... (1)

luther349 (645380) | about 2 years ago | (#42423647)

thats supposed to be the rule with uefi is there has to be some sort of disable so Microsoft responds to that if you do disable it windows 8 does not run.

Re:I have no problem with UEFI as long as.... (4, Informative)

EdZ (755139) | about 2 years ago | (#42423823)

Bullshit.
1) Windows 8 runs perfectly fine without Secure Boot
2) For a manufacturer to provide a computer with Windows 8 pre-installed, or to label their product as compatible with Windows 8, they MUST allow end-user modification of the bootloader keys. If they don't, then no Windows 8 for them, as per MS' own hard certification requirements.

Tit for tat (1)

freeasinrealale (928218) | about 2 years ago | (#42423595)

So can FSF design/modify UEFI/Secure Boot that locks out proprietary (non-free) software?

Re:Tit for tat (1)

dns_server (696283) | about 2 years ago | (#42423813)

The user is able to edit the keys database on x86 based and not arm based uefi implementations.
You can put the microsoft keys on a black list if you want and it will not boot.

Re:Tit for tat (0)

Anonymous Coward | about 2 years ago | (#42423959)

They already have. What do you think Viral licensing is about?

UEFI (0)

hackus (159037) | about 2 years ago | (#42423627)

UEFI doesn't solve any sort of security problem, and like a lot of solutions it is so obvious it was done to secure Microsoft's monopoly you have to be a moron to not see it.

BIOS based systems are fine, and they have been fine for a long time. What we need, is an OpenBIOS, adopted industry wide, not UEFI.

UEFI is crap.

-Hack

Anyone remember AgainstTCPA.com (0)

Anonymous Coward | about 2 years ago | (#42423633)

This is TCPA Round Two

Double standards? (-1)

Computershack (1143409) | about 2 years ago | (#42423637)

Linux OSes promote themselves on their security but they're against one of the things that is designed to circumvent stuff like infected bootloaders because they'll have to do a little bit of additional certifying of their OS bootloader?

Wow, 41,000 signatures! (0)

Anonymous Coward | about 2 years ago | (#42423663)

1,000,000 signatures would be 1/3 of 1% of the US population, if the US population was only 300 million.
500,000 would be 1/6 of 1%.
We'll continue being generous and assume this 41,000 is in fact 50,000, so it's 1/10th of 1/6th of 1% of my very generously underestimated US population model.

To put it another way: Nobody cares.
41,000 isn't even a small drop in the bucked.

The reality is that people can go out and buy a PC and install Linux on it with no problems - so why should they care?

41,000 signatures! (1)

tuppe666 (904118) | about 2 years ago | (#42423925)

41,000 isn't even a small drop in the bucked

Lets compare it so something more tangible and relevant, where are the 41,000 requesting this feature...with this particular solution?

SecureBoot is a great idea (2, Insightful)

Anonymous Coward | about 2 years ago | (#42423685)

I support FSF in most things, but this is an important feature.

Rootkits are a very real problem, and SecureBoot is a good step towards eliminating them.

As long as there is some way for the user to disable it, I'm happy. Although it could be a bit tricky to achieve that without breaking the security model. Perhaps a hardware switch that can only be accessed by removing a few screws from the case...

Where Was the FSF a Year Ago (0)

Anonymous Coward | about 2 years ago | (#42423837)

Aren't they a little late to the party?

We, the FSF, like Secure Boot (5, Interesting)

gnujoshua (540710) | about 2 years ago | (#42423877)

This post is a little misleading. We think Secure Boot is OK [fsf.org] so long as computer makers implement it in a way that it still allows a user to control his or her own computer. What we don't want computer makers to do is implement UEFI in such a way that a user is unable to sign their own software (e.g. bootloader) AND they are unable to turn Secure Boot off -- we call such an implementation Restricted Boot (because we want to emphasize that it instead of providing security, it exists to restrict a user from controlling his or her own device). We hope that computer makers will choose to implement UEFI in a way that truly does provide security and control, and many are implementing Secure Boot in this way.

Joshua Gay
Licensing & Compliance Manager
Free Software Foundation

Re:We, the FSF, like Secure Boot (0)

Anonymous Coward | about 2 years ago | (#42424035)

You mean like MS requires they do as part of the certification process? Fancy that... a fund raiser to support the status quo.

Re:We, the FSF, like Secure Boot (-1)

Anonymous Coward | about 2 years ago | (#42424051)

Lol your name is gay.

the strength is where (2)

nimbius (983462) | about 2 years ago | (#42423897)

it always has been: in the community.
when they kicked around ACPI as a standard that intentionally didnt 'just work' on linux, we made it work.
when dvd was a big-two game, the community came together again and made that work as well
when windows mandated the wholly superfluous 'windows' key we simply coopted it to our own desires. Awesomewm, for example.
absolutely tireless effort was spent making sure every iteration of broken windows continued to be supported as a dual-boot option in Grub.

We engineered solutions for their docs, excels, and even the very programs that ran only on windows in the form of Wine.
secure boot could come, and against it will stand a threat that microsoft has consistently underestimated: Hackers. We cannot be lobbied against, or coded around. there is no NDA we recognize or understand. Im not saying UEFI shouldnt be stopped, just that if and when it comes, we have been ready since the dawn of the kernel to make it do what we want it to do.

and in other news... (0)

slew (2918) | about 2 years ago | (#42423919)

Spammers start a petition against DomainKeys to stand up for their freedom to spam.
Programmers start a petition against CheckStyle to stand up for their freedom to format as they please.
Anonymous starts a petition against virus checkers to stand up for their freedom to infiltrate systems.
Drivers start a petition against radar/laser guns to stand up for their freedom to travel at whatever velocity they want.
Drunks start a petition against breathalizers to stand up for their freedom to get a buzz.
Students start a petition against grades to stand up for their freedom to learn what they want to learn.
Citizens start a petition against taxes to stand up for their freedom to keep what they earn.

All these things like SecureBoot are tools. Sometimes they are useful. Making them mandatory may cause problems, but their mere existance isn't necessarily something to protest. In fact, I believe Microsoft HW certification requires x86 system to ship with the ability for the user to disable SecureBoot UEFI. Only in WinRT is secure boot required. The common rational for this dichotomy is that the WinRT ecosystem is more like a cell-phone captive tablet consumer product where it is not common for users to be able to install their own software as the HW is often captive or subsidized.

Economic Disobedience. (1)

Detritusher (1031752) | about 2 years ago | (#42423927)

I suggest just keep purchasing motherboards from your favorite vendor and returning any which have this defective by design UEFI feature.

Re:Economic Disobedience. (1, Insightful)

Osgeld (1900440) | about 2 years ago | (#42424011)

or here's an idea, just dont buy them if your that worried about it

a thousand people buy UEFI motherboards and return them you just made the company think they sold 1000 UEFI when they look at the short term numbers... later on when they look at the returns it can be spun away with "well we did a driver or firmware update, see returns are down! the product is a sucess and quality is rising"

if you are so against this why in the hell would you give a company two +1 gold stars to sell?

geez, you can protest, but dont start by shooting your foot!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?