Linux Format forums

Nuke · Posted: Sat Aug 18, 2012 4:52 pm Post subject: Complacency over SecureBoot

In LXF162, Mayank Sharma's article, the penultimate Q-A says "there is no standard way of disabling SecureBoot" but Microsoft has "allowed OEMs to implement customised mechanisms for disabling the feature" (jolly decent of them, although not in ARM machines).

So if someone wants to install Linux on the Windows PC they bought from Currys etc (like most of us start), they must first clear the hurdle of finding out how to do it. Enough to put many off curiously trying a live Linux CD - something MS hate people doing because they might like it.

But disabling it might not even be possible. The PC builder is allowed but not required to offer a way to disable it and I suspect that most will not bother to do so. Even if it is possible to disable SecureBoot they will probably not bother to document it. The days of getting decent documentation with PCs (or any gadget) these days have long gone, other than shedloads of safety warnings and green hectoring. As long as Windows runs, the PC maker will regard it as job done. The only exceptions will be PCs made to order, such as for server farms, and home-built.

Then in the final Q-A he says "no one is arguing against the SecureBoot mecahnism". Wrong. I am, and looking at internet debates I am not alone (despite my sig, LoL), because I realise that it can and will be abused by a monopolist like MS. In a nutshell, this is part of an ongoing effort to turn PCs into appliances anchored to shopping, social media and paid entertainment - through narrow and controlled channels.
_________________
Unsolved Mysteries of the Universe No 8 :-
Why did they do away with sinks with integral splashbacks?

wyliecoyoteuk · Posted: Sat Aug 18, 2012 5:36 pm Post subject:

Actually, the MS spec requires that it must be possible to disable it on x86 ( and a sceptic would probably say that is so that win7 or XP can be installed) but not possible on ARM.

Whether this will change with windows9 is another matter.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************

Nuke · Posted: Sat Aug 18, 2012 7:41 pm Post subject:

bobthebob1234 · Posted: Sat Aug 18, 2012 7:45 pm Post subject:

I seem to remember MS got a **** over IE and other things not so long ago, so if you can't turn off secure booting I wouldn't be surprised if (in the EU at least) they had to come up with a thing on boot asking if you really want to use windows, or would you rather use a free alternative Very Happy

Or maybe I am in the land of the fairies again... Rolling Eyes

_________________
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was

Dutch_Master · LXF regular Joined: Tue Mar 27, 2007 2:49 am Posts: 2353

IMO M$ will have another battle with the EU regulators on their hands if they stick to preventing anyone with an ARM based device to install anything other then win-8... But it seems Redmond is taking their chances once again... Rolling Eyes

johnhudson · LXF regular Joined: Wed Aug 03, 2005 2:37 pm Posts: 767

In principle secure boot is a good thing; the immediate problem is the way MS proposes to implement it.

But since the article was written both Fedora and now SUSE have come up with ways of dealing with it and Fedora agrees that the SUSE approach - which builds on Fedora's initial approach - is an elegant solution.

http://www.h-online.com/security/news/item/SUSE-details-its-Secure-Boot-plans-1664699.html

Since it is now clear that it is perfectly feasible to install a distro on a chromebook, the issue of needing to buy Windows computers to get cheap hardware may have gone away.

Nuke · Posted: Sun Aug 19, 2012 12:18 am Post subject:

wyliecoyoteuk · Posted: Sun Aug 19, 2012 11:05 am Post subject:

It will get be fairly easy to disable it, a click in the UEFI BIOS screen.
No more difficult than enabling CD booting, which is also often required to install an alternative OS.
Otherwise it would be impossible to install earlier versions of windows, so self-serving for MS.One question is whether win8 will still boot with it disabled
They have no such reasons on ARM.
Apple do the same, but they manufacture the hardware, whereas MS will not be fairly(at least not most of it) .
It will be interesting to see if the anti-trust watchdogs allow it.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************

geekybodhi · Joined: Thu Apr 19, 2012 1:40 pm Posts: 4

I am the humble deliverer of the news. To paraphrase the wise Huggy: I just lay it out for y'all to play it out.

Mr. Flibble · Posted: Sat Aug 25, 2012 2:17 am Post subject:

Rather than arseing aroung trying to disable it, I will simply look for machines that dont have it...and the manufacturers with monopoly boot enabled will be told why.

Even if I have to import one.

It may be the case that OEMs sell UEFI enabled machines with windows but also offer machines without it, with Linux pre-installed (the lazy Ubuntu option, no doubt).

These may sell for less than the windows version which just may persuade people to go for the linux version..especially if they are told they can install other OSs on the free one rather than the locked one.

wyliecoyoteuk · Posted: Sat Aug 25, 2012 9:45 pm Post subject:

UEFI (and almost certainly secure boot) will eventually be available on all motherboards.
UEFI is the replacement for the antiquated BIOS system.
I would be surprised if any manufacturer continues to make BIOS motherboards for much longer.

I already have 2 UEFI PCs (without secure boot) Neither are particularly cutting edge. Both run Ubuntu.
At work we have several that run RedHat, FreeNAS and Ubuntu server.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************

Fíona · Posted: Fri Aug 31, 2012 3:03 pm Post subject:

I too am concerned by attempts by M$ prevent me choosing which distro I choose to use on my hardware. I am also not holding my breath waiting to see if the EU will protect my right to choose, after all, secure boot only on ARM is already the case and I haven't heard much in the way of dissent from Brussels.
I wanted to buy a new laptop so decided to get one before the launch of win8 next month.
I live in the Netherlands and cannot afford to wait on linux loaded hardware, it never seems to be available here, M$ is perhaps too powerful here.

wyliecoyoteuk · Posted: Fri Aug 31, 2012 8:13 pm Post subject:

ARM Win8, iOS, and Android are all designed to be run on a tailored OS for a particular device, which it is sold with.
They are all mobile OSes.
Did anyone ever try to replace Symbian or WinCE OSes on embedded devices? In fact many of them are ROM based.
There have been custom ROMS for mobile devices, Palm, iPaqs, Sharp PDAs, and now smart phones.
iOS and Android devices can be "rooted", so I expect that there will be a way to do so on Win8 ARM, but really, why bother, just buy an Android device.
x86 devices will have secure boot, but it is mandated that it can be disabled if the user wishes.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************