[kwlug-disc] Windows 8 OEM specs may block Linux booting

Raul Suarez rarsa at yahoo.com
Wed Sep 21 18:15:06 EDT 2011


OK, I read the article and the original slides (Should have done it before answering, even tonge in cheek. And you should too)
 
Let's stop the FUD
 That Windows will require the Firmware and it's own software to be signed does not mean that it will force Linux to validate the certificate.

All it is saying is that MS Windows will validate that the firmware is valid and that all the code executed during the WINDOWS boot process is signed. It is not saying that the hardware will force linux to be signed, just that it should provide the facilities to check it.

It is clear that it "Does not require a TPM "

How did Garret got to this conclusion is not clear in the article. To me this is the conclusion from someone without enough sleep:
"The upshot? Any device that ships with the manufacturer's keys and Microsoft's keys will not be able to boot a vanilla version of Linux"

If you go to the UEFI site: (http://www.uefi.org/about/)

Q: What is UEFI? 
A: UEFI (Unified Extensible Firmware Interface) will be a specification detailing an interface that helps hand off control of the system for the pre-boot environment (i.e.: after the system is powered on, but before the operating system starts) to an operating system, such as Windows* or Linux*. UEFI will provide a clean interface between operating systems and platform firmware at boot time, and will support an architecture-independent mechanism for initializing add-in cards. 

And from Microsoft's own white paper:
Compatibility with Earlier BIOS
Almost all current UEFI implementations include a Compatibility Support Module (CSM) that emulates earlier BIOS. Therefore, systems with UEFI firmware can boot operating systems that are UEFI-aware and older operating systems that support only BIOS. This feature provides flexibility and compatibility for end users.

Replacing BIOS? we know that there are Linux specific BIOS that improve the boot experience.
Executing only signed code? Linux has been able to do that for a long time
http://www.ibm.com/developerworks/linux/tutorials/l-lockdown2/index.html

So, what is the fuss? ignorance?

Of course MS will not comment, people are creating the FUD on MS favour without MS help. Why would they dispel it? 

And of course we are all free to go nuts with conspiration theories.
 
Raul Suarez
 
Technology consultant
Software, Hardware and Practices
_________________
Twitter: rarsamx
http://rarsa.blogspot.com/ 
An eclectic collection of random thoughts

From: L.D. Paniak <ldpaniak at fourpisolutions.com>
To: KWLUG discussion <kwlug-disc at kwlug.org>
Sent: Wednesday, September 21, 2011 5:34:57 PM
Subject: Re: [kwlug-disc] Windows 8 OEM specs may block Linux booting

I find it hard to believe that hardware vendors are going to want to get
on the circus ride of locked bootloaders for the sake of the software
people.  There are more than a couple of vendors that produce
motherboards which can be used for both Windows desktops/servers and
not-uncommon Linux servers.  Now they will have to keep two SKUs for
every motherboard that might possibly run Windows 8?

While it is a nice (over-)security measure, there are people who have
seen the folly of it and are turning away from such silliness.  Exhibit
A:  HTC on their smartphones.

Sounds like pure genius from Redmond on how to make life difficult for
customers and hardware suppliers.  They are just dreaming that they are
Apple and have control over the whole ecosystem.


On Wed, 2011-09-21 at 16:48 -0400, Eric Gerlach wrote:
> However, they may also want to continue to support Windows 7, which
> won't be signed either.
> 
> This won't be an instant Linux-killer.
> 
> Cheers,
> 
> On Wed, Sep 21, 2011 at 11:38 AM, L.D. Paniak
> <ldpaniak at fourpisolutions.com> wrote:
> >
> > Apparently we may have to worry about breaking the digital locks on our PCs' boot systems before long...
> >
> > http://www.itworld.com/it-managementstrategy/205255/windows-8-oem-specs-may-block-linux-booting
> >
> >
> > _______________________________________________
> > kwlug-disc mailing list
> > kwlug-disc at kwlug.org
> > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >
> >
> 
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org


_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20110921/5a93e29d/attachment-0001.html>


More information about the kwlug-disc mailing list