[kwlug-disc] Windows 8 OEM specs may block Linux booting

L.D. Paniak ldpaniak at fourpisolutions.com
Sat Sep 24 11:04:59 EDT 2011


Here is a de-FUD-ded version of the Windows 8 boot system from MS
themselves:

http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx

Bottom line:  Windows 8 won't work without secure boot enabled. And
secure boot will not let anything else boot unless UEFI has a
certificate for it. The question of dealing with other OSes (disable
option, user management of boot certs, ??) is left to the motherboard
vendors.

It is a very nice play by Redmond. They can attempt to patch the
vulnerabilities  of their poor security architecture *and* make it more
difficult for PCs to run alternative operating systems at the same time.
All the while leaving the motherboard vendors holding the bag.

The good news is that (almost) the entire installed base of PC hardware
will not be qualified to run Windows 8.  

We should have a pool on how long it takes for this system to be hacked
and turned into yet another Windows vulnerability.


On Fri, 2011-09-23 at 14:22 -0400, Paul Nijjar wrote:
> On Fri, Sep 23, 2011 at 01:58:01PM -0400, Eric Gerlach wrote:
> > On Wed, Sep 21, 2011 at 9:26 PM, unsolicited <unsolicited at swiz.ca> wrote:
> > 
> > Confirmed.  Microsoft is requiring the presence of Secure Boot, and
> > that is enabled by default, but a "disable" switch is up to the OEM.
> > 
> > The enterprise will want Windows XP/Vista/7 support.  Therefore the
> > OEMs will have disable switches.  Problem solved.
> > 
> > http://www.omgubuntu.co.uk/2011/09/microsoft-attempt-address-windows-8-linux-worries/
> > 
> 
> I disagree with your second point. In my experience HP/Compaq has few
> compunctions with locking users out of functionality (e.g. disabling
> VTx extensions in the BIOS and not permitting them to be re-enabled). 
> The invisible hand is supposed to slap such vendors, but the Desktop
> Linux hand is sufficiently wimpy that this is unlikely. 
> 
> Once Windows 9 rolls around there will be few reasons to allow Windows
> 7 on new machines that are sold, which reduces incentive even more. 
> 
> Enterprises purchasing new hardware rarely want to support old
> operating systems, especially when drivers for those new machines are
> not supported by the OEM. 
> 
> At the very least this creates yet another roadblock for non-geeky
> users to put Linux on their machines, because the Secure Boot will be
> enabled by default. 
> 
> -Paul
> 
> --
> All-candidates meetings:
> http://www.wonderfulwaterloo.com/calendar.php?c=13&do=displaymonth
> 
> http://pnijjar.freeshell.org 
> 
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20110924/5b94d0d0/attachment.bin>


More information about the kwlug-disc mailing list