<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div style="RIGHT: auto"><SPAN style="RIGHT: auto">OK, I read the article and the original slides (Should have done it before answering, even tonge in cheek. And you should too)</SPAN></div>
<div style="RIGHT: auto"><SPAN style="RIGHT: auto"></SPAN> </div>
<div style="RIGHT: auto"><SPAN style="RIGHT: auto">Let's stop the FUD</SPAN></div>
<div style="RIGHT: auto"><SPAN style="RIGHT: auto"></SPAN> </div><SPAN style="RIGHT: auto">
<DIV style="RIGHT: auto" class=entry>That Windows will require the Firmware and it's own software to be signed does not mean that it will force Linux to validate the certificate.<BR><BR>All it is saying is that MS Windows will validate that the firmware is valid and that all the code executed during the WINDOWS boot process is signed. It is not saying that the hardware will force linux to be signed, just that it should provide the facilities to check it.</DIV>
<DIV style="RIGHT: auto" class=entry> </DIV>
<DIV style="RIGHT: auto" class=entry>
<DIV style="RIGHT: auto" class=entry>It is clear that it "Does not require a TPM "</DIV>
<DIV style="RIGHT: auto" class=entry><BR style="RIGHT: auto">How did Garret got to this conclusion is not clear in the article. To me this is the conclusion from someone without enough sleep:</DIV></DIV>
<DIV style="RIGHT: auto" class=entry>"The upshot? Any device that ships with the manufacturer's keys and Microsoft's keys will not be able to boot a vanilla version of Linux"</DIV>
<DIV style="RIGHT: auto" class=entry> </DIV>
<DIV style="RIGHT: auto" class=entry>If you go to the UEFI site: (<A href="http://www.uefi.org/about/">http://www.uefi.org/about/</A>)</DIV>
<DIV style="RIGHT: auto" class=entry> </DIV>
<DIV style="RIGHT: auto" class=entry><SPAN style="WIDOWS: 2; TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; FONT: 12px/18px 'Helvetica Neue', Helvetica, Arial, Verdana, sans-serif; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(51,51,51); WORD-SPACING: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px" class=Apple-style-span>
<TABLE>
<TBODY>
<TR>
<TD style="LINE-HEIGHT: 1.5em; FONT-FAMILY: 'Helvetica Neue', Helvetica, Arial, Verdana, sans-serif"><B style="FONT-WEIGHT: 800">Q:</B></TD>
<TD style="LINE-HEIGHT: 1.5em; FONT-FAMILY: 'Helvetica Neue', Helvetica, Arial, Verdana, sans-serif"><B style="FONT-WEIGHT: 800">What is UEFI?</B></TD></TR>
<TR>
<TD style="LINE-HEIGHT: 1.5em; FONT-FAMILY: 'Helvetica Neue', Helvetica, Arial, Verdana, sans-serif">A:</TD>
<TD style="LINE-HEIGHT: 1.5em; FONT-FAMILY: 'Helvetica Neue', Helvetica, Arial, Verdana, sans-serif">UEFI (Unified Extensible Firmware Interface) will be a specification detailing an interface that helps hand off control of the system for the pre-boot environment (i.e.: after the system is powered on, but before the operating system starts) to an operating system, such as Windows* or Linux*. UEFI will provide a clean interface between operating systems and platform firmware at boot time, and will support an architecture-independent mechanism for initializing add-in cards.</TD></TR></TBODY></TABLE></SPAN></DIV>
<DIV style="RIGHT: auto" class=entry> </DIV>
<DIV style="RIGHT: auto" class=entry>And from Microsoft's own white paper:</DIV>
<DIV style="RIGHT: auto" class=entry>
<H2 style="MARGIN: 12pt 0in 4pt -0.5in; RIGHT: auto"><A style="RIGHT: auto" name=_Toc240688412><FONT color=#000000 size=4 face=Arial>Compatibility with Earlier BIOS</FONT></A></H2>
<div style="TEXT-INDENT: 0in; MARGIN: 0in 0in 4pt 0.25in; RIGHT: auto; mso-list: none" class=BulletList><FONT style="RIGHT: auto" face=Calibri>Almost all current UEFI implementations include a Compatibility Support Module (CSM) that emulates earlier BIOS. Therefore, systems with UEFI firmware can boot operating systems that are UEFI-aware and older operating systems that support only BIOS. This feature provides flexibility and compatibility for end users.</FONT></div></DIV>
<DIV style="RIGHT: auto" class=entry> </DIV>
<DIV style="RIGHT: auto" class=entry>Replacing BIOS? we know that there are Linux specific BIOS that improve the boot experience.</DIV>
<DIV style="RIGHT: auto" class=entry>Executing only signed code? Linux has been able to do that for a long time<BR><A href="http://www.ibm.com/developerworks/linux/tutorials/l-lockdown2/index.html" rel=nofollow target=_blank><FONT color=#005399>http://www.ibm.com/developerworks/linux/tutorials/l-lockdown2/index.html</FONT></A><BR><BR style="RIGHT: auto">So, what is the fuss? ignorance?<BR><BR>Of course MS will not comment, people are creating the FUD on MS favour without MS help. Why would they dispel it? </DIV><!-- /entry --></SPAN>
<DIV></DIV>
<DIV style="RIGHT: auto"> </DIV>
<DIV style="RIGHT: auto">And of course we are all free to go nuts with conspiration theories.</DIV>
<DIV style="RIGHT: auto"><VAR id=yui-ie-cursor></VAR> </DIV>
<div style="RIGHT: auto">Raul Suarez</div>
<DIV></DIV>
<div style="RIGHT: auto"> </div>
<DIV style="RIGHT: auto">Technology consultant<BR>Software, Hardware and Practices<BR>_________________<BR>Twitter: rarsamx<BR>http://rarsa.blogspot.com/ <BR>An eclectic collection of random thoughts<BR>
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt">
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt"><FONT size=2 face=Arial>
<DIV style="BORDER-BOTTOM: #ccc 1px solid; BORDER-LEFT: #ccc 1px solid; PADDING-BOTTOM: 0px; LINE-HEIGHT: 0; MARGIN: 5px 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; HEIGHT: 0px; FONT-SIZE: 0px; BORDER-TOP: #ccc 1px solid; BORDER-RIGHT: #ccc 1px solid; PADDING-TOP: 0px" class=hr contentEditable=false readonly="true"></DIV><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> L.D. Paniak <ldpaniak@fourpisolutions.com><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> KWLUG discussion <kwlug-disc@kwlug.org><BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Wednesday, September 21, 2011 5:34:57 PM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: [kwlug-disc] Windows 8 OEM specs may block Linux booting<BR></FONT><BR>I find it hard to believe that hardware vendors are going to want to get<BR>on the circus ride of locked bootloaders for the sake of the software<BR>people. There are more than a couple of vendors that
produce<BR>motherboards which can be used for both Windows desktops/servers and<BR>not-uncommon Linux servers. Now they will have to keep two SKUs for<BR>every motherboard that might possibly run Windows 8?<BR><BR>While it is a nice (over-)security measure, there are people who have<BR>seen the folly of it and are turning away from such silliness. Exhibit<BR>A: HTC on their smartphones.<BR><BR>Sounds like pure genius from Redmond on how to make life difficult for<BR>customers and hardware suppliers. They are just dreaming that they are<BR>Apple and have control over the whole ecosystem.<BR><BR><BR>On Wed, 2011-09-21 at 16:48 -0400, Eric Gerlach wrote:<BR>> However, they may also want to continue to support Windows 7, which<BR>> won't be signed either.<BR>> <BR>> This won't be an instant Linux-killer.<BR>> <BR>> Cheers,<BR>> <BR>> On Wed, Sep 21, 2011 at 11:38 AM, L.D. Paniak<BR>> <<A
href="mailto:ldpaniak@fourpisolutions.com" ymailto="mailto:ldpaniak@fourpisolutions.com">ldpaniak@fourpisolutions.com</A>> wrote:<BR>> ><BR>> > Apparently we may have to worry about breaking the digital locks on our PCs' boot systems before long...<BR>> ><BR>> > <A href="http://www.itworld.com/it-managementstrategy/205255/windows-8-oem-specs-may-block-linux-booting" target=_blank>http://www.itworld.com/it-managementstrategy/205255/windows-8-oem-specs-may-block-linux-booting</A><BR>> ><BR>> ><BR>> > _______________________________________________<BR>> > kwlug-disc mailing list<BR>> > <A href="mailto:kwlug-disc@kwlug.org" ymailto="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</A><BR>> > <A href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" target=_blank>http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</A><BR>> ><BR>> ><BR>> <BR>>
_______________________________________________<BR>> kwlug-disc mailing list<BR>> <A href="mailto:kwlug-disc@kwlug.org" ymailto="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</A><BR>> <A href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" target=_blank>http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</A><BR><BR><BR>_______________________________________________<BR>kwlug-disc mailing list<BR><A href="mailto:kwlug-disc@kwlug.org" ymailto="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</A><BR><A href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" target=_blank>http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</A><BR><BR><BR></DIV></DIV></DIV></div></body></html>