Microshaft's latest wheeze.

Discussion in 'DIY Computers' started by recursor, Dec 21, 2011.

  1. recursor

    recursor Guest

    1. Advertisements

  2. recursor

    Henry Law Guest

    Henry Law, Dec 21, 2011
    #2
    1. Advertisements

  3. recursor

    recursor Guest

    On 12/21/2011 09:59 PM, Henry Law wrote:
    > On 21/12/11 21:38, recursor wrote:
    >> http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm
    >>

    >
    > Can they do that? What's Anti-Trust about then? I worked for IBM, way
    > back when, and the US DoJ was all over us, telling us what we could and
    > couldn't do.
    >

    I suppose they'll try and sidestep the anti-trust issue by claiming the
    security issue overrides it.

    Microsoft Principal Lead Program Manager Arie van der Hoeven said that
    "the decision to force UEFI use was based on security; the company hopes
    to reduce the likelihood of bootkits, rootkits and ransomware."

    Which is a joke as just today *yet* another Windows buffer overflow
    vulnerability was discovered and the Windows file system is a classic
    example of 'insecure by design'. Blaming it all on Linux and introducing
    UEFI is probably M$'s last shot at keeping their dominant position in
    the OS market in the face of increasingly competitive products from
    Apple and the Linux distro firms.
     
    recursor, Dec 21, 2011
    #3
  4. recursor

    DerekW Guest

    --

    Can they do that? What's Anti-Trust about then? I worked for IBM, way
    > back when, and the US DoJ was all over us, telling us what we could and
    > couldn't do.
    >
    > --
    >
    > Henry Law Manchester, England


    No they cannot in Europe that type of exclusion is anti competitive which is
    actually mentioned.

    Derek W














    www.classicrockradio.eu online, on message your choice of Rock and Roll
    free, on your computer
    https://www.facebook.com/pages/Classic-Rock-Radio/255706175490
    "Henry Law" <> wrote in message
    news:...
    > On 21/12/11 21:38, recursor wrote:
    >> http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm

    >
    >
     
    DerekW, Dec 21, 2011
    #4
  5. Mike Tomlinson, Dec 22, 2011
    #5
  6. recursor

    recursor Guest

    recursor, Dec 22, 2011
    #6
  7. On Thu, 22 Dec 2011 09:33:23 +0000, recursor <>
    wrote:

    >On 12/22/2011 06:20 AM, Mike Tomlinson wrote:
    >> En el artículo<>, Henry
    >> Law<> escribió:
    >>
    >>> On 21/12/11 21:38, recursor wrote:
    >>>> http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm

    >>
    >> Old news.
    >>

    >Thanks for that valuable contribution, can you point me to the thread
    >where it was discussed before in this group?


    It hasn't, but it's just ZDnet raking up a bit of nonsense for page
    hits from the outraged.

    There have been previous scares about this sort of thing - BIOS locks,
    the Trusted Platform Module, Intel Macs (as mentioned upthread) - and
    they've all turned out to be no trouble at all to anyone.

    Cheers - Jaimie
    --
    "Phnglui mgwlnafthth Cthulhu rlyey wghnagl fthagn." "In his flat in Bromley,
    drunk Cthulhu waits knitting? I think a few subtle typos may have crept into
    into that one." "That explains why this shoggoth I summoned is only 3mm tall."
    -- Peter da Silva and Peter Gutmann, asr
     
    Jaimie Vandenbergh, Dec 22, 2011
    #7
  8. recursor

    Chronos Guest

    Jaimie Vandenbergh wrote:

    > It hasn't, but it's just ZDnet raking up a bit of nonsense for page
    > hits from the outraged.
    >
    > There have been previous scares about this sort of thing - BIOS
    > locks, the Trusted Platform Module, Intel Macs (as mentioned
    > upthread) - and they've all turned out to be no trouble at all to
    > anyone.


    IIRC we touched on it back in September when Mike mentioned it, BICBW
    or on the wrong group. The expectation was either Award/American
    Megatrends will implement a switch (most likely) in the firmware or
    Coreboot will become pretty important.

    OEMs will be more likely to lock their firmware to the OS as this
    enforces new Windows == new sale but this is uk.comp.homebuilt so the
    point is moot. Lappies may become a little difficult to spec but I've
    always seen a niche for barebones portables so it may work to our
    advantage.
    --
    Chronos
     
    Chronos, Dec 22, 2011
    #8
  9. recursor

    recursor Guest

    On 12/22/2011 09:56 AM, Jaimie Vandenbergh wrote:
    > On Thu, 22 Dec 2011 09:33:23 +0000, recursor<>
    > wrote:
    >
    >> On 12/22/2011 06:20 AM, Mike Tomlinson wrote:
    >>> En el artículo<>, Henry
    >>> Law<> escribió:
    >>>
    >>>> On 21/12/11 21:38, recursor wrote:
    >>>>> http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm
    >>>
    >>> Old news.
    >>>

    >> Thanks for that valuable contribution, can you point me to the thread
    >> where it was discussed before in this group?

    >
    > It hasn't, but it's just ZDnet raking up a bit of nonsense for page
    > hits from the outraged.
    >
    > There have been previous scares about this sort of thing - BIOS locks,
    > the Trusted Platform Module, Intel Macs (as mentioned upthread) - and
    > they've all turned out to be no trouble at all to anyone.
    >

    So are you saying that UEFI won't ever be used to lock out other OS's on
    a machine that has it?
     
    recursor, Dec 22, 2011
    #9
  10. On Thu, 22 Dec 2011 10:08:08 +0000, recursor <>
    wrote:

    >On 12/22/2011 09:56 AM, Jaimie Vandenbergh wrote:
    >> On Thu, 22 Dec 2011 09:33:23 +0000, recursor<>
    >> wrote:
    >>
    >>> On 12/22/2011 06:20 AM, Mike Tomlinson wrote:
    >>>> En el artículo<>, Henry
    >>>> Law<> escribió:
    >>>>
    >>>>> On 21/12/11 21:38, recursor wrote:
    >>>>>> http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm
    >>>>
    >>>> Old news.
    >>>>
    >>> Thanks for that valuable contribution, can you point me to the thread
    >>> where it was discussed before in this group?

    >>
    >> It hasn't, but it's just ZDnet raking up a bit of nonsense for page
    >> hits from the outraged.
    >>
    >> There have been previous scares about this sort of thing - BIOS locks,
    >> the Trusted Platform Module, Intel Macs (as mentioned upthread) - and
    >> they've all turned out to be no trouble at all to anyone.
    >>

    >So are you saying that UEFI won't ever be used to lock out other OS's on
    >a machine that has it?


    I'm saying it won't matter. And that ZDnet are only reporting it
    (again) for page hits.

    Cheers - Jaimie
    --
    Those who live by the sword get shot by those who don't.
     
    Jaimie Vandenbergh, Dec 22, 2011
    #10
  11. On Thu, 22 Dec 2011 10:22:36 +0000, recursor <>
    wrote:

    >On 12/22/2011 10:10 AM, Jaimie Vandenbergh wrote:
    >> On Thu, 22 Dec 2011 10:08:08 +0000, recursor<>
    >> wrote:
    >>
    >>> On 12/22/2011 09:56 AM, Jaimie Vandenbergh wrote:
    >>>> On Thu, 22 Dec 2011 09:33:23 +0000, recursor<>
    >>>> wrote:
    >>>>
    >>>>> On 12/22/2011 06:20 AM, Mike Tomlinson wrote:
    >>>>>> En el artículo<>, Henry
    >>>>>> Law<> escribió:
    >>>>>>
    >>>>>>> On 21/12/11 21:38, recursor wrote:
    >>>>>>>> http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm
    >>>>>>
    >>>>>> Old news.
    >>>>>>
    >>>>> Thanks for that valuable contribution, can you point me to the thread
    >>>>> where it was discussed before in this group?
    >>>>
    >>>> It hasn't, but it's just ZDnet raking up a bit of nonsense for page
    >>>> hits from the outraged.
    >>>>
    >>>> There have been previous scares about this sort of thing - BIOS locks,
    >>>> the Trusted Platform Module, Intel Macs (as mentioned upthread) - and
    >>>> they've all turned out to be no trouble at all to anyone.
    >>>>
    >>> So are you saying that UEFI won't ever be used to lock out other OS's on
    >>> a machine that has it?

    >>
    >> I'm saying it won't matter.

    >
    >Maybe not to you but I know a lot of people it will matter to.


    It's vanishingly unlikely that there'll be machines produced that can
    only run Windows, except for corporate sales where this matches the
    need. See also TPM as above, which is basically the same intent.

    All other machines will be sold with the secure switch turned off in
    the UEFI settins, or turn-offable by anyone with the technical
    knowledge to do so (or a quick google).

    Also likely is that the whole thing will be worked around in software,
    with a bootloader like GRUB saying "yes, of course I'm Windows8" and
    then doing whatever the heck it likes. See PS3 after the "otherOS"
    feature was removed.

    No boxed mobos will have this as a non-switchable item, or they won't
    sell to the people boxed mobos sell to.

    So it won't matter. Really.

    Cheers - Jaimie
    --
    "Once you adopt the unix paradigm, the variants cease to be a problem - you
    bitch, of course, but that's because bitching is fun, unlike M$ OS's, where
    bitching is required to keep your head from exploding." - S Stremler in afc
     
    Jaimie Vandenbergh, Dec 22, 2011
    #11
  12. recursor

    recursor Guest

    On 12/22/2011 10:40 AM, Jaimie Vandenbergh wrote:
    >
    > No boxed mobos will have this as a non-switchable item, or they won't
    > sell to the people boxed mobos sell to.
    >

    Now you've hit the nail on the head. Knowing M$ and the tricks they have
    stooped to in the past I can imagine a scenario in the future where
    after being leaned on the fabbers will offer boxed mobos for sale some
    with UEFI locking and others not, which of course will create yet
    another compatibility nightmare for the home builder. Hopefully this is
    just paranoia on my part. :)
     
    recursor, Dec 22, 2011
    #12
  13. recursor

    Daniel James Guest

    In article <>,
    Recursor wrote:
    >

    http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.
    htm

    UEFI Secure Boot? As others have said: this isn't new news ... there
    were some articles about in on /The Register/ earlier in the year.

    Note that there are several issues involved here:

    1. UEFI itself. UEFI is a new way of booting a PC which doesn't require
    a real-mode BIOS. This has been on the way for some time, and isn't new
    at all. The best thing about UEFI is that it requires support for GPT
    partitioning and so will automatically support hard drives bigger than
    2.1 TB. The worst thing is that it requires much more complicated
    firmware than the humble PC BIOS, and a lot of manufacturers are going
    to release buggy firmware ... which will actually lead to LESS
    security, not more.

    However, UEFI is already out in the field ans has been for some time.
    The last two systems I've put together have Asus motherboards which
    have support for both UEFI and traditional BIOS (and you can switch
    between them in the BIOS settings screen).

    2. The Secure Boot feature of UEFI. This is actually quite a /good/
    thing, as it allows a system to check that its boot image hasn't been
    tampered with, and so reduces the opportunities for introducing malware
    at boot time. The issue here is that the UEFI firmware has to have the
    means to check the digital signature of the boot image in order to
    pronounce the image clean. That is: the UEFI system has to have the
    public key that matches the private key with which the OS image was
    signed.

    The suggestion in the article is that system vendors will supply
    systems that have only Microsoft's public keys preprogrammed, so only
    Windows systems will be verifiable. Whilst it's certainly possible that
    a system builder could set a system up that way, I think most UEFI
    firmware writers are going to provide some system whereby a
    user/administrator will be able to add to the keys that the onboard
    UEFI system will recognize (in some secure way) so that any OS can be
    verified in the same way. So, at worst, if you want to install (say)
    Ubuntu on your Windows box you'll have to go into the BIOS setup (or
    run some native UEFI utility) and load a key certificate provided by
    Canonical into the motherboard. Thereafter, you'll be able to boot
    Ubuntu or Windows, because UEFI will be able to verify either.

    In short, it'll be a bit more hassle ... but it won't be impossible,
    and it'll bring some security benefits.

    3. What will Secure Boot do if the boot image doesn't have a valid
    digital signature? UEFI says that Secure Boot should be able to detect
    a boot image with a bad signature and prevent the image from booting
    ... but I don't see any reason why an implementation shouldn't just put
    up a message saying "This boot image has a bad signature, continue
    (y/N)" and let the user decide. An administrator should be able to
    disable that on corporate PCs, but it'd be a BIOS setting so home users
    could just let the malware run ...

    Cheers,
    Daniel.
     
    Daniel James, Dec 23, 2011
    #13
  14. recursor

    johannes Guest

    johannes, Dec 24, 2011
    #14
  15. recursor

    johannes Guest

    Henry Law wrote:
    >
    > On 21/12/11 21:38, recursor wrote:
    > > http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm

    >
    > Can they do that? What's Anti-Trust about then? I worked for IBM, way
    > back when, and the US DoJ was all over us, telling us what we could and
    > couldn't do.


    I suppose it is OK for consumer PC with MS already OEM installed; then it's
    an MS gadget just like other gadgets e.g. mobile phones.
     
    johannes, Dec 24, 2011
    #15
  16. On 24/12/2011 09:11, johannes wrote:
    >
    >
    > recursor wrote:
    >>
    >> http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm

    >
    > Don't just post an URL without your own comment; it is very dumb! Most people
    > here are well aware of tech sites. This ng is for discussions.


    Excuse me? Were you incapable of reading the
    "windows-8-secure-boot-to-block-linux" bit of the posted url? Surely
    that combined with the subject line may just have been capable of giving
    even the most dimwitted a clue what the link was about.

    As has been pointed out and discussed quite rationally (until you stuck
    your oar in), this is hardly new news, but it could well end up being a
    tool for MS to leverage customers into using only their products.

    FFS, goodwill to all men etc. Bollocks... bah humbug!

    --
    Unlock Your Phone's Potential
    www.UselessInfo.org.uk
    www.ThePhoneLocker.co.uk
    www.GSM-Solutions.co.uk
     
    Richard Colton, Dec 24, 2011
    #16
  17. recursor

    recursor Guest

    On 12/24/2011 09:49 AM, Richard Colton wrote:

    > it could well end up being atool for MS to leverage customers into using only their products.
    >


    Indeed, that's where the discussion went and I thought it was well worth
    the bandwidth used to get there. Whether johannes has even the
    rudimentary technical nous required to understand this it is another
    matter of course. :)
     
    recursor, Dec 24, 2011
    #17
  18. On 24/12/2011 09:20, johannes wrote:
    >
    >
    > Henry Law wrote:
    >>
    >> On 21/12/11 21:38, recursor wrote:
    >>> http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm

    >>
    >> Can they do that? What's Anti-Trust about then? I worked for IBM, way
    >> back when, and the US DoJ was all over us, telling us what we could and
    >> couldn't do.

    >
    > I suppose it is OK for consumer PC with MS already OEM installed; then it's
    > an MS gadget just like other gadgets e.g. mobile phones.


    No it isn't. Although phones and computers are converging, they are
    still very dis-similar beasts. There are precious few (if any) mobile
    phone operating systems that are truly free and open, but there are
    numerous alternatives for computers. Additionally, just how many large
    manufacturers actually offer a machine available with open source OS, or
    with the option of none supplied. If these alternatives were made
    available (by all computer manufacturers), UEFI would not be an issue.
    The problem comes with Microsoft potentially leveraging their market
    position with it - it's supposed to be a security enhancement, not a
    method for MS to increase sales.


    --
    Unlock Your Phone's Potential
    www.UselessInfo.org.uk
    www.ThePhoneLocker.co.uk
    www.GSM-Solutions.co.uk
     
    Richard Colton, Dec 24, 2011
    #18
  19. En el artículo <4ef5a02b$0$2050$c3e8da3$>,
    Richard Colton <> escribió:

    >FFS, goodwill to all men etc. Bollocks... bah humbug!


    Quite.

    You're responding to a fuckwit who is trying to convince
    uk.rec.cars.maintenance that it's perfectly acceptable to hog the middle
    lane on a motorway. It's like watching a car crash in slow motion.

    Merry Crimbo everyone! :)

    --
    (\_/)
    (='.'=)
    (")_(")
     
    Mike Tomlinson, Dec 24, 2011
    #19
  20. In <>,
    recursor <> wrote:

    > Now you've hit the nail on the head. Knowing M$ and the tricks they have
    > stooped to in the past I can imagine a scenario in the future where
    > after being leaned on the fabbers will offer boxed mobos for sale some
    > with UEFI locking and others not, which of course will create yet
    > another compatibility nightmare for the home builder. Hopefully this is
    > just paranoia on my part. :)


    I think all manufacturers will have to allow keys to be added (and
    deleted) somehow. Otherwise what will happen if (I'm tempted to say
    "when") Microsoft's private key is compromised?

    --
    TH * http://www.realh.co.uk
     
    Tony Houghton, Dec 24, 2011
    #20
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nickweb

    Latest LAN Party pics

    Nickweb, Mar 28, 2007, in forum: Gaming
    Replies:
    6
    Views:
    1,397
    Nickweb
    Apr 3, 2007
  2. Richard

    My latest understanding about drives.

    Richard, Aug 5, 2003, in forum: DIY Computers
    Replies:
    8
    Views:
    293
    Groove
    Aug 5, 2003
  3. Netman ®
    Replies:
    5
    Views:
    261
    Chris Hodges
    Aug 31, 2003
  4. GSV Three Minds in a Can

    nVidia latest ATA drivers break WinXP Travan tape handling

    GSV Three Minds in a Can, Dec 14, 2004, in forum: DIY Computers
    Replies:
    2
    Views:
    260
    Martin Slaney
    Dec 15, 2004
  5. recursor

    M$'s latest move in the COA market

    recursor, Mar 1, 2005, in forum: DIY Computers
    Replies:
    92
    Views:
    2,022
    Nigel Wade
    Mar 7, 2005
Loading...

Share This Page