Post #358,311
6/1/12 11:29:38 AM
|
Motherboard lockdowns coming
A quiet announcement from the Fedora Linux community signals a titanic shift in the way that the computer market will work from now on, and a major threat to free/open operating systems. Microsoft and several PC vendors have teamed up to ensure that only operating systems bearing Microsoft's cryptographic signature will be able to boot on their hardware, meaning that unless Microsoft has blessed your favorite flavor of GNU/Linux or BSD, you won't be able to just install it on your machine, or boot to it from a USB stick or CD to try it out. There is a work-around for some systems involving a finicky and highly technical override process, but all that means is that installing proprietary software is easy and installing free/open software is hard.
This is a major reversal. For many years now, free/open OSes have been by far the easiest to install on most hardware. For example, I have installed Ubuntu on a variety of machines by just sticking in a USB stick and turning them on. Because the OS and its apps are free, and because there are no finicky vendor relationships to manage, it Just Works. On some of those machines, installing a Windows OS fresh from a shrinkwrapped box was literally impossible -- you had to order a special manufacturer's version with all the right drivers to handle external CD drives or docking stations or what-have-you. And the free/open drivers also handled things like 3G USB adapters better than the official drivers (not least because they didn't insist on drawing a huge "WELCOME TO $SOME_STUPID_PHONE_COMPANY" box on the screen every time you connected to the Internet.)
At issue is a new facility called UEFI, which allows a computer's bootloader to distinguish between different operating systems by examining their cryptographic signatures. In theory, this can be used to alert you if malicious software has modified your OS, putting you at risk of having your passwords harvested, your video and sound secretly captured, and your files plundered. But rather than simply alerting users to unsigned ("I have found an unknown operating system and I can't tell if it has dangerous software in it, continue? [Y/N]") or changed OSes ("Your computer has been modified since the last time it was turned on, and now has a version of Windows that can't be verified") Microsoft and its partners have elected to require a very complex and intimidating process that -- by design or accident -- is certain to scare off most unsophisticated users.
http://boingboing.ne...tm_medium=twitter
"Chicago to my mind was the only place to be. ... I above all liked the city because it was filled with people all a-bustle, and the clatter of hooves and carriages, and with delivery wagons and drays and peddlers and the boom and clank of freight trains. And when those black clouds came sailing in from the west, pouring thunderstorms upon us so that you couldn't hear the cries or curses of humankind, I liked that best of all. Chicago could stand up to the worst God had to offer. I understood why it was built--a place for trade, of course, with railroads and ships and so on, but mostly to give all of us a magnitude of defiance that is not provided by one house on the plains. And the plains is where those storms come from."
-- E.L. Doctorow
|
Post #358,313
6/1/12 11:49:03 AM
|
Won't be buying those devices
Seriously. Fuck those guys. Any MB vendors that make ones that aren't locked will get my dollar.
|
Post #358,314
6/1/12 12:05:47 PM
|
This is all to combat Microsoft's poor decisions...
I read this yesterday... it makes me sick.
This is to fix their gigantic mistakes in OS design and security...
They really really suck.
|
Post #358,316
6/1/12 12:22:29 PM
|
Isn't this Palladium?
--
Drew
|
Post #358,345
6/1/12 7:30:16 PM
|
No. Worse.
At least Palladium didn't interfere with the OS of your choice. No one ever signed up to MS's TPM scheme, so it became just a useless chunk on the motherboard instead of the Windows anchor they had hoped it to become.
UEFI fixes that problem by prevent you from even booting to that undesired OS thereby signing everyone up to the MS scheme by simple opt-in. The spec provides for installing your own keys but leaves the implementation optional. The bean counters will make sure the option does not get implemented.
|
Post #358,321
6/1/12 2:06:59 PM
|
This has been yelled about since at least last October.
http://www.fsf.org/c...s-restricted-boot
http://blog.canonica...-impact-on-linux/
I figure there will eventually be ways around it - there always are. But I don't plan on buying any hardware that is locked-down this way.
Cheers,
Scott.
|
Post #358,339
6/1/12 5:58:37 PM
|
This means many...
of the high end kit is going to be locked down. This also means places like Dell and HP and ASUS will comply.
|
Post #358,343
6/1/12 7:20:23 PM
|
There was a big thread on SlashDot.
The spec MS are pushing for Windows 8 currently allows for the end-user to disable the "secure boot", which would let other OSs to boot, but there's no reason that couldn't go away in the future.
There are rumours the agreement with MS requires *all* products to conform to this. However, a manufacturer like Dell would be in a strong position to get that nixed for them. Dell sell a *lot* of hardware to corps who promptly put Linux on.
Wade.
|
Post #358,354
6/1/12 10:45:41 PM
|
HP supports...
More Linux server machines than Dell does.
Though Dell is catching them handily.
|
Post #358,591
6/7/12 12:46:09 PM
|
RedHat's latest take.
|
