| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 125970 | 2012-07-30 11:23:00 | Secure boot | johnd (85) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1291671 | 2012-07-30 11:23:00 | I am puzzelled - if UEFI (Unified Extensible Firmware Interface) is not owned or run by Microsoft (ref. blogs.msdn.com) then why are some distributions of Linux planning to pay MS for a key to allow secure booting on PCs that are delivered with W8?? | johnd (85) | ||
| 1291672 | 2012-07-30 11:35:00 | Maybe it's for dual booting? I haven't been paying too much attention to it myself. | 8ftmetalhaed (14526) | ||
| 1291673 | 2012-07-30 11:36:00 | Yes - it is for dual booting but if MS do not own the firmware, why do distributions have to pay MS? | johnd (85) | ||
| 1291674 | 2012-07-30 19:46:00 | It maybe because of the following, why Linux have to pay for it (www.osnews.com). It looks like Fedora may make their own key. Others have said why not use theirs. But,as it says in that link <- If they shared the same key, then a security flaw with "Bozo" Linux would mean revoking Debian's key as well. (I'm expecting key revocations could become a common occurrence). Longer answer: There's no way under secure boot for the owner to tell his computer to trust Debian & Windows but not "Bozo" Linux. The privilege of choosing what can run is left to microsoft & friends since they hold the master keys to our hardware and they're running the certification program. Microsoft's bootloader will hand off to 3rd party bootloaders that are authenticated with a valid certificate. An unfortunate side effect of this security model is that a vulnerability in ANY approved operating system opens up ALL operating systems to trojans. Bootloader trojans can hook into the system using a BozoLinux flaw and then continue to boot another OS such as windows. Ideally the owner would be given explicit control over secure boot keys, then they'd just trust Debian's key and that'd be the end of it, no need to trust anyone other than Debian to boot my machine. Not only would it give owners more freedom, it'd be more secure too. It's a real shame secure boot was designed as it was. There's some more info about it here (blogs.msdn.com) |
Speedy Gonzales (78) | ||
| 1291675 | 2012-07-31 10:42:00 | It seems crazy and unreasonable that the keys are not handled by an independant group (e.g. IEEE). | johnd (85) | ||
| 1291676 | 2012-07-31 11:08:00 | Its because MS own the certificates, and windows (they need to be signed and valid). I suppose its like drivers for windows 7 x64. Unless they're digitally signed, there's no way windows 7 will let you install them. Unlesss you disable the option (I think its under the menu, when you press F8 after rebooting) | Speedy Gonzales (78) | ||
| 1291677 | 2012-07-31 13:02:00 | "Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves. We work with our OEM ecosystem to provide customers with this flexibility. The security that UEFI has to offer with secure boot means that most customers will have their systems protected against boot loader attacks. For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision." Bull. Bootloader attacks = the Windows Vista \ Windows 7 loader crack. It's just Microsoft trying to stop piracy. They don't give a **** about the customer's experience. |
Agent_24 (57) | ||
| 1291678 | 2012-08-01 04:02:00 | If you not a major OEM like Dell or Toshiba, and you see "Trusted Platform Module" mentioned anywhere, it means us mere mortals - cannot purchase the components - and have no say in how the components interact It's about as close as you can get to a black box solution. So don't worry, be happy. |
kingdragonfly (309) | ||
| 1291679 | 2012-08-01 08:38:00 | Bull. Bootloader attacks = the Windows Vista \ Windows 7 loader crack. It's just Microsoft trying to stop piracy. They don't give a **** about the customer's experience. I wouldn't have such a problem with it if MS weren't in control of it . They say Win RT is going to be locked down but Win 8 will allow a bios option to disable. Just sounds too much like MS up to its dirty tricks again. They must be worried that Windows on Arm is going to be such a dog that people will want to install Linux on it. |
mikebartnz (21) | ||
| 1291680 | 2012-08-01 08:54:00 | The Europeans might be able to put a dent in their debts when they start handing out the fines for anti-competitive behaviour. | fred_fish (15241) | ||
| 1 2 3 4 | |||||