Redhat/Fedora selling out to Microsoft - AVS Forum
Forum Jump: 
 
Thread Tools
post #1 of 23 Old 05-31-2012, 09:26 AM - Thread Starter
AVS Special Member
 
tux99's Avatar
 
Join Date: Jan 2005
Location: Europe
Posts: 1,523
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 11
Quote:


The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.

http://mjg59.dreamwidth.org/12368.html

My reply to this:

This is completely unacceptable to me. I'm very disappointed with Redhat.

Redhat is a billion dollar company with a large market share in the server market, therefore has a lot of influence on hardware manufacturers (a lot of server manufacturers also make laptops and desktops), therefore Redhat should have used its influence to force a solution that would be acceptable to the FOSS world.

I will NEVER buy any hardware where 'secure boot' cannot be FULLY DISABLED (either by a BIOS option or by flashing a custom BIOS or with a hardware dip-switch) and if that means I will be stuck with 2012 hardware then so be it.


I hope you all make your voice heard too!

My Linux news / reviews / tips+tricks / downloads web site: http://www.linuxtech.net/
tux99 is offline  
Sponsored Links
Advertisement
 
post #2 of 23 Old 05-31-2012, 05:47 PM - Thread Starter
AVS Special Member
 
tux99's Avatar
 
Join Date: Jan 2005
Location: Europe
Posts: 1,523
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 11
Hmm, 105 views and zero comments here, I hope you are at least all telling Matthew Garrett / Redhat in the comments section of his blog (see above link) what you think about this...

Personally I'm very disappointed, not about UEFI 'secure boot' and Microsoft (that's typical and expected from MS), but I would have hoped all FOSS companies would have fought this vigorously and now instead the biggest FOSS company has already given up any fight and has even decided to become dependant on the enemy.

This is far worse than the Novell/Suse MS patents deal!

My Linux news / reviews / tips+tricks / downloads web site: http://www.linuxtech.net/
tux99 is offline  
post #3 of 23 Old 05-31-2012, 07:08 PM
Rgb
AVS Special Member
 
Rgb's Avatar
 
Join Date: Apr 2000
Location: SE Michigan
Posts: 6,891
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 18
I guess some of us have become so jaded by the tragic absurdity that is IP law and policy that there is simply nothing left to add to the conversation or rant about any more.

I was going to comment earlier today after seeing your OP, but have become calloused to these issues.

Yes, it's depressing that one of the top FOSS successes has sold out and chooses to pay the tithe to the Supreme Software Master of the known Universe (i.e. MS). It appears no one will be able to market software without tribute to the King- an unbelieveable outcome of the "computing revolution" and the freedoms it was supposed to grant individuals.

No flying cars, no hovering skateboards, no monoliths on the moon, now no computer freedom- like Yogi Berra sez- "The future ain't what it used to be!"

We'll see how Canonical handles this...
Rgb is offline  
post #4 of 23 Old 05-31-2012, 08:23 PM
AVS Special Member
 
Ericglo's Avatar
 
Join Date: Oct 2004
Location: Just below the US in South Florida
Posts: 6,219
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 71 Post(s)
Liked: 29
Not sure what to say. It looks like Fedora/Red Hat were backed into a corner and this was the best solution they could come up with. I guess we will have to see how the other companies handle this.

My new favorite game is Save The Titanic

Ericglo is offline  
post #5 of 23 Old 06-01-2012, 01:30 AM - Thread Starter
AVS Special Member
 
tux99's Avatar
 
Join Date: Jan 2005
Location: Europe
Posts: 1,523
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 11
This is the best comment (no, I didn't write it) to the blog article that says it clearly what the implications are and why this is a very bad move by Redhat:

Quote:


The minute a Linux vendor sells-out -- like this -- is the minute we're all doomed.

MS will lead them on for a couple of years, and then quietly insist that x86 vendors comply with the same restrictions that ARM vendors have already kowtowed to.

At which point, only Redhat Linux will boot and run. No others. Or at least not until all of the others also sign-up and pay MS for permission to run non-MS software on end-user hardware.

Then, a year or two later, MS will raise the signing fees, and eventually begin blacklisting Linux systems for various "reasons".

By then, it's too late to do anything about the situation.

Much, MUCH better to just not comply from Day-1. Don't pay MS for key-signing. This means that a user has to enter the BIOS *once* to get Linux installed. Big Deal.

Hardware vendors will be loath to ever implement stage-2 as a result -- they'll refuse to disable non-secureboot because it would lock them out of the Linux market.

But if we pay-up to MS on Day-1, then the hardware vendors will not have as big an issue with locking everyone out later on.

Just say NO. This is a very clever MS scheme, and an very bad idea for Redhat to comply.

Also this reply by Matthew show how deep the implications are, this doesn't just concern the bootloader, the whole kernel will be completely locked-down including any third party kernel modules like the nvidia drivers:

Quote:


What else does the kernel have to restrict in secure-boot mode, in order to preclude this from local root? Block /proc/*mem access and nothing else?

*mem, raw PCI access through sysfs, iopl, forcing signatures on kexec, a small number of debugfs interfaces, various kernel parameters (acpi_rsdp is an obvious one), probably some I've missed.

My response:
Quote:


And you are saying that all of this will be restricted in Fedora?

That is completely ridiculous, I can't believe you are planning to cripple a FOSS distro like this with a straight face!


My Linux news / reviews / tips+tricks / downloads web site: http://www.linuxtech.net/
tux99 is offline  
post #6 of 23 Old 06-01-2012, 01:32 AM - Thread Starter
AVS Special Member
 
tux99's Avatar
 
Join Date: Jan 2005
Location: Europe
Posts: 1,523
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 11
Quote:
Originally Posted by Ericglo View Post

Not sure what to say. It looks like Fedora/Red Hat were backed into a corner and this was the best solution they could come up with. I guess we will have to see how the other companies handle this.

They weren't backed into any corner at all, they never fought this fight, they just surrendered willingly because clearly they couldn't be bothered to fight!

That's what upsets me about this, this cowardly behaviour by Redhat/Fedora!

Whatever other Linux companies will decide will matter far less because Redhat is the biggest Linux company by far. Now that MS has Redhat's support their scheme to lock down all PCs has been legitimised.

My Linux news / reviews / tips+tricks / downloads web site: http://www.linuxtech.net/
tux99 is offline  
post #7 of 23 Old 06-01-2012, 04:41 AM
Rgb
AVS Special Member
 
Rgb's Avatar
 
Join Date: Apr 2000
Location: SE Michigan
Posts: 6,891
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 18
Quote:
Originally Posted by tux99 View Post

They weren't backed into any corner at all, they never fought this fight, they just surrendered willingly because clearly they couldn't be bothered to fight!

That's what upsets me about this, this cowardly behaviour by Redhat/Fedora!

Whatever other Linux companies will decide will matter far less because Redhat is the biggest Linux company by far. Now that MS has Redhat's support their scheme to lock down all PCs has been legitimised.

So, time to move away from Redhat-compatible distros, then

Looks like the only "untainted" major Linux branch is Debian, and other smaller independants (like Arch, etc)

http://futurist.se/gldt/wp-content/u...2/gldt1202.png

MS already tainted the Suse associated distros through the Novell/SCO meddlings.
Rgb is offline  
post #8 of 23 Old 06-01-2012, 05:02 AM
Rgb
AVS Special Member
 
Rgb's Avatar
 
Join Date: Apr 2000
Location: SE Michigan
Posts: 6,891
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 18
Quote:
Originally Posted by tux99 View Post

This is the best comment (no, I didn't write it) to the blog article that says it clearly what the implications are and why this is a very bad move by Redhat:

Exactly.

This has been MS's modus operadi for 30+ years. No need to articulate the process for us "old timers". Funny how the youngin's fall for it time and again.

Another relevant post:
 

Quote:


Date: 2012-05-31 03:23 pm (UTC)
From: [personal profile] mjg59
Sadly, yes, it's too late to fix it. It's part of the UEFI spec, the relevant version of which was released last year. At the time, it didn't seem objectionable - we'd been under the impression[1] that this was going to be opt-in functionality, at which point the signature management becomes local policy. Microsoft's policy was dropped on top of this last August, after spec adoption had already begun.

This is ALWAYS how they operate (any entity with too much power)- some policies appear innocuous in the planning stages, then WHAM- they get you with arbitrary changes later. Death by a thousand cuts works quite well...

This is the difference between recognizing bad policies early in the game, when those policies violate basic principles- user abuse/control/freedom implications.

Unfortunately, not everyone has the ability to recognize and/or the power the stop these violations of principles until they are manifest much later down the road in concrete real world application. MS knows this and uses it to their advantage.

Rgb is offline  
post #9 of 23 Old 06-01-2012, 05:02 AM - Thread Starter
AVS Special Member
 
tux99's Avatar
 
Join Date: Jan 2005
Location: Europe
Posts: 1,523
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 11
Quote:
Originally Posted by Rgb View Post

So, time to move away from Redhat-compatible distros, then

Why? Centos and SL are totally independent (reusing the same source packages means nothing, ultimately all distros use the same sources).
If Centos and/or SL decide to implement 'crippled boot' (as I will call it from now on) too then yes, I would move away from them.

So far only Fedora should be avoided from Fedora 18 onwards (unless they still change their mind about implementing 'crippled boot')

Also I very much doubt Redhat will ever implement this in RHEL, as servers aren't affected by 'crippled boot', this is only for desktop and laptop PCs.


Quote:
Originally Posted by Rgb View Post

Looks like the only "untainted" major Linux branch is Debian, and other smaller independants (like Arch, etc)

We will see in the next few months which distros will follow Fedora and implement 'crippled boot' and which ones will stay faithful to the principles of FOSS.

My Linux news / reviews / tips+tricks / downloads web site: http://www.linuxtech.net/
tux99 is offline  
post #10 of 23 Old 06-01-2012, 06:28 AM
Advanced Member
 
Neil L's Avatar
 
Join Date: Sep 2000
Location: Paragould, Arkansas USA
Posts: 916
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
Just like every other folly invented by Microsoft...there will be ways to get around UEFI. The more things change, the more they remain the same, so to speak...

According to Microsoft's specifications, x86 machines that are sold with a Windows license sticker must have secure boot enabled, but must also offer a firmware option to disable it. There would be little point to secure boot on a Linux machines, so if you're not dual booting there is little to worry about. Machines, or components one would assume, that don't come with Windows will probably not have secure boot at all, or at least not enabled by default.

This is just a work around to have Fedora (and other distros) install to a secure boot environment out of the box, with five clicks.

The bigger problem is UEFI boot in general. Setting a computer to boot in UEFI is tricky. Fortunately, most computers have a BIOS emulation mode, so no problem there either.
Neil L is offline  
post #11 of 23 Old 06-01-2012, 03:49 PM - Thread Starter
AVS Special Member
 
tux99's Avatar
 
Join Date: Jan 2005
Location: Europe
Posts: 1,523
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 11
Quote:
Originally Posted by Neil L View Post

According to Microsoft's specifications, x86 machines that are sold with a Windows license sticker must have secure boot enabled, but must also offer a firmware option to disable it.

Nope they are allowed (for now) to offer a firmware option to disable it, but they can do without it, it's at the manufacturer's discretion. How much do you want to bet that there will be devices targeted at Win8 where the manufacturers can't be bothered to add the UEFI functionality to disable 'crippled boot'?

Quote:
Originally Posted by Neil L View Post

Machines, or components one would assume, that don't come with Windows will probably not have secure boot at all, or at least not enabled by default.

To be Win8 compatible they must support 'crippled boot' so all machines and components will support it as they can't afford to not be Win8 compatible. And how much do you want to bet that 'crippled boot' will practically always be enabled by default to avoid support calls by noob Win8 users (especially now that the biggest Linux company is setting the bad example to also support it)?

Quote:
Originally Posted by Neil L View Post

This is just a work around to have Fedora (and other distros) install to a secure boot environment out of the box, with five clicks.

Yes, in order to accommodate the lazy/inexperienced users (as if they couldn't read up a How-to) Fedora now has given the seal of approval to this evil MS scheme, which is nothing but a restriction of liberties (a big step forward towards a completely locked down PC) even for Windows users.

Also I find it quite strange that Fedora is all of a sudden interested in user friendlyness but they still refuse to include the Nvidia and AMD binary drivers by default...

Quote:
Originally Posted by Neil L View Post

The bigger problem is UEFI boot in general. Setting a computer to boot in UEFI is tricky. Fortunately, most computers have a BIOS emulation mode, so no problem there either.

The BIOS compatibility mode is destined to disappear, we are currently in the transition phase.

My Linux news / reviews / tips+tricks / downloads web site: http://www.linuxtech.net/
tux99 is offline  
post #12 of 23 Old 06-01-2012, 10:10 PM
AVS Special Member
 
Mac The Knife's Avatar
 
Join Date: Oct 2003
Location: Phoenix, AZ
Posts: 4,903
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 23
Quote:
Originally Posted by tux99 View Post

Nope they are allowed (for now) to offer a firmware option to disable it, but they can do without it, it's at the manufacturer's discretion. How much do you want to bet that there will be devices targeted at Win8 where the manufacturers can't be bothered to add the UEFI functionality to disable 'crippled boot'?
....

Yep.

And what do you want to bet that MS will offer all kinds of extra promotional dollars to OEM's that leave out the disable switch.


Quote:
Originally Posted by tux99 View Post

...
The BIOS compatibility mode is destined to disappear, we are currently in the transition phase.

Yep.

But, I think they'll always have to have the ability to burn new firmware into the ROMs [just in case they screwed something up in the original release]. So, I think the best that we can hope for is that there'll be people that are willing to reverse-engineer everyone's firmware and come up with patches to the secure boot code so that it falsely reports that everything passes.

But that'll mean having to risk bricking your MB with a firmware patch to install Linux.
Mac The Knife is offline  
post #13 of 23 Old 06-02-2012, 06:15 AM
Advanced Member
 
Neil L's Avatar
 
Join Date: Sep 2000
Location: Paragould, Arkansas USA
Posts: 916
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
Yeah, if it indeed become necessary to hack a motherboard BIOS to install something other than Windows, that is what we will be doing. There are people installing Debian on phones that have the bootloaders locked by OEMs, right now, today! Even installing Android on M$ devices that had locked bootloaders. Even if it does become a hurdle for novice Linux users, someone will find a way to reverse engineer the problem. And lots of OEMs, like Dell, actually make a lot of money selling enterprise equipment that runs Linux. So overall I think everyone is just going on FUD with this. Speculating about it is kind of pointless this early in the game.

So maybe not all hardware manufacturers will want to be Win8 certified. Apple is one example, they have had proprietary hardware for years already, that requires some hacking to install a different OS. There is a market, small though it may be, for non Windows PCs, and I think manufacturers would be foolish to give in to M$ and support their goal of monopolizing the PC world. Sure hardware makers must be Windows certified, since that is the biggest marker. But, everything doesn't have to be. Anyway, this will play out as it will, no matter what we think or speculate at this time.

For my part anyway, I'm not looking to buy any new hardware for the next several years. I'm willing to just wait and see what becomes available when I do need/want to upgrade. So the situation just doesn't worry me. But it does amaze me the power M$ has to dictate to hardware manufactures what "features" to include.

Linus Torvalds on secure boot.
Neil L is offline  
post #14 of 23 Old 06-02-2012, 11:06 AM
AVS Special Member
 
Ericglo's Avatar
 
Join Date: Oct 2004
Location: Just below the US in South Florida
Posts: 6,219
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 71 Post(s)
Liked: 29
Just so I understand, is this for M$ computers or everything? In other words, if I buy a Biostar mobo, then will it have this secure boot?

My new favorite game is Save The Titanic

Ericglo is offline  
post #15 of 23 Old 06-02-2012, 11:42 AM
AVS Special Member
 
Mac The Knife's Avatar
 
Join Date: Oct 2003
Location: Phoenix, AZ
Posts: 4,903
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 23
Quote:
Originally Posted by Ericglo View Post

Just so I understand, is this for M$ computers or everything? In other words, if I buy a Biostar mobo, then will it have this secure boot?

It's all speculation at this point, but between the likelihood of MS offering cash incentives to the hardware manufactures to lock everything down and the manufactures really not wanting to support multiple versions of firmware, it's a significant possibility.

Keep in mind that there's actually only a couple of MB manufacturers. Everybody else just buys unbranded boards and stamps their own name on them.
Mac The Knife is offline  
post #16 of 23 Old 06-02-2012, 02:24 PM
AVS Special Member
 
pcdoctor's Avatar
 
Join Date: Jul 2000
Posts: 3,587
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 12
I'm a Debian girl and if Debian caved in like "Red Hat/Fedora", I would no longer donate money to them. I've always either used Ubuntu or Debian. I really think this is sad even though I've never used the rpm distros. I for one will not buy a motherboard in which this crap can't be disabled. I hope Asus allows this feature to be disabled.
pcdoctor is offline  
post #17 of 23 Old 06-02-2012, 05:58 PM
AVS Special Member
 
Ericglo's Avatar
 
Join Date: Oct 2004
Location: Just below the US in South Florida
Posts: 6,219
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 71 Post(s)
Liked: 29
Quote:
Originally Posted by Mac The Knife View Post

It's all speculation at this point, but between the likelihood of MS offering cash incentives to the hardware manufactures to lock everything down and the manufactures really not wanting to support multiple versions of firmware, it's a significant possibility.

Keep in mind that there's actually only a couple of MB manufacturers. Everybody else just buys unbranded boards and stamps their own name on them.

Great. I may not be upgrading for awhile.

My new favorite game is Save The Titanic

Ericglo is offline  
post #18 of 23 Old 06-02-2012, 06:08 PM - Thread Starter
AVS Special Member
 
tux99's Avatar
 
Join Date: Jan 2005
Location: Europe
Posts: 1,523
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 11
Quote:
Originally Posted by Ericglo View Post

Just so I understand, is this for M$ computers or everything? In other words, if I buy a Biostar mobo, then will it have this secure boot?

Given that Windows is at least 90% of the desktop/laptop PC market, can you imagine any manufacturer not wanting to support Win8?

It's quite obvious that practically every mobo will have 'crippled boot' implemented, and that's not the issue.

The issue is whether all mobo manufacturers will include an option to disable 'crippled boot'. Up to a week ago I would have said yes, they will (almost) all include such an option as they don't want to upset the Linux market, which might be small but can be vocal and therefore would generate negative publicity.

The problem is, now that the biggest Linux company has given their seal of approval to 'crippled boot' by implementing it using a Microsoft key, there is much less need for mobo manufacturers to provide a 'disable' option, as they can always say: use Fedora, it works with 'crippled boot' enabled so you don't need the 'disable' option to run Linux.

This is why Fedora's decision to support 'crippled boot' is so bad for FOSS and Linux in general!

My Linux news / reviews / tips+tricks / downloads web site: http://www.linuxtech.net/
tux99 is offline  
post #19 of 23 Old 06-03-2012, 05:00 AM
Rgb
AVS Special Member
 
Rgb's Avatar
 
Join Date: Apr 2000
Location: SE Michigan
Posts: 6,891
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 18
These kinds of policies and schemes will never end. Ballmer and his ilk will never stop-

https://www.youtube.com/watch?v=La_u1jPLOIA

http://siivola.org/monte/papers_grou...sychopathy.htm

http://hbr.org/2004/10/executive-psychopaths/ar/1

http://www.correntewire.com/psycopat...xecutive_trait

http://www.dailykos.com/story/2011/1...al-psychopaths

Good /. discussion

http://linux.slashdot.org/story/12/0...i-restrictions

Of course, this is a ploy to label anyone not running Windows/MS approved software in the future as "insecure"- simple mind tricks that work quite well for the average consumer and corporate users. If you have to disable the secure boot feature on your computer, you MUST be "NOT secure" anymore, right? Simple FUD mind tricks for the masses.

The principle being violated here is that the owner of the computer is the only entitiy with the right to apply keys and sign their software. In the FOSS/Linux world, this is trivial to implement- just make the repos/Ubuntu Software Centers/$DISTRO_APP_STOREs of the world sign software as its installed, compiling the app as part of the download/install process if needed, all automated of course. The computer owner would input their hardware key/serial number printed on the mobo (or arbitrary random key they formulate themselves) to complete the software signing process.

The policy flaw in the MS scheme is relying on entities outside the computer owners control to manage keys/signing. Only the computer owner should manage their keys and software signing.

FOSS/Linux solved trusted software from day one- first, by storing software at known trusted sources (repositories, random .rpm's or .deb's or untrusted third party repos notwithstanding), second by relying on open sourcing, so everyone can have their eyes on the code if needed to ferret out security/privacy issues (closed binary drivers notwithstanding).
Rgb is offline  
post #20 of 23 Old 06-04-2012, 10:37 AM
Rgb
AVS Special Member
 
Rgb's Avatar
 
Join Date: Apr 2000
Location: SE Michigan
Posts: 6,891
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 18
Rgb is offline  
post #21 of 23 Old 06-06-2012, 05:05 AM
Rgb
AVS Special Member
 
Rgb's Avatar
 
Join Date: Apr 2000
Location: SE Michigan
Posts: 6,891
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 18
Relying on entities outside your control to sign and secure software on your computer results in this-

Flame Malware Hijacks Windows Update


http://it.slashdot.org/story/12/06/05/1638228/flame-malware-hijacks-windows-update
Quote:
As more research unfolds about the recently discovered Flame malware, researchers have found three modules – named Snack, Gadget and Munch – that are used to launch what is essentially a man-in-the-middle attack against other computers on a network. As a result, Kaspersky researchers say when a machine attempts to connect to Microsoft's Windows Update, it redirects the connection through an infected machine and it sends a fake malicious Windows Update to the client. That is courtesy of a rogue Microsoft certificate that chains to the Microsoft Root Authority and improperly allows code signing. According to Symantec, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing. The findings have prompted Microsoft to say that it plans to harden Windows Update against attacks in the future, though the company did not immediately reveal details as to how
Rgb is offline  
post #22 of 23 Old 06-22-2012, 07:13 AM
Rgb
AVS Special Member
 
Rgb's Avatar
 
Join Date: Apr 2000
Location: SE Michigan
Posts: 6,891
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 18
Ubuntu Lays Plans For Getting Past UEFI SecureBoot

http://linux.slashdot.org/story/12/05/31/190217/red-hat-will-pay-microsoft-to-get-past-uefi-restrictions
Quote:
Canonical has laid out their plans for handling UEFI SecureBoot on Ubuntu Linux. Similar to Red Hat paying Microsoft to get past UEFI restrictions, Canonical does have a private UEFI key. Beyond that they will also be switching from GRUB to the more liberal efilinux bootloader, and only require bootloader binaries be signed — and they want to setup their own signing infrastructure separate from Microsoft

http://sourceforge.net/projects/elilo/

http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_

https://github.com/mfleming/efilinux

http://lwn.net/Articles/453638/

http://www.theinquirer.net/inquirer/news/2186842/canonical-intels-efilinux-ubuntu-uefi-secure-boot
Rgb is offline  
post #23 of 23 Old 07-14-2012, 04:43 PM
 
quantumstate's Avatar
 
Join Date: Apr 2006
Posts: 1,694
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 17
Oh I'm not worried. There is always a way around things. There are always cracks.

That said, I was considering going to Fedora because it has selinux integral, as opposed to Debian's bolted on. But with this M$ bootloader, no way man.
quantumstate is offline  
Reply HTPC - Linux Chat

Tags
Microsoft

User Tag List

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off