# Red Hat Linux paying to get past UEFI restrictions



## teckk (Jun 5, 2012)

This concerns FreeBSD too.

http://www.techrepublic.com/blog/op...fi-restrictions-on-windows-8/3666?tag=nl.e011

http://mjg59.dreamwidth.org/12368.html


----------



## UNIXgod (Jun 5, 2012)

It's like a double tax now. This will make it harder to keep older hardware relevant but non-OS preinstalled boxes and laptops sale will go up.


----------



## wblock@ (Jun 5, 2012)

I did some reading on this the other day, and don't think the first article presents it entirely accurately.  The UEFI on the motherboard should give the user the option to add security certificates or disable the secure boot.


----------



## jrm@ (Jun 5, 2012)

Microsoft's response


----------



## graudeejs (Jun 5, 2012)

*A* little off-topic, perhaps:



			
				jrm said:
			
		

> Microsoft's response



What pissed me off in this article is:



> For the enthusiast who wants to run *older operating systems*, the option is there to allow you to make that decision.



*G*rrrrrr.... it should be *other* operating systems.


----------



## wblock@ (Jun 5, 2012)

That paragraph seems to be referring to old Microsoft operating systems.  Still, no matter how I read it, the writer comes off sounding condescending.


----------



## roddierod (Jun 6, 2012)

I'm really not up on security like I should be, but what problem is this trying to solve?


----------



## hitest (Jun 6, 2012)

wblock@ said:
			
		

> I did some reading on this the other day, and don't think the first article presents it entirely accurately.  The UEFI on the motherboard should give the user the option to add security certificates or disable the secure boot.



When I first heard about this issue I thought Microsoft was trying to eliminate open source software altogether.  It is good to know that we will still have the option to run the operating system of our choice.


----------



## da1 (Jun 6, 2012)

roddierod said:
			
		

> I'm really not up on security like I should be, but what problem is this trying to solve?



Microbrain's world domination ).

LE: It seems they want it all.


----------



## Crivens (Jun 6, 2012)

roddierod said:
			
		

> I'm really not up on security like I should be, but what problem is this trying to solve?


The problem of people making informed decisions what to do with hardware they bought, in such a way that no money is going towards Microsoft.
Seems like, after the "you only rent the software" now comes the "you only rent the hardware" part. Wau Holland, founder of the CCC, already foretold that there would come attempts to make a computer you could make do what _you_ want it to do impossible. Seems he was right.



			
				hitest said:
			
		

> When I first heard about this issue I thought Microsoft was trying to eliminate open source software altogether.  It is good to know that we will still have the option to run the operating system of our choice.



As far as I am up to speed with this, it is allowed by the specification that board/firmware suppliers make it _possible_ for you to change this setting to "unsecure". But this is not to be possible with ARM based hardware, and so I would wager that there will be the day where is is not possible to buy any desktop systems which allow you to flip that switch. After all, we know how well things like ACPI are done and tested these days, right?

Looks like the next box to use as a workstation will contain some PPC or MIPS hardware.


----------



## overmind (Jun 6, 2012)

http://linux.slashdot.org/story/12/06/06/1232243/red-hat-clarifies-doubts-over-uefi-secure-boot-solution

"For users performing local customization, they will have the ability to self-register their own trusted keys on their own systems at no cost."

Anyway it would be impossible for them to lock the hardware (as they do on game consoles), there's a lot of competition from China, they do not have control of that.


----------



## Crivens (Jun 7, 2012)

overmind said:
			
		

> http://linux.slashdot.org/story/12/06/06/1232243/red-hat-clarifies-doubts-over-uefi-secure-boot-solution
> 
> "For users performing local customization, they will have the ability to self-register their own trusted keys on their own systems at no cost."



To take a look into the black crystal ball (which is, sadly, the most accurate I have), this needs to be followed by "... from the running win-8, which will not tolerate any changes in mass storage it does not control, and also as long as no freak accident bug in the firmware messes this up" See also the link at the end of the post you linked to.

Also, when dealing with big players with big money interests in general and with microsoft in particular, the phrase "good faith" is something that would choke my speech center.

I would be happy to be proven wrong on this, sure I would.



			
				overmind said:
			
		

> Anyway it would be impossible for them to lock the hardware (as they do on game consoles), there's a lot of competition from China, they do not have control of that.



WTO? Patents? Fritzchip? 
It is a nice thought, but I would not rely on it. Too many interests are at stake here. Microsoft wants to make money and has spent much time and lobby money to get these ducks in that row. Your local police wants first the possibility and then the right to search your computer at any time. Running some obscure hacker OS can be such a problem to them simply helping themselves in their inqueries. And not automatically installing the Rootki...^h that _user experince enhancing software addon_ when inserting a music or video medium surely hurts the RIAA and MPAA for millions of dollars of lost sales. Each day. Or so they may think. And a lot more players are in there. Assuming they would not pull every lever in reach to do what is best for _them_ is a bit optimistic IMHO.

But again, I would be glad to be proven wrong.

Sorry for this long post. I know DD will need to read it and check for some typos therein, but I sadly lack the time to make it short.


----------



## overmind (Jun 7, 2012)

@Crivens

I hope you're wrong, but then (sadly) this is the direction we are going. Reading the daily news and seeing what laws are approved I think the direction is toward a global communism controlled by corporations. Hope I'm wrong too.


----------



## drhowarddrfine (Jun 11, 2012)

This is similar to what Microsoft did in the 90s by demanding hardware vendors make/sell computers that only run Windows. I filed a complaint with the US Justice Department's anti-trust division. The same that had oversight on Microsoft for over a decade (till just last year).


----------



## roddierod (Jun 11, 2012)

drhowarddrfine said:
			
		

> This is similar to what Microsoft did in the 90s by demanding hardware vendors make/sell computers that only run Windows. I filed a complaint with the US Justice Department's anti-trust division. The same that had oversight on Microsoft for over a decade (till just last year).



This has always been something that has bewildered me...how did the microsoft anti-trust suit get changed into the bundling IE with Windows suit? In the 90s...I seriously gave thought to starting a custom computer building business and if I had offered Windows as an OS option then I would have had to paid MS a license fee for every computer sold...even if windows was not installed on it! I thought the anti-trust case would focus on that sort of thing...but somehow it's focus went to something which seems like they have every right to do...never understood that.


----------



## da1 (Jun 11, 2012)

Microsoft did not pump that much money into lobby for nothing I think.


----------



## drhowarddrfine (Jun 11, 2012)

Any other US citizens who can also supply facts and concerns and knowledge can file a complaint here.


			
				roddierod said:
			
		

> This has always been something that has bewildered me...how did the microsoft anti-trust suit get changed into the bundling IE with Windows suit?


My memory is failing due to old age but it wasn't changed into that and only included it. Hardware vendors were no longer put under Microsoft's iron grip. That's the reason MSDN documentation got so much better over the years. All docs were reviewed by the Justice Department and anything missing got MS in hot water. In fact, the oversight was extended by a year when Microsoft dragged their feet a couple years ago.


----------



## roddierod (Jun 11, 2012)

drhowarddrfine said:
			
		

> Any other US citizens who can also supply facts and concerns and knowledge can file a complaint here.



I will keep this link and look into it thanks.



> My memory is failing due to old age but it wasn't changed into that and only included it. Hardware vendors were no longer put under Microsoft's iron grip. That's the reason MSDN documentation got so much better over the years. All docs were reviewed by the Justice Department and anything missing got MS in hot water. In fact, the oversight was extended by a year when Microsoft dragged their feet a couple years ago.



As I recall at the time, it seemed at least in the main stream news that the focus was on bundling software, which seems like that is something they should have the right to do. After all, no one has to buy their stuff. But forcing OEMs to pay fee for products that don't include your OS seemed to be pushed aside...at the time I trusted mainstream media so my perception my be clouded by that.


----------



## Crivens (Jun 11, 2012)

roddierod said:
			
		

> ... and if I had offered Windows as an OS option then I would have had to paid MS a license fee for every computer sold...


The OEMs here seem to have some different wording in that offer from MS. Writing into the offer that you have to sell windows with every machine would have got them into trouble I guess, so there must be a clause about "microsoft compatible OS", which is why some shops here toss a 3.5 floppy of FreeDOS into the box if you want it. Still got the one my wife was puzzled about when unboxing her laptop which *suprise* had no floppy drive.


----------



## drhowarddrfine (Jun 11, 2012)

roddierod said:
			
		

> As I recall at the time, it seemed at least in the main stream news that the focus was on bundling software, which seems like that is something they should have the right to do.


Microsoft hid a lot of their APIs from third-parties that made it difficult to make their software run. Some of the API documentation was just plain wrong. They also made life difficult for those who sold computers with any other OS on them. 

Bundling other software was OK but it locked out others. That can be OK, too, if you're not in a dominant situation (a monopoly on the desktop).


----------



## roddierod (Jun 11, 2012)

I'm just of the belief that their monopoly came from the licensing fees and it just seems to me that everything else stems from that.


----------



## kpa (Jun 11, 2012)

They will never be able to lock out the competing OSes on PC hardware and this thing not really about that, it's about warranty and support. With this system in place it's possible to detect if your Windows installation has been tampered with, already from the boot firmware, either by you or by malware/virus. If it turns out that you modified critical OS components with unsigned components, it's bye bye to warranty and support. No idea how they are going to deal with tampering by malware/viruses though.

Edit: There probably is such verification already in place in windows for critical OS files but the chain of trust does not cover the boot loader, a standard PC BIOS can not verify the authenticity of the boot loader code, this is what this system is probably intended for.


----------



## overmind (Jun 13, 2012)

http://www.wired.com/wiredenterprise/2012/06/microsoft-windows8-secure-boot/

I hope we still will be able to get hardware without boot protection, in the future. What Microsoft want to do is not called evolution.


----------

