FSF Campaigns Against Windows 8's Secure Boot
The Free Software Foundation (FSF) has initiated a campaign against the Secure Boot feature in Windows 8.
By design, the feature is intended to keep unwanted and potentially malicious software off a system by preventing unauthorized binaries to load during the boot process. However, the FSF believes that this technology could be abused and simply be used to not allow users to load certain free software.
"We are concerned that Microsoft and hardware manufacturers will implement these boot restrictions in a way that will prevent users from booting anything other than Windows," wrote Matt Lee in a post on the FSF website. "In this case, a better name for the technology might be Restricted Boot, since such a requirement would be a disastrous restriction on computer users and not a security feature at all."
Lee suggests that users should keep their ability to decide whether they want to enable or disable boot restrictions and there should be a way that will allow users to install a free OS.
"Computer owners must not be required to seek external authorization to exercise their freedoms," Lee wrote. If Windows 8 will prevent users from installing a free OS, Lee believes the result may be "complicated and risky measures to circumvent the restrictions", and the " popular trend of reviving old hardware with GNU/Linux would come to an end."
It's a good idea to keep an eye on such new features, but I would think that it is rather unlikely that Microsoft will shut out other OS from its Windows 8 platform. If Microsoft was almost broken up over the integration of IE in Windows, it's fairly easy to imagine the potential antitrust effects if it were to shut out other operating systems.
- Microsoft Windows,
- Microsoft,
- fsf ,
- windows-8 ,
- security ,
- secure-boot ,
- linux
- U.S. Advises Secure Control Systems Against Anonymous
- ARM-powered Ubuntu 'Webbook" Launches in South Africa
- StarCraft Universe Mod Finally Goes Into Limited Preview
- VIDEO: Nvidia Tegra 3 Kal-El Promo Video
- Intel to Sell Ivy Bridge Late in Q4 2011
- Deals Oct 19: 120GB SanDisk Ultra SSD $129.99 FS
- Apple Announces Quarterly Earnings, Misses Expectations
- Ultrabooks May Use Hybrid Storage to Cut Costs
- Relax, a Cyber War May Never Happen
- Opinion: Intel is Underestimating ARM
- ARM Reveals Cortex-A7 Chip, big.LITTLE Processing
- U.S. and China Bicker Over China's 'Great Firewall'
- Deals Oct 20: Dell 1130 Mono Laser Printer $54 FS
- AMD, BlueStacks Team Up for Android Apps on x86
- Chrome 17 Gets HTTP Pipelining
- New OCZ SSD Line Offers 1 TB, "Instant On" Support
- Report: Microsoft Interested in Buying Yahoo Again
- Nvidia Confirms Tegra's 'Superhero' Roadmap
For fear of antitrust Microsoft might be shamed out of this but I could see Apple using this.
There's an option in BIOS/UEFI to disable this, no? Maybe the main the worry is that some manufacturers will take out that ability. Other than that... how is this more secure? I'm tempted to believe that this is like the key thing with Blu-Ray. It'll only be a matter of time before someone gets a valid key.
For fear of antitrust Microsoft might be shamed out of this but I could see Apple using this.
Apple does this already. It's a combination of requiring UEFI (which most PCs don't have) and Intel's TPM chip. I think.
Depends on the motherboard, xenol. I can see the OEM's (HP, Dell, etc) not allowing this to be disabled on their motherboards. However, if motherboard manufactures prevents this from being disabled on enthusiasts motherboards, it will make me think twice before installing Windows ever again.
this very uncool. microsoft(and manufacturers) should let users choose which os to boot from.
this aint secure boot. this is no linux on this pc cuz i r ballmer boot.
if apple does this already with their pcs then they should sue microsoft for patent infringement and get it disabled/removed, in which case linux/fsf wins.
on the other hand, apple might be happy since this will make building hackintosh with a windows 8.0 pc harder.
I thought MS already came out and stated that you will be able to turn off Secure Boot in the bios. Furthermore what does MS even have to do with it, they do not make motherboards. So why would say Asus and Msi and Gigabyte want to limit the OS their customers can use on the hardware they sell?
Actually, there is a very simple solution for this. Add a physical jumper on the motherboard. If the connection is made, then it runs secure boot, if the connection is not made it boots like any current PC. Since it is a physical switch it wouldn't be susceptible to malicious attacks.
I dont see think this will be a problem with hardware makers like asus or gigabyte. they will certianly have an option to turn this off. but i can see OEM's like Dell, HP, or Lenovo using this. in fact they may go even further and use it to even prevent OS upgrades. when i worked for an OEM tech support department early in my career, there policy was we only support the orignal OS that shipped on the system. so if you upgraded from 98 to 2k or XP you were SOL. no more support if things went wrong. I can see OEMs using this to restrict upgrades as well.
GTFO, Linux fanboys... you don't NEED new hardware. You can play around with your toys on a Core 2 Duo. In fact, 11.04 boots on a Core 2 Duo faster than it does than on my Core i7, and it doesn't support Turbo Boost and glitches with my GPU even though the proprietary drivers are there.
I think that Linux users are tech-savvy enough to NOT buy prebuilt PCs, and on non-prebuilt there will be an option to disable this.
Keep protesting. I'll laugh just like I laughed when Linux users "demanded" Steam. They don't really need any of it, they just want to pretend that someone actually gives a $h!t about them.
Apple does this already. It's a combination of requiring UEFI (which most PCs don't have) and Intel's TPM chip. I think.
The differenc is that it's to prevent the Mac OS from being installed in other non-mac computers. I can still install other OSes on mac computers.
GTFO, Linux fanboys... you don't NEED new hardware. You can play around with your toys on a Core 2 Duo. In fact, 11.04 boots on a Core 2 Duo faster than it does than on my Core i7, and it doesn't support Turbo Boost and glitches with my GPU even though the proprietary drivers are there.I think that Linux users are tech-savvy enough to NOT buy prebuilt PCs, and on non-prebuilt there will be an option to disable this.Keep protesting. I'll laugh just like I laughed when Linux users "demanded" Steam. They don't really need any of it, they just want to pretend that someone actually gives a $h!t about them.
What about laptops?
It can be disabled
http://www.omgubuntu.co.uk/2011/09 [...] x-worries/
GTFO, Linux fanboys... you don't NEED new hardware. You can play around with your toys on a Core 2 Duo. In fact, 11.04 boots on a Core 2 Duo faster than it does than on my Core i7, and it doesn't support Turbo Boost and glitches with my GPU even though the proprietary drivers are there.I think that Linux users are tech-savvy enough to NOT buy prebuilt PCs, and on non-prebuilt there will be an option to disable this.Keep protesting. I'll laugh just like I laughed when Linux users "demanded" Steam. They don't really need any of it, they just want to pretend that someone actually gives a $h!t about them.
I know this is trollbait and all, but I just want everyone else reading this comment thread to know the reason the FSF is protesting this is that it basically does what Apple does with mac hardware, where the bios doesn't allow for any OS except OSX (in this case, windows) to boot, and since M$ is pushing EUFI in Windows 8, and most hardware manufacturers are swapping to it, all it takes is a little illicit pocket change from M$ to get asus msi etc to just take the secure boot toggle out of their BIOSes on preinstalled windows boxes.
Every linux user now would not care the difference, we could flash the bios and do whatever we wanted, and we wouldn't get a system with Windows preinstalled. But for every Joe Shmoe computer user, this basically removes the ability to OS switch completely. And when it comes to laptops, without a unified component standard like ATX is for desktop we cant custom build laptops so we have to go through 3rd party distributors that M$ can buy out to preinstall windows 8 with secure boot disasbled and it will be a pain to reflash the bios.
GTFO, Linux fanboys... you don't NEED new hardware. You can play around with your toys on a Core 2 Duo. In fact, 11.04 boots on a Core 2 Duo faster than it does than on my Core i7, and it doesn't support Turbo Boost and glitches with my GPU even though the proprietary drivers are there.
I think that Linux users are tech-savvy enough to NOT buy prebuilt PCs, and on non-prebuilt there will be an option to disable this.
Keep protesting. I'll laugh just like I laughed when Linux users "demanded" Steam. They don't really need any of it, they just want to pretend that someone actually gives a $h!t about them.
I re-purpose discarded computers and laptops (mostly from DELL) for people who can't afford new PCs, but need a word processor and an internet connection. In 10 years I'll be doing it with i7's and whatever else is bleeding edge now. I am savvy enough to not buy prebuilt but I still use them.
EDIT: I'll also say that as much as I love Windows, Microsoft needs to fix the problem of malicious code running in Windows before they fix a problem that doesn't even exist.
For fear of antitrust Microsoft might be shamed out of this but I could see Apple using this.
Apple already does do this.
It crushed Psystar to death.
If Linux wants to be able to install on any hardware, how about it ponys up some cash for a change instead of thinking that free software also means free IT industry.
Here are the facts:
There is currently no way to prevent a rootkit from loading before an OS. Since Windows is the most popular OS, most rootkits are written to target it. Since a rootkit loads before the OS, it is free to modify OS files and is able to run in such a way as to remain undetectable.
To remedy this, the new UEFI bios supports a secure certificate service. This service checks to ensure the OS boot files have not been tampered with before handing the system over to the boot loaders on the hard drive.
Because the UEFI bios is able to step in before the OS/rootkits are loaded, it can securely ensure the OS has not been tampered with.
The whole uproar is because Microsoft, as part of their logo requirements, is dictating that this feature be enabled by default on all PCs shipping with Windows 8.
Since the motherboard manufacturers are responsible for the BIOS implementation, it is up to them as to whether to allow a BIOS setting that enables/disables the secure boot service.
This is where the Linux folks and FSF take issue.
The reality is that no motherboard manufacturer in their right mind would leave out the option to disable secure boot, as this would restrict the computer to Windows 8. No previous version of Windows, no versions of Linux... nothing else could be used on that computer. The customer outcry would be deafening. There is no incentive to leave this option out of the BIOS.
I think the uproar is unwarranted for two reasons. One is that the market reality dictates that this should be a customer choice. The other reason is that if the open source movement were smart, they too would integrate secure boot into Linux, since any OS that doesn't support it is vulnerable to rootkits.
GTFO, Linux fanboys... you don't NEED new hardware. You can play around with your toys on a Core 2 Duo. In fact, 11.04 boots on a Core 2 Duo faster than it does than on my Core i7, and it doesn't support Turbo Boost and glitches with my GPU even though the proprietary drivers are there.I think that Linux users are tech-savvy enough to NOT buy prebuilt PCs, and on non-prebuilt there will be an option to disable this.Keep protesting. I'll laugh just like I laughed when Linux users "demanded" Steam. They don't really need any of it, they just want to pretend that someone actually gives a $h!t about them.
So much hate for Linux... Yet most of the world's web servers alone run on some flavor of Linux. Basically, you hate the interwebz!
=P
On a more serious note, I use Linux because it's free, and because it's not bloated, and because it doesn't crash every few days. I do have a copy of Windows Server 2008 (saved from my MSDNAA days), and I still prefer running good ol' Ubuntu Server LTS instead. I prefer it over Windows server 2008, despite the fact that I'm a total Linux newb.
this feature will not limit the installation of GNU/Linux distributions. Microsoft is hardly worried about legitimate unix distributions and more concerned with hacked versions of their own software and Operating systems. Microsoft will keep things open. don't worry.
"It can be disabled" Not on all computers, if OEM manufactures remove the option to disable secure boot and I look for them not to have the option that way they can control certificates for drivers so people haft to buy replacement and upgrade parts from them.
"It can be disabled" Not on all computers, if OEM manufactures remove the option to disable secure boot and I look for them not to have the option that way they can control certificates for drivers so people haft to buy replacement and upgrade parts from them.
If that's the case, then their customer base will drop significantly, at least in the desktop sector. However, I think the one sector that will play a major role is the corporate sector. Corporations are slow to adopt a new OS, thus, if the OEMs want the option to provide Windows 8, but need to provide the older OS (Windows 7, in this case) or even Linux, they would be stupid not to include this option and let the company's IT department fiddle with it.
Lee just wants to be able to keep writing Viruses ( Free software ) to give/infect the Window user's. No virus for Linux because all the hack's use it. I'm not say all Linux user are hackers, but all hacker use Linux.
I know this is trollbait and all, but I just want everyone else reading this comment thread to know the reason the FSF is protesting this is that it basically does what Apple does with mac hardware, where the bios doesn't allow for any OS except OSX (in this case, windows) to boot, and since M$ is pushing EUFI in Windows 8, and most hardware manufacturers are swapping to it, all it takes is a little illicit pocket change from M$ to get asus msi etc to just take the secure boot toggle out of their BIOSes on preinstalled windows boxes.Every linux user now would not care the difference, we could flash the bios and do whatever we wanted, and we wouldn't get a system with Windows preinstalled. But for every Joe Shmoe computer user, this basically removes the ability to OS switch completely. And when it comes to laptops, without a unified component standard like ATX is for desktop we cant custom build laptops so we have to go through 3rd party distributors that M$ can buy out to preinstall windows 8 with secure boot disasbled and it will be a pain to reflash the bios.
Average consumer should stay the hell away from Linux. Got that?
Lee just wants to be able to keep writing Viruses ( Free software ) to give/infect the Window user's. No virus for Linux because all the hack's use it. I'm not say all Linux user are hackers, but all hacker use Linux.
Nonsense.
this feature will not limit the installation of GNU/Linux distributions. Microsoft is hardly worried about legitimate unix distributions and more concerned with hacked versions of their own software and Operating systems. Microsoft will keep things open. don't worry.
My point. Linux doesn't threaten MS at all on the consumer PCs.
So much hate for Linux... Yet most of the world's web servers alone run on some flavor of Linux. Basically, you hate the interwebz!=POn a more serious note, I use Linux because it's free, and because it's not bloated, and because it doesn't crash every few days. I do have a copy of Windows Server 2008 (saved from my MSDNAA days), and I still prefer running good ol' Ubuntu Server LTS instead. I prefer it over Windows server 2008, despite the fact that I'm a total Linux newb.
Why should a commercial organisation, such as a motherboard vendor, go out of their way to support an OS that does nothing to provide any capital input?
This is not Linux vs Windows.
When Linux pays money into the IT industry it can ask for whatever it wants, until then it can't complain because it has had a free ride so far.
This benefits Microsoft too, cause they can issues secure boot updates that prevent the current OS from booting, and if people don't update their secure boot version, Microsoft can add a automatic update to windows it self to prevent it from running on earlier versions of secure. If they do this people will haft to upgrade their current version of windows or buy a new computer with the version of windows already installed.
Apple does this already. It's a combination of requiring UEFI (which most PCs don't have) and Intel's TPM chip. I think.
U can install any OS you want on a Mac.
Not being able to install Mac OS on non-Apple hardware is a different thing.
Here's the thing, why don't they wait until these new SecureBoot systems are in place, then modify the next version of the distro to be compliant with the required standards?
Wringing your hands that you are unable to install a 5 year old version of Ubuntu on a cutting edge bit of secure hardware is a bit of a stretch isn't it? Work with the industry, not against it.
Even better, manufacture and sell your own "Linux friendly" hardware
...
No?
Didn't think so.
Why should a commercial organisation, such as a motherboard vendor, go out of their way to support an OS that does nothing to provide any capital input?This is not Linux vs Windows.When Linux pays money into the IT industry it can ask for whatever it wants, until then it can't complain because it has had a free ride so far.
That's right. Microsoft pays Intel, nVidia, AMD and others to make sure everything is compatible, and that makes sense. So does Apple. Linux doesn't, hence half-assed support for all the new hardware.
I wonder, are all these hours of "open source enthusiasts" coding their own drivers instead of using the manufacturer's ones worth it?
I re-purpose discarded computers and laptops (mostly from DELL) for people who can't afford new PCs, but need a word processor and an internet connection. In 10 years I'll be doing it with i7's and whatever else is bleeding edge now. I am savvy enough to not buy prebuilt but I still use them.EDIT: I'll also say that as much as I love Windows, Microsoft needs to fix the problem of malicious code running in Windows before they fix a problem that doesn't even exist.
As much as I think your work benefits the people, I'm sorry to say, but the IT industry doesn't care where modern laptops will end up in ten years.
this very uncool. microsoft(and manufacturers) should let users choose which os to boot from. this aint secure boot. this is no linux on this pc cuz i r ballmer boot.if apple does this already with their pcs then they should sue microsoft for patent infringement and get it disabled/removed, in which case linux/fsf wins. on the other hand, apple might be happy since this will make building hackintosh with a windows 8.0 pc harder.
They've (MS) has already said that they're not going to limit boot to ONLY Windows, only that you need a trusted installation of Linux (which they can do easily)
And Apple is NOT happy with hakintoshes. They want OSX run only on Apple hardware. They're already limiting what can be installed on their boxes; and they only want their software installed on their boxes.
They've (MS) has already said that they're not going to limit boot to ONLY Windows, only that you need a trusted installation of Linux (which they can do easily) And Apple is NOT happy with hakintoshes. They want OSX run only on Apple hardware. They're already limiting what can be installed on their boxes; and they only want their software installed on their boxes.
Of course Apple is unhappy. And that's great.
Since the motherboard manufacturers are responsible for the BIOS implementation, it is up to them as to whether to allow a BIOS setting that enables/disables the secure boot service. This is where the Linux folks and FSF take issue.The reality is that no motherboard manufacturer in their right mind would leave out the option to disable secure boot, as this would restrict the computer to Windows 8. No previous version of Windows, no versions of Linux... nothing else could be used on that computer. The customer outcry would be deafening.
You are absolutely right that it is up to the motherboard manufacturers to provide a mechanism to disable it. However, I do not share your optimism that there would be a huge outcry that would make the manufacturers take notice if they did not provide a way of disabling it. Right now if you try to report BIOS issues for example to most consumer motherboard manufacturers or OEMS the answer all to many times is "it works fine in windows and that is what we support". You can also see how well the manufacturers have responded to items like providing a mechanism to utilize disable items like Optimus laptops so that something other then Windows can use the discreet GPU.