User: Password:
|
|
Subscribe / Log in / New account

Implementing UEFI Secure Boot in Fedora

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 13:46 UTC (Thu) by thumperward (guest, #34368)
In reply to: Implementing UEFI Secure Boot in Fedora by sblack
Parent article: Implementing UEFI Secure Boot in Fedora

Right now, anyone can burn a Linux distro install CD, boot a PC fresh from the store from it and install the distro with zero or minimal pre-configuration (the only potential barrier being the BIOS boot order). It would be a step backwards not to be able to do that any more, which is the reality as soon as UEFI secure boot is enabled on new PC hardware (absent the work detailed in the article). This is likely to happen within a timespan of months.

Yes, in this case Linux is having to run as fast as it can just to stay in the same place. But there simply isn't an alternative. OEMs are not going to sacrifice their "Certified for Windows 8" stickers based on political pressure from the Linux desktop distributions. And users who are told that the only way to install Linux is to fiddle about in their computer settings in order to disable a security feature will simply not install Linux.


(Log in to post comments)

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 14:42 UTC (Thu) by pboddie (guest, #50784) [Link]

And once again we may ask where the regulatory authorities are.

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 15:02 UTC (Thu) by thumperward (guest, #34368) [Link]

On the platform upon which Microsoft has a monopoly on operating systems, the standard mandates that users be able to install their own keys (and thus be able to use the secure channel) or else disable secure boot. Moreover, Microsoft is not dictating that OEMs preinstall only Microsoft's key, or indeed that they preinstall it at all. It's all very well shouting "monopoly!" given the undoubted advantage this gives Microsoft over other OS vendors, but the standard already offers sufficient concessions to said vendors that they are not being shut out of x86 entirely. It's difficult to see what a regulatory body could add to that.

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 18:20 UTC (Thu) by pboddie (guest, #50784) [Link]

Microsoft never openly dictates what OEMs do, but the OEMs still manage to fall into line. Should no-one wonder why that is?

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 18:31 UTC (Thu) by thumperward (guest, #34368) [Link]

They are not "falling in line". They are "doing the bare minimum required to sell their product". And for the more Slashdot-prone in the audience, it is in fact the case that the sort of thing which saw Microsoft actually sanctioned for abusing their monopoly *was* "openly dictating what OEMs do", in the form of forbidding them to allow for dual boots at all. MS are being clever here and allowing simple economics to achieve the hoped-for result.

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 20:57 UTC (Thu) by drag (subscriber, #31333) [Link]

Yes. What Microsoft did that got them into trouble was restricting access to their software for companies that were selling rival operating systems.

So if you had a store and you were selling BeOS systems and Microsoft decided that they didn't like it then you would not only have to pay more for your Microsoft software you would get it later then your competitors which put you at in a potentially significant disadvantage.

Personally I think that they should of just let Microsoft do whatever they wanted. The whole lawsuit was just one fairly evil proprietary software company fighting against another fairly evil proprietary software corporation.

The difference between Microsoft and it's failed competition was not due to Microsoft being evil or monopolistic practices. They were all immoral. Microsoft was simply better ran company which sold cheaper software.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 12:01 UTC (Fri) by pboddie (guest, #50784) [Link]

I guess you both don't remember the days when Microsoft insisted on being paid licensing fees for every x86 CPU shipped in a computer regardless of whether any software was being provided at all, apparently justified after the fact by the same argument that has people paying the music and movie industries every time they buy blank media because they are, of course, going to use it to copy music and movies.

Whether such practices are enforced overtly or through "incentives" is not a distinction that should automatically determine whether a regulator should take action or not.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 17:04 UTC (Fri) by apoelstra (subscriber, #75205) [Link]

>Whether such practices are enforced overtly or through "incentives" is not a distinction that should automatically determine whether a regulator should take action or not.

It is, though, for the following reason:

"Incentive" implies some sort of trade-off (for example, Microsoft's bullying makes their software less useful and them less trustworthy, and they know they can only go so far before OEM's find it profitable to start selling no-OS or Linux systems).

It also requires the trade-off to be sustained for as long as Microsoft wants people to produce computers with their keys. So if Microsoft were to become a much smaller player in the market one day -- and looking at Windows 8, I expect this to happen soon -- they would be forced to stop pulling this crap.

To contrast, your example of us paying media companies for blank media, has none of the above. It was imposed by regulators (congress/parliament), working for a cabal of other regulators (RIAA/MPAA) with no trade-off, no choice, no accountability and no time limit. The fact is that the record companies would have failed years ago with such a poor business model, and the only reason they are alive today is because of regulatory capture.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 19:43 UTC (Fri) by pboddie (guest, #50784) [Link]

Firstly, you haven't really made the case for the distinction. Of course an incentive is a trade-off, but it's really just a way of pursuing the same policy without forcing anyone (the vendors or regulators) to take drastic action.

If vendors refused to follow any rules laid down by Microsoft, then Microsoft might deny them the ability to bundle Windows (technically or contractually), and that would potentially force them to look elsewhere for business or to complain about it to a higher power. However, since most vendors are heavily dependent on being able to provide Microsoft products because of the retail climate being distorted in the company's favour, most would be likely to go along with almost anything.

Offering incentives instead of making threats allows Microsoft to look like the good guy whilst making the transaction look like a positive thing, even though the effect of not taking up Microsoft's "generous" offer will result in relegation to a disadvantaged position for any vendor not wishing to play along.

And my example about blank media was concerned with per-processor licensing fees. The "justification" for this was that people would always be running Windows but might refuse to pay for it bundled, and that Microsoft should therefore get a guaranteed fee as compensation for all those "pirates" who couldn't possibly want to run anything else. The regulators put a stop to this, but then Microsoft went and integrated DOS and Windows shortly afterwards, so it was merely a tactical retreat to prevent more serious regulatory measures being imposed that might undermine that very strategy.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 13:59 UTC (Fri) by mcoleman (guest, #70990) [Link]

Re "It's difficult to see what a regulatory body could add to that.", let me help you out.

They could forbid this anti-competitive behavior.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 14:34 UTC (Fri) by thumperward (guest, #34368) [Link]

What "anticompetitive behaviour" are just suggesting be "forbidden" here? Do you suggest that a regulatory body could ban OEMs from shipping Microsoft's key, or demand that UEFI secure boot be disabled by default on all new computers, or that the Unified EFI Forum itself be disbanded and the standard torn up?

It is not difficult for any moderately intelligent person to see that at each stage, Microsoft has plenty of wiggle room in stating that choices are provided and that competitors are not locked out. Microsoft's lawyers would have no difficulty whatsoever in impressing that upon any regulatory body.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 16:46 UTC (Fri) by raven667 (subscriber, #5198) [Link]

Those are absurd suggestions, straw men to be easily dispatched. Other articles from Matt Garret discussed some alternative approaches to UEFI key management that could make this feature more vendor and user friendly that you may be interested in reading.

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 16:02 UTC (Thu) by drag (subscriber, #31333) [Link]

> And once again we may ask where the regulatory authorities are.

The regulatory authorities are happily making the situation vastly worse with implementing things like DMCA, ACTA, software patents, wiretapping efforts, copyright enforcement, etc etc.

They are not on your side. They will never be on your side.

Their purpose in life is just to do whatever will benefit themselves above all else and will happily side with whoever is able to provide them the most benefit. This usually is with whatever group will offer the most interesting chances at monetary and power gains.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 1:00 UTC (Fri) by nix (subscriber, #2304) [Link]

Yes, thank you, we all know your tiresome politics by now. Can't you take it to a blog post or something?

Implementing UEFI Secure Boot in Fedora

Posted Jun 2, 2012 11:59 UTC (Sat) by efraim (guest, #65977) [Link]

Actually I found the grand-parent post informative. Policy discussions (such as regulations) ARE inherently about politics.
So I would appreciate if you stop shutting up whoever voices a position you do not agree with.
Though I rarely post here I read the comments here a lot and I usually find your posts quite enlightening - this one is not.

Implementing UEFI Secure Boot in Fedora

Posted Jun 4, 2012 12:55 UTC (Mon) by nix (subscriber, #2304) [Link]

It's not that I disagree with his position, it's that he has only one position, and never backs it up beyond (as far as I can tell) an axiom that everything governments do is ipso facto bad while if a corporation does the exact same things it is ipso facto not bad, or at least not worth caring about. These axioms are sufficiently far removed from the realities of present-day political systems as not to be worth basing anything but pie-in-the-sky discussions on.

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 18:22 UTC (Thu) by nickbp (guest, #63605) [Link]

They're in the continual process of being de-funded.

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 19:06 UTC (Thu) by rgmoore (✭ supporter ✭, #75) [Link]

And once again we may ask where the regulatory authorities are.

In the pockets of the industries they're supposed to be regulating- exactly where the rich and powerful want them to be.

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 20:47 UTC (Thu) by drag (subscriber, #31333) [Link]

It makes it easier to understand what is going on when you realize that the people that run the regulatory agencies and the people that run the companies that are suppose to be regulated are pretty much the same group of people.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds