User: Password:
|
|
Subscribe / Log in / New account

Implementing UEFI Secure Boot in Fedora

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 15:02 UTC (Thu) by thumperward (guest, #34368)
In reply to: Implementing UEFI Secure Boot in Fedora by pboddie
Parent article: Implementing UEFI Secure Boot in Fedora

On the platform upon which Microsoft has a monopoly on operating systems, the standard mandates that users be able to install their own keys (and thus be able to use the secure channel) or else disable secure boot. Moreover, Microsoft is not dictating that OEMs preinstall only Microsoft's key, or indeed that they preinstall it at all. It's all very well shouting "monopoly!" given the undoubted advantage this gives Microsoft over other OS vendors, but the standard already offers sufficient concessions to said vendors that they are not being shut out of x86 entirely. It's difficult to see what a regulatory body could add to that.


(Log in to post comments)

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 18:20 UTC (Thu) by pboddie (guest, #50784) [Link]

Microsoft never openly dictates what OEMs do, but the OEMs still manage to fall into line. Should no-one wonder why that is?

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 18:31 UTC (Thu) by thumperward (guest, #34368) [Link]

They are not "falling in line". They are "doing the bare minimum required to sell their product". And for the more Slashdot-prone in the audience, it is in fact the case that the sort of thing which saw Microsoft actually sanctioned for abusing their monopoly *was* "openly dictating what OEMs do", in the form of forbidding them to allow for dual boots at all. MS are being clever here and allowing simple economics to achieve the hoped-for result.

Implementing UEFI Secure Boot in Fedora

Posted May 31, 2012 20:57 UTC (Thu) by drag (subscriber, #31333) [Link]

Yes. What Microsoft did that got them into trouble was restricting access to their software for companies that were selling rival operating systems.

So if you had a store and you were selling BeOS systems and Microsoft decided that they didn't like it then you would not only have to pay more for your Microsoft software you would get it later then your competitors which put you at in a potentially significant disadvantage.

Personally I think that they should of just let Microsoft do whatever they wanted. The whole lawsuit was just one fairly evil proprietary software company fighting against another fairly evil proprietary software corporation.

The difference between Microsoft and it's failed competition was not due to Microsoft being evil or monopolistic practices. They were all immoral. Microsoft was simply better ran company which sold cheaper software.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 12:01 UTC (Fri) by pboddie (guest, #50784) [Link]

I guess you both don't remember the days when Microsoft insisted on being paid licensing fees for every x86 CPU shipped in a computer regardless of whether any software was being provided at all, apparently justified after the fact by the same argument that has people paying the music and movie industries every time they buy blank media because they are, of course, going to use it to copy music and movies.

Whether such practices are enforced overtly or through "incentives" is not a distinction that should automatically determine whether a regulator should take action or not.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 17:04 UTC (Fri) by apoelstra (subscriber, #75205) [Link]

>Whether such practices are enforced overtly or through "incentives" is not a distinction that should automatically determine whether a regulator should take action or not.

It is, though, for the following reason:

"Incentive" implies some sort of trade-off (for example, Microsoft's bullying makes their software less useful and them less trustworthy, and they know they can only go so far before OEM's find it profitable to start selling no-OS or Linux systems).

It also requires the trade-off to be sustained for as long as Microsoft wants people to produce computers with their keys. So if Microsoft were to become a much smaller player in the market one day -- and looking at Windows 8, I expect this to happen soon -- they would be forced to stop pulling this crap.

To contrast, your example of us paying media companies for blank media, has none of the above. It was imposed by regulators (congress/parliament), working for a cabal of other regulators (RIAA/MPAA) with no trade-off, no choice, no accountability and no time limit. The fact is that the record companies would have failed years ago with such a poor business model, and the only reason they are alive today is because of regulatory capture.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 19:43 UTC (Fri) by pboddie (guest, #50784) [Link]

Firstly, you haven't really made the case for the distinction. Of course an incentive is a trade-off, but it's really just a way of pursuing the same policy without forcing anyone (the vendors or regulators) to take drastic action.

If vendors refused to follow any rules laid down by Microsoft, then Microsoft might deny them the ability to bundle Windows (technically or contractually), and that would potentially force them to look elsewhere for business or to complain about it to a higher power. However, since most vendors are heavily dependent on being able to provide Microsoft products because of the retail climate being distorted in the company's favour, most would be likely to go along with almost anything.

Offering incentives instead of making threats allows Microsoft to look like the good guy whilst making the transaction look like a positive thing, even though the effect of not taking up Microsoft's "generous" offer will result in relegation to a disadvantaged position for any vendor not wishing to play along.

And my example about blank media was concerned with per-processor licensing fees. The "justification" for this was that people would always be running Windows but might refuse to pay for it bundled, and that Microsoft should therefore get a guaranteed fee as compensation for all those "pirates" who couldn't possibly want to run anything else. The regulators put a stop to this, but then Microsoft went and integrated DOS and Windows shortly afterwards, so it was merely a tactical retreat to prevent more serious regulatory measures being imposed that might undermine that very strategy.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 13:59 UTC (Fri) by mcoleman (guest, #70990) [Link]

Re "It's difficult to see what a regulatory body could add to that.", let me help you out.

They could forbid this anti-competitive behavior.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 14:34 UTC (Fri) by thumperward (guest, #34368) [Link]

What "anticompetitive behaviour" are just suggesting be "forbidden" here? Do you suggest that a regulatory body could ban OEMs from shipping Microsoft's key, or demand that UEFI secure boot be disabled by default on all new computers, or that the Unified EFI Forum itself be disbanded and the standard torn up?

It is not difficult for any moderately intelligent person to see that at each stage, Microsoft has plenty of wiggle room in stating that choices are provided and that competitors are not locked out. Microsoft's lawyers would have no difficulty whatsoever in impressing that upon any regulatory body.

Implementing UEFI Secure Boot in Fedora

Posted Jun 1, 2012 16:46 UTC (Fri) by raven667 (subscriber, #5198) [Link]

Those are absurd suggestions, straw men to be easily dispatched. Other articles from Matt Garret discussed some alternative approaches to UEFI key management that could make this feature more vendor and user friendly that you may be interested in reading.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds