It seems like the solution is for every distro to use a bsd licensed bootloader, get it signed, and then have MS's boot loader chain load to it. WORST CASE SCENARIO.
I still don't know what all the fuss is about.
Just Give Me the Beans!
It seems like the solution is for every distro to use a bsd licensed bootloader, get it signed, and then have MS's boot loader chain load to it. WORST CASE SCENARIO.
I still don't know what all the fuss is about.
Cookies and cream
One does not anywhere near Microsoft's market share to trigger anti trust legislation. In Canada it can be as low as 35% for "market dominance" 60% if multiple companies are involved. To place things in perspective. Net Applications gives 92.9% market share to Microsoft for the desktop. http://marketshare.hitslink.com/oper...et-share.aspx? W3Schools which historically has the highest percentage for GNU / Linux places Microsoft's market share at over 85% http://www.w3schools.com/browsers/browsers_os.asp. So yes the situation is better that in 1998, but a drop from 97% to 93% does materially change the issue here when the threshold is in the 35% to 60% range.Originally Posted by Spice Weasel
Frothy Coffee!
What I think will happen:
You go to the IT guy at a school or public institution and suggest Linux. You have prepared a live-USB with educational software and some bling. Last year they would have been hesitant at first. You show them the software and the bling. They have a printer or webcam? Plug it in and viola, no hassle downloading drivers or anything. It just works. They are impressed. They'll not switch right now, of course, but in the back of their mind, they know there is an promising alternative to look in to.
Next year, you ask if you can demo this live-USB. Okay. The boot screen beeps and says "Loading of illegal or harmful software has been prevented. Microsoft have saved you." Now, the IT guy has other things to do and ask you to leave. In the back of their mind, they associate Linux with "illegal" and "dangerous", and they associate Microsoft with comfy and safety.
The legislators will love it too. Computers will handle electronic money, electronic voting, many things important that must not be tampered with. Legislators don't know how encryption works, so they think authorities need to supervise all computer devices: desktops, laptops, phones. They will want to make it illegal to connect a jailbroken computer to the internet. Microsoft will fulfill their dreams.
I am not very optimistic.
Skinny Soy Caramel Ubuntu
This is a special case. The Microsoft haters can howl at the big bad wolf, and the Linux haters have a nice "argument" against the GPL. It's a win-win for everybody, you don't get flame war opportunities like this every day.
Tea Glorious Tea!
Or, use a BSD-licensed bootloader, include the keys and, voila! None of these problems are even considered!
The above post definitely does not contain any sarcasm at all.
Frothy Coffee!
or go into the UEFI setting and disable secure boot then proceed as normal
The best things in life are free
Tea Glorious Tea!
Or this. Why does everything have to be a conspiracy theory?
The above post definitely does not contain any sarcasm at all.
I Ubuntu, Therefore, I Am
On the face of it, I tend to agree that it would be a very bad business decision to omit this option; however, part of the reason this firestorm began is the claim by Matthew Garrett in his second blog post on the subject that "we've already been informed by hardware vendors that some hardware will not have this option" (that is, to disable secure boot). Matthew Garrett is a Red Hat employee, so I take his "we" to refer to communications between Red Hat and hardware vendors. The question is just what "some" means -- it could be one or two models from rinky-dink manufacturers or 99% of all PCs sold at retail.
"At least one" doing the right thing is a ridiculously low bar for acceptability. If Linux is to remain competitive, particularly as an option in the home market, it must be able to be installed to the vast majority of PCs. How many people here tried Linux for the first time on a computer that was purchased explicitly to run Linux? Not many, I'd wager. If Joe User can't run Linux on a box originally purchased with Windows, with no original intent to ever run anything else, then Linux loses out big time.So the likelihood of at least one OEM doing it is extremely high IMO, especially in those products catering to parts of the market likely to be building from scratch and installing their own OS (eg: car PCs, HTPCs, barebones servers, etc)
You're glossing over the signing issue. In the worst-case scenario, there are two roads to getting software signed to work on Brand X computers:
- Get Microsoft to sign it.
- Get Brand X to sign it.
I'd be flabbergasted if Microsoft would be willing to sign a Linux boot loader, especially one that's capable of running any distribution's kernel.
That leaves the PC manufacturers themselves. Some of them might be willing to sign Linux boot loaders, but given the number of distributions and the security hurdles to be overcome to ensure that any given boot loader can't be used to load malware, this seems like a major obstacle. Note I'm not saying it's impossible on a case-by-case basis, but it's nowhere near the trivial task you seem to be suggesting. If I were a PC manufacturer being asked to sign a Linux distribution's boot loader, I'd be asking questions like "can the boot loader load a kernel you didn't create" and "can software run on Linux modify the boot options to run malware rather than the usual startup scripts in your distribution?" The answers to these questions with current Linux boot loaders are both "yes," and "yes" answers to these questions would make me, Mr. PC Vendor, very reluctant to sign the boot loader. In other words, to get Linux boot loaders signed, the Linux boot process must likely become much more restrictive than it is now.
Furthermore, there's the fact that there are many different PC brands, so a distribution vendor would have to go through the whole process with each and every PC brand. If there were a centralized authority for getting keys signed so that they ended up in every PC, this problem would become more manageable.
The bottom line is this: If a PC is locked down with secure boot and if the owner of the computer cannot override those settings, then the owner of the computer does not control the computer. The owner is at the mercy of those who control the signing keys to determine what software the computer runs. Only if the computers' owners can disable the feature or add keys themselves do the computers truly belong to the people who nominally own them.
If I've suggested a solution to a problem and you're not the original poster, do not try my solution! Problems can seem similar but be different, and a good solution to one problem can make another worse. Post a new thread with your problem details.
I Ubuntu, Therefore, I Am
If you can! That's the whole point! There's no guarantee that you'll have the ability to do this on your own computer!
Ditto. There is no guarantee that manufacturers will include these features. They might. I think it would be stupid of them not to do so, but I'm not the one who's running PC companies. Matthew Garret has claimed that he's heard at least "some" computers will lack this ability. Until we know what "some" means, we won't be able to judge the severity of the threat.
If I've suggested a solution to a problem and you're not the original poster, do not try my solution! Problems can seem similar but be different, and a good solution to one problem can make another worse. Post a new thread with your problem details.
Tea Glorious Tea!
They will if they don't want to be beaten over the head by the DOJ. As long as it's not going to compromise the safety of the system (that is, releasing the source of the keys to the public), they have no authority to refuse signing the bootloader.
The above post definitely does not contain any sarcasm at all.
Posting Permissions
Adv Reply
Bookmarks