FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 06-25-2012, 05:24 PM
Thomas Bächler
 
Default Campaign against Secure Boot

Am 25.06.2012 18:37, schrieb Kevin Chadwick:
>>>
>>> If I understand it right, in Setup Mode, you can either boot any
>>> non-signed operating system, or you can import your own keys into the
>>> firmware, so that you can sign your own bootloaders. For me, this is
>>> enough to not care about Secure Boot.
>>>
>
> I didn't know key replacement was a requirement for MS certification.
> That's better than I thought, however.
>
> You can only have one key and so it's a barrier to competition via
> preventing trying out other OS's on a whim!!. To multiboot you have to
> pay and spend a lot of time. Having authorisation to disable it
> completely but not import multiple keys simply doesn't make sense.

I don't think so. I need to verify this, but if I remember right, you
can simply sign Microsoft's key so Windows 8 is also trusted by your own
key.
 
Old 06-25-2012, 05:44 PM
Ralf Mardorf
 
Default Campaign against Secure Boot

On Mon, 2012-06-25 at 19:24 +0200, Thomas Bächler wrote:
> Am 25.06.2012 18:37, schrieb Kevin Chadwick:
> >>>
> >>> If I understand it right, in Setup Mode, you can either boot any
> >>> non-signed operating system, or you can import your own keys into the
> >>> firmware, so that you can sign your own bootloaders. For me, this is
> >>> enough to not care about Secure Boot.
> >>>
> >
> > I didn't know key replacement was a requirement for MS certification.
> > That's better than I thought, however.
> >
> > You can only have one key and so it's a barrier to competition via
> > preventing trying out other OS's on a whim!!. To multiboot you have to
> > pay and spend a lot of time. Having authorisation to disable it
> > completely but not import multiple keys simply doesn't make sense.
>
> I don't think so. I need to verify this, but if I remember right, you
> can simply sign Microsoft's key so Windows 8 is also trusted by your own
> key.

Pff, I need to build my own kernels, to optimize to my needs and I won't
care about a boot-boot-loader or any singing. Ok, I don't have any
Windows installed (excepted of XP on Arch on VBox) and I won't install
Windoof 8. Try an educated guess! In Europe M$ does violate laws, but M$
simply pays the punishment by pocket money/stamp coffer ... dunno how
the idiom is called in English, but I suspect you understand.

However, isn't is suspect that the name "Microsoft" always comes along
with UEFI?!

I don't have tendencies to believe in conspiracy theories! I simply
don't trust this situation any longer. Again, at first I didn't care,
now I'm completely against it.
 
Old 06-25-2012, 05:45 PM
Manolo Martínez
 
Default Campaign against Secure Boot

On 06/25/12 at 05:59pm, Ralf Mardorf wrote:
> We
> already know, that UEFI can't be disabled for every hardware .


That's what I thought, too. Also: the point is not just whether there
are technical ways around Secure Boot, but whether this will raise the
technical entry barrier to FOSS, making it unacceptably cumbersome to
many. I hope everyone agrees that this would be bad news.

Manolo
 
Old 06-25-2012, 05:54 PM
Ralf Mardorf
 
Default Campaign against Secure Boot

On Mon, 2012-06-25 at 13:45 -0400, Manolo Martínez wrote:
> On 06/25/12 at 05:59pm, Ralf Mardorf wrote:
> > We
> > already know, that UEFI can't be disabled for every hardware .
>
>
> That's what I thought, too. Also: the point is not just whether there
> are technical ways around Secure Boot, but whether this will raise the
> technical entry barrier to FOSS, making it unacceptably cumbersome to
> many. I hope everyone agrees that this would be bad news.

+1 (for your statement, not for the UEFI crap
 
Old 06-25-2012, 06:26 PM
Arno Gaboury
 
Default Campaign against Secure Boot

On 06/25/2012 07:44 PM, Ralf Mardorf wrote:

On Mon, 2012-06-25 at 19:24 +0200, Thomas Bächler wrote:

Am 25.06.2012 18:37, schrieb Kevin Chadwick:

If I understand it right, in Setup Mode, you can either boot any
non-signed operating system, or you can import your own keys into the
firmware, so that you can sign your own bootloaders. For me, this is
enough to not care about Secure Boot.


I didn't know key replacement was a requirement for MS certification.
That's better than I thought, however.

You can only have one key and so it's a barrier to competition via
preventing trying out other OS's on a whim!!. To multiboot you have to
pay and spend a lot of time. Having authorisation to disable it
completely but not import multiple keys simply doesn't make sense.

I don't think so. I need to verify this, but if I remember right, you
can simply sign Microsoft's key so Windows 8 is also trusted by your own
key.

Pff, I need to build my own kernels, to optimize to my needs and*I won't
care about a boot-boot-loader or any singing.* Ok, I don't have any
Windows installed (*excepted of XP on Arch on VBox*) and I won't install
Windoof 8. Try an educated guess! In Europe M$ does violate laws, but M$
simply pays the punishment by pocket money/stamp coffer ... dunno how
the idiom is called in English, but I suspect you understand.

However, isn't is suspect that the name "Microsoft" always comes along
with UEFI?!

I don't have tendencies to believe in conspiracy theories! I simply
don't trust this situation any longer. Again, at first I didn't care,
now I'm completely against it.

I am following this thread, and honestly, who needs to dual boot today?
I do not see anmore the need of it, as LVM is matured enough to avoid
anyway the pain of rebooting to run winoz, no?
We all know Apfle and Winoz are not playing the game and try to close
everything, no?


Just my 2 cents in this vibrant debate.
 
Old 06-25-2012, 06:27 PM
Ralf Mardorf
 
Default Campaign against Secure Boot

On Mon, 2012-06-25 at 19:54 +0200, Ralf Mardorf wrote:
> On Mon, 2012-06-25 at 13:45 -0400, Manolo Martínez wrote:
> > On 06/25/12 at 05:59pm, Ralf Mardorf wrote:
> > > We
> > > already know, that UEFI can't be disabled for every hardware .
> >
> >
> > That's what I thought, too. Also: the point is not just whether
> there
> > are technical ways around Secure Boot, but whether this will raise
> the
> > technical entry barrier to FOSS, making it unacceptably cumbersome
> to
> > many. I hope everyone agrees that this would be bad news.
>
> +1 (for your statement, not for the UEFI crap

PS: Some people with much more knowledge than I've got explained why
UEFI isn't secure in the way it's supposed to be secure. IMO it might be
possible that it's only to get rid of FLOSS OSes. They anyway won't get
rid of FLOSS software for Windows neither it's a solution against
virulent software.

As Mr. Brauner (Brauner Microphones) and Mr. Fey (Studio Mag) ones
mentioned: "We only like rich people to be able to get knowledge and the
abilities to produce music, all the other people are trash only".

I thank both and I know why several friend and I aren't friends with Mr.
Brauner anymore, Mr. Fey anyway never was a friend of mine or any other
one I know.

Microsoft is a little bit big bigger than Brauner and the Studio Mag.

Those people are the pure evil. I'm happy that Steve Jobs is dead, I
don't know him personal, but I suspect him as the same kind (or much
more worse) of human, as some evil humans I personal know and Mr. Gates
seems to be the same kind of human, I also don't know him personal.

Has anybody knowledge about weapon systems ?!. I don't have
knowledge , but AFAIK the company M$ is a global player regarding to
war. I might be mistaken.

"Market economy" isn't evil per se, humans make it anti-social.

I'm pissed!
 
Old 06-25-2012, 06:31 PM
Ralf Mardorf
 
Default Campaign against Secure Boot

On Mon, 2012-06-25 at 20:26 +0200, Arno Gaboury wrote:
> On 06/25/2012 07:44 PM, Ralf Mardorf wrote:
> > On Mon, 2012-06-25 at 19:24 +0200, Thomas Bächler wrote:
> >> Am 25.06.2012 18:37, schrieb Kevin Chadwick:
> >>>>> If I understand it right, in Setup Mode, you can either boot any
> >>>>> non-signed operating system, or you can import your own keys into the
> >>>>> firmware, so that you can sign your own bootloaders. For me, this is
> >>>>> enough to not care about Secure Boot.
> >>>>>
> >>> I didn't know key replacement was a requirement for MS certification.
> >>> That's better than I thought, however.
> >>>
> >>> You can only have one key and so it's a barrier to competition via
> >>> preventing trying out other OS's on a whim!!. To multiboot you have to
> >>> pay and spend a lot of time. Having authorisation to disable it
> >>> completely but not import multiple keys simply doesn't make sense.
> >> I don't think so. I need to verify this, but if I remember right, you
> >> can simply sign Microsoft's key so Windows 8 is also trusted by your own
> >> key.
> > Pff, I need to build my own kernels, to optimize to my needs and*I won't
> > care about a boot-boot-loader or any singing.* Ok, I don't have any
> > Windows installed (*excepted of XP on Arch on VBox*) and I won't install
> > Windoof 8. Try an educated guess! In Europe M$ does violate laws, but M$
> > simply pays the punishment by pocket money/stamp coffer ... dunno how
> > the idiom is called in English, but I suspect you understand.
> >
> > However, isn't is suspect that the name "Microsoft" always comes along
> > with UEFI?!
> >
> > I don't have tendencies to believe in conspiracy theories! I simply
> > don't trust this situation any longer. Again, at first I didn't care,
> > now I'm completely against it.
> >
> I am following this thread, and honestly, who needs to dual boot today?
> I do not see anmore the need of it, as LVM is matured enough to avoid
> anyway the pain of rebooting to run winoz, no?
> We all know Apfle and Winoz are not playing the game and try to close
> everything, no?
>
> Just my 2 cents in this vibrant debate.

Yep, no issue for me, my mobos will be based on Intel or AMD. Do you use
other hardware? Than perhaps you'll be screwed in the near future. Good
luck!.
 
Old 06-25-2012, 06:37 PM
Arno Gaboury
 
Default Campaign against Secure Boot

On 06/25/2012 08:31 PM, Ralf Mardorf wrote:

On Mon, 2012-06-25 at 20:26 +0200, Arno Gaboury wrote:

On 06/25/2012 07:44 PM, Ralf Mardorf wrote:

On Mon, 2012-06-25 at 19:24 +0200, Thomas Bächler wrote:

Am 25.06.2012 18:37, schrieb Kevin Chadwick:

If I understand it right, in Setup Mode, you can either boot any
non-signed operating system, or you can import your own keys into the
firmware, so that you can sign your own bootloaders. For me, this is
enough to not care about Secure Boot.


I didn't know key replacement was a requirement for MS certification.
That's better than I thought, however.

You can only have one key and so it's a barrier to competition via
preventing trying out other OS's on a whim!!. To multiboot you have to
pay and spend a lot of time. Having authorisation to disable it
completely but not import multiple keys simply doesn't make sense.

I don't think so. I need to verify this, but if I remember right, you
can simply sign Microsoft's key so Windows 8 is also trusted by your own
key.

Pff, I need to build my own kernels, to optimize to my needs and*I won't
care about a boot-boot-loader or any singing.* Ok, I don't have any
Windows installed (*excepted of XP on Arch on VBox*) and I won't install
Windoof 8. Try an educated guess! In Europe M$ does violate laws, but M$
simply pays the punishment by pocket money/stamp coffer ... dunno how
the idiom is called in English, but I suspect you understand.

However, isn't is suspect that the name "Microsoft" always comes along
with UEFI?!

I don't have tendencies to believe in conspiracy theories! I simply
don't trust this situation any longer. Again, at first I didn't care,
now I'm completely against it.


I am following this thread, and honestly, who needs to dual boot today?
I do not see anmore the need of it, as LVM is matured enough to avoid
anyway the pain of rebooting to run winoz, no?
We all know Apfle and Winoz are not playing the game and try to close
everything, no?

Just my 2 cents in this vibrant debate.

Yep, no issue for me, my mobos will be based on Intel or AMD. Do you use
other hardware? Than perhaps you'll be screwed in the near future. Good
luck!.


Once upon a time, I had a dream OSX would leed to some kind of "semi
open" OS, with lots of dev improvments from the community.


PPPffff, it was long time ago, and was really naive.
 
Old 06-25-2012, 06:59 PM
Ralf Mardorf
 
Default Campaign against Secure Boot

On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote:
> Once upon a time, I had a dream OSX would leed to some kind of "semi
> open" OS, with lots of dev improvments from the community.
>
> PPPffff, it was long time ago, and was really naive.

Hahaha, when I searched for a successor for my Atari St, my first guess
was Apple. It's not naive, since hardware is important, reliable
hardware is important, unfortunately my moneybag ships with some
limitations . I had the same dream. I won an iPad2 and can't use it,
since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until
now, but I downloaded Absinth a long time ago, I simply wished to test a
"legal" iPad for a while. My iPad2 is unable to get iBooks, so every
elCheapo Ebookreader has more abilities than my iPad 2, just because I'm
using Linux. It's not a fault of Linux, it's spirit of mischief by
companies like M$ and Apfel.
 
Old 06-25-2012, 07:13 PM
Ralf Mardorf
 
Default Campaign against Secure Boot

On Mon, 2012-06-25 at 20:59 +0200, Ralf Mardorf wrote:
> On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote:
> > Once upon a time, I had a dream OSX would leed to some kind of "semi
> > open" OS, with lots of dev improvments from the community.
> >
> > PPPffff, it was long time ago, and was really naive.
>
> Hahaha, when I searched for a successor for my Atari St, my first guess
> was Apple. It's not naive, since hardware is important, reliable
> hardware is important, unfortunately my moneybag ships with some
> limitations . I had the same dream. I won an iPad2 and can't use it,
> since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until
> now, but I downloaded Absinth a long time ago, I simply wished to test a
> "legal" iPad for a while. My iPad2 is unable to get iBooks, so every
> elCheapo Ebookreader has more abilities than my iPad 2, just because I'm
> using Linux. It's not a fault of Linux, it's spirit of mischief by
> companies like M$ and Apfel.

PS: Do you know that there's a Apple community for old Apple OSs, I
guess before Apple switched to Intel? Even "gifted" Apple users don>'t
follow the policy of Apple per se.
 

Thread Tools




All times are GMT. The time now is 01:02 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org