FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-07-2012, 02:34 PM
Dave Ihnat
 
Default Fedora 18 and UEFI

Once, long ago--actually, on Sat, Jul 07, 2012 at 03:21:09PM +0200--Reindl Harald (h.reindl@thelounge.net) said:
> the whole "secure boot" idea is crap

Hmm...no, it's not. It's crap *as implemented*.

Want a not-crap implementation?

o Firmware ships with a non-MS form of UEFI.

o You install your OS-of-choice; at this point in time, you know it's
clean & safe.

o Run a utility to generate a key that gets installed in the UEFI
firmware. Preferably, this utility would know or be told what
components in the OS, drivers, etc. should be considered when
generating the key.

o Disable the UEFI update. Ideally, this would be an actual hardware
switch--something that CAN'T be suborned in software or firmware.

o Whenever you update your OS, drivers, or other components that are
considered by the UEFI boot, turn off the switch and re-run the keygen
utility.

From this point on, you're running "blessed" software, so Bad Guys(TM) will
be stopped as for the current UEFI. But the entire dance is in *your*
control, not any vendor.

But, of course, MS couldn't tolerate this.
--
Dave Ihnat
dihnat@dminet.com
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-07-2012, 02:42 PM
Reindl Harald
 
Default Fedora 18 and UEFI

Am 07.07.2012 16:17, schrieb Heinz Diehl:
> On 07.07.2012, Reindl Harald wrote:
>
>> do not buy the cheapest consumer crap and you are on the safe side
>> in the BUSINESS market microsoft has nothing to say, really!
>
> Here in Norway, ~99% of all institutions use Windows. Both Windows 7
> for their desktop environment, and Windows server for their networks.
> Linux is used, but doesn't play an important role.

oh yeah, there will surely run any mail/web/ftp-server with windows
never, not in norway nor somewhere else

and yes, all this machines are maintained by people which
needs and wants non 19" hardware for play around with their
things beside production

however, MS is not permitted to lock down the x86 market
not in the united states and not in the european union

http://en.wikipedia.org/wiki/United_States_v._Microsoft
http://en.wikipedia.org/wiki/European_Union_Microsoft_competition_case

so microsoft has nothing to say

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-07-2012, 04:03 PM
Richard Vickery
 
Default Fedora 18 and UEFI

On Sat, Jul 7, 2012 at 5:46 AM, Carroll Grigsby <cgrigs986@att.net> wrote:

On Sat, 7 Jul 2012 08:58:31 -0300

Itamar Reis Peixoto <itamar@ispbrasil.com.br> wrote:



> On Sat, Jul 7, 2012 at 7:21 AM, suvayu ali

> <fatkasuvayu+linux@gmail.com> wrote:

> >

> > I realise I can turn Secure Boot off, but hardware manufacturers

> > have often dropped the ball on complying with standards. What if

> > the next generation of motherboards/laptops make it harder to turn

> > off secure boot? Just to make it clear, the questions above are not

> > rhetorical. I just want to understand better the implications as an

> > end-user.

> >

>

>

> I think we are bigger enough to say no and buy only hardware

> compatible.

>

>



Good luck with that! *I've been thinking about replacing this computer

with something newer, so when I was in my local computer store

yesterday, I asked if they had any motherboards or systems that did

not have this UEFI/Microsoft crap installed. Nope. None. Nil. Zilch.

Nada. Ain't no such critter. All gone. It's hiding with Judge

Crater and Jimmy Hoffa. You get the message...


One can always go through Dell to get a Linux computer without the Micros**t crap. It comes with Ubuntu preinstalled, but one *has the option of installing Fedora.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-07-2012, 04:27 PM
Frank Murphy
 
Default Fedora 18 and UEFI

On 07/07/12 17:03, Richard Vickery wrote:


One can always go through Dell to get a Linux computer without the
Micros**t crap. It comes with Ubuntu preinstalled, but one has the
option of installing Fedora.



From what I gather before Dell stopped pushing the DellUbuntu desktops,
they were even then not on par spec with the MS equipped Dell Desktop.


--
Regards,
Frank
"Jack of all, fubars"


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-07-2012, 05:14 PM
suvayu ali
 
Default Fedora 18 and UEFI

Hi Rahul,

On Sat, Jul 7, 2012 at 2:44 PM, Rahul Sundaram <metherid@gmail.com> wrote:
>> Can I freely choose to use proprietary (or for that matter alternative
>> free) drivers for my hardware from whatever source I prefer?
>
> On x86 systems, the ability to disable secure boot is mandated by
> Microsoft and needed to debug Microsoft drivers and since all the
> hardware manufacturers want to comply to this specification, you can be
> rest assured they will provide this functionality and once you disable
> secure boot (instructions for this will likely be in a Fedora wiki
> page), then you are free to load up any custom kernel/kernel module of
> your choice. Also Fedora will provide the tools that the project itself
> uses within the official repository (ie) will be free and open source
> and instructions to use your own key in custom mode.

Thanks a lot for the clarification.

--
Suvayu

Open source is the future. It sets us free.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-07-2012, 05:37 PM
Antonio Olivares
 
Default Fedora 18 and UEFI

> > http://lwn.net/Articles/503803
> >***That this means that from F18 on,
> fedora will cost 99$ for every installation?
> >
>
> Discussion on fedora-devel is still ongoing:
> https://lists.fedoraproject.org/pipermail/devel/2012-June/167732.html
>
> But from what I gather,
> the fedoraproject as vendor,
> will pay Microsoft who will provide a signing service.
Verisign not Micro$oft right?

Some folks did not agree with Red Hat on this one:

http://techrights.org/2012/06/13/red-hat-closed/

>
> The fedora end-use will pay nothing.
> But read the thread for the to and fro.
>

Canonical(Ubuntu) has taken another approach to the UEFI problem

http://lwn.net/Articles/503995/rss

http://www.teknoids.net/content/ubuntus-plans-implement-uefi-secureboot-no-grub2

http://www.teknoids.net/content/ubuntu-cant-trust-fsfs-secure-boot-solution

Who is right? What will happen later on?

As soon as Windows 8 is released will we be able to figure this out right?

Regards,


Antonio
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-07-2012, 06:32 PM
Patrick O'Callaghan
 
Default Fedora 18 and UEFI

On Sat, 2012-07-07 at 10:57 +0300, Kevin Wilson wrote:
> I have a question about UEFI in fedora 18: I see in lwn.net article:

Wrong list. Ask on the Test list, not here.

poc

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-07-2012, 06:38 PM
Kevin Fenzi
 
Default Fedora 18 and UEFI

On Sat, 7 Jul 2012 09:34:21 -0500
Dave Ihnat <dihnat@dminet.com> wrote:

> Once, long ago--actually, on Sat, Jul 07, 2012 at 03:21:09PM
> +0200--Reindl Harald (h.reindl@thelounge.net) said:
> > the whole "secure boot" idea is crap
>
> Hmm...no, it's not. It's crap *as implemented*.
>
> Want a not-crap implementation?
>
> o Firmware ships with a non-MS form of UEFI.

windows 8 client certified hardware will allow you to remove the MS
key.

> o You install your OS-of-choice; at this point in time, you know
> it's clean & safe.
>
> o Run a utility to generate a key that gets installed in the UEFI
> firmware. Preferably, this utility would know or be told what
> components in the OS, drivers, etc. should be considered when
> generating the key.

Fedora plans to make all the infrastructure to create and enroll your
own keys available and usable for end users.

So, you can create your own key, sign the bootloader and grub2 and
kernel with it.
>
> o Disable the UEFI update. Ideally, this would be an actual
> hardware switch--something that CAN'T be suborned in software or
> firmware.

No idea if this is possible.

> o Whenever you update your OS, drivers, or other components that are
> considered by the UEFI boot, turn off the switch and re-run the
> keygen utility.
>
> From this point on, you're running "blessed" software, so Bad
> Guys(TM) will be stopped as for the current UEFI. But the entire
> dance is in *your* control, not any vendor.
>
> But, of course, MS couldn't tolerate this.

Sure they do. You should be able to do this with Fedora if the current
plans all work out as expected. Most users probibly won't bother, but
the plan is to have all this available for those that do want to.

kevin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-07-2012, 06:41 PM
Kevin Fenzi
 
Default Fedora 18 and UEFI

On Sat, 07 Jul 2012 18:14:19 +0530
Rahul Sundaram <metherid@gmail.com> wrote:

> On 07/07/2012 03:51 PM, suvayu ali wrote:
>
> >
> > I am more worried about "free" as in freedom. I don't quite grasp
> > the implications as an end user. For example consider the following
> > scenarios.
> >
> > Can I freely choose to use proprietary (or for that matter
> > alternative free) drivers for my hardware from whatever source I
> > prefer?
>
> On x86 systems, the ability to disable secure boot is mandated by
> Microsoft and needed to debug Microsoft drivers and since all the
> hardware manufacturers want to comply to this specification, you can
> be rest assured they will provide this functionality and once you
> disable secure boot (instructions for this will likely be in a Fedora
> wiki page), then you are free to load up any custom kernel/kernel
> module of your choice. Also Fedora will provide the tools that the
> project itself uses within the official repository (ie) will be free
> and open source and instructions to use your own key in custom mode.

I'll add here something that people seem to be missing a fair bit also:

MS has setup guidelines for hardware vendors that wish to get a
"Windows 8 Client ready" sticker. Note the "client" here. They are not
requiring secure boot for any hardware targeted for servers.

kevin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-07-2012, 06:50 PM
Joe Zeff
 
Default Fedora 18 and UEFI

On 07/07/2012 03:21 AM, suvayu ali wrote:

I am more worried about "free" as in freedom. I don't quite grasp the
implications as an end user. For example consider the following
scenarios.


Didn't we hash this out less than a month ago? I know you've been on
the list long enough to have seen it and participated. Why bring it up
again?

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 05:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org