FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 09-25-2011, 06:26 AM
Goh Lip
 
Default Windows 8's use of the UEFI Secure Boot

On 25/09/11 11:47, Goh Lip wrote:

If an article as someone mentioned here said, the firmware is embedded
in the motherboard, then it precludes all existing motherboards. If it
will be embedded in future motherboards in cahoots with Microsoft, a
strong anti-trust, monopolistic charge can and should be filed.

[Appendum]
That will also mean existing computers will not be able to install
Windows 8, an overwhelming profit base of upgrades which Microsoft is
unlikely to deliberately forfeit.



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 09-25-2011, 07:09 AM
Nils Kassube
 
Default Windows 8's use of the UEFI Secure Boot

Goh Lip wrote:
> That will also mean existing computers will not be able to install
> Windows 8, an overwhelming profit base of upgrades which Microsoft is
> unlikely to deliberately forfeit.

Don't expect Microsoft to deliberately forfeit any money. I suppose that
Windows 8 will boot on existing machines with BIOS but the label
"Certified for Windows 8" (or whatever it is called) is only available
for new machines with UEFI.


Nils

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 09-26-2011, 06:49 PM
Colin Watson
 
Default Windows 8's use of the UEFI Secure Boot

On Sun, Sep 25, 2011 at 11:47:19AM +0800, Goh Lip wrote:
> I have it running in BIOS msdos partitioned disk and it gets booted
> up by grub2. I'll bet it will run in UEFI gpt partitioned disk and
> be able to be booted up by grub2. (an article claimed it can only be
> booted on UEFI gpt partition - it may happen the 'final release'
> could -doubt so- but the 'developer preview' doesn't.)

I'm pretty sure that, by the time all this reaches final deployment,
GRUB 2 will not be able to boot Windows 8 under UEFI. That would be far
too easy a workaround ...

> If another article claims that the security feature is a UEFI
> feature and not Microsoft related, note that grub2 is CA-certified
> and this implies grub2 can boot Windows 8. (grub-legacy is not
> CA-certified)

I'm a GRUB 2 developer and I have no idea what that means. Could you
elaborate?

Thanks,

--
Colin Watson [cjwatson@ubuntu.com]

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 09-27-2011, 02:58 AM
Goh Lip
 
Default Windows 8's use of the UEFI Secure Boot

On 27/09/11 02:49, Colin Watson wrote:

On Sun, Sep 25, 2011 at 11:47:19AM +0800, Goh Lip wrote:

I have it running in BIOS msdos partitioned disk and it gets booted
up by grub2. I'll bet it will run in UEFI gpt partitioned disk and
be able to be booted up by grub2. (an article claimed it can only be
booted on UEFI gpt partition - it may happen the 'final release'
could -doubt so- but the 'developer preview' doesn't.)


I'm pretty sure that, by the time all this reaches final deployment,
GRUB 2 will not be able to boot Windows 8 under UEFI. That would be far
too easy a workaround ...



"That would be far too easy a workaround ..."
By this, do you mean that it would be easy to workaround such that grub2
can still boot Windows 8?


OR
That it will be easy for Microsoft to workaround the UEFI 'architecture'
such that it is impossible for grub2 to boot Windows 8 if Microsoft
choose to do so?





If another article claims that the security feature is a UEFI
feature and not Microsoft related, note that grub2 is CA-certified
and this implies grub2 can boot Windows 8. (grub-legacy is not
CA-certified)


Perhaps this would explain better...
http://www.winrumors.com/microsoft-clears-up-linux-confusion-over-windows-8-secure-boot-feature/

but granted, it may be interpreted that Microsoft uses CA-certification
to block other boot-loaders booting it.


Still, it is inconceivable that Microsoft would want to 'lock itself'
out of the substantive and lucrative upgrade market.





I'm a GRUB 2 developer and I have no idea what that means. Could you
elaborate?



Yes, I know, you're the head honcho. Appreciate what you've done.


Thanks,



Thanks and regards - Goh Lip
--
When you cease to seek happiness, you will find it.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 09-27-2011, 08:41 AM
Colin Watson
 
Default Windows 8's use of the UEFI Secure Boot

On Tue, Sep 27, 2011 at 10:58:33AM +0800, Goh Lip wrote:
> On 27/09/11 02:49, Colin Watson wrote:
> >On Sun, Sep 25, 2011 at 11:47:19AM +0800, Goh Lip wrote:
> >>I have it running in BIOS msdos partitioned disk and it gets booted
> >>up by grub2. I'll bet it will run in UEFI gpt partitioned disk and
> >>be able to be booted up by grub2. (an article claimed it can only be
> >>booted on UEFI gpt partition - it may happen the 'final release'
> >>could -doubt so- but the 'developer preview' doesn't.)
> >
> >I'm pretty sure that, by the time all this reaches final deployment,
> >GRUB 2 will not be able to boot Windows 8 under UEFI. That would be far
> >too easy a workaround ...
>
> "That would be far too easy a workaround ..."
> By this, do you mean that it would be easy to workaround such that
> grub2 can still boot Windows 8?
>
> OR
> That it will be easy for Microsoft to workaround the UEFI
> 'architecture' such that it is impossible for grub2 to boot Windows
> 8 if Microsoft choose to do so?

I mean that Microsoft consider it to be part of their security
architecture that it will only be possible to boot Windows 8 using a
bootloader signed with a key trusted by the UEFI firmware, at least once
one is using firmware with the "secure boot" capability. It would be
far too easy a workaround if one could avoid that simply by using an
unsigned boot loader.

Of course, if the firmware doesn't require a signature, that's a
different matter. But you won't be able to work around firmware
requirements using an unsigned boot loader.

(Do not take from this that I agree with this position; I'm just telling
you how I understand it's likely to be.)

> >>If another article claims that the security feature is a UEFI
> >>feature and not Microsoft related, note that grub2 is CA-certified
> >>and this implies grub2 can boot Windows 8. (grub-legacy is not
> >>CA-certified)
>
> Perhaps this would explain better...
> http://www.winrumors.com/microsoft-clears-up-linux-confusion-over-windows-8-secure-boot-feature/
>
> but granted, it may be interpreted that Microsoft uses
> CA-certification to block other boot-loaders booting it.

Nothing in that article supports the position that GRUB 2 is
CA-certified. I can tell you with considerable confidence that it is
not at this time, and that it is not at all clear what we would need to
do in order to do so - would GRUB have to be modified to only boot
signed kernels if we were to avoid our key being immediately revoked?
That wouldn't be pretty.

(Anyway, Matthew Garrett has responded to Microsoft's response ...)

> Still, it is inconceivable that Microsoft would want to 'lock
> itself' out of the substantive and lucrative upgrade market.

It may well be that it behaves differently on prior firmware versions,
but as Matthew Garrett has pointed out, any new system that wants to get
Windows 8 certification must ship with "secure boot" enabled and is not
required to provide an option to disable it.

--
Colin Watson [cjwatson@ubuntu.com]

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 09-27-2011, 10:25 AM
Goh Lip
 
Default Windows 8's use of the UEFI Secure Boot

On 09/27/2011 04:41 PM, Colin Watson wrote:


"That would be far too easy a workaround ..."
By this, do you mean that it would be easy to workaround such that
grub2 can still boot Windows 8?

OR
That it will be easy for Microsoft to workaround the UEFI
'architecture' such that it is impossible for grub2 to boot Windows
8 if Microsoft choose to do so?


I mean that Microsoft consider it to be part of their security
architecture that it will only be possible to boot Windows 8 using a
bootloader signed with a key trusted by the UEFI firmware, at least once
one is using firmware with the "secure boot" capability. It would be
far too easy a workaround if one could avoid that simply by using an
unsigned boot loader.

Of course, if the firmware doesn't require a signature, that's a
different matter. But you won't be able to work around firmware
requirements using an unsigned boot loader.

(Do not take from this that I agree with this position; I'm just telling
you how I understand it's likely to be.)


Okay, understood. Thanks. Good to hear this from you.





If another article claims that the security feature is a UEFI
feature and not Microsoft related, note that grub2 is CA-certified
and this implies grub2 can boot Windows 8. (grub-legacy is not
CA-certified)


Perhaps this would explain better...
http://www.winrumors.com/microsoft-clears-up-linux-confusion-over-windows-8-secure-boot-feature/

but granted, it may be interpreted that Microsoft uses
CA-certification to block other boot-loaders booting it.


Nothing in that article supports the position that GRUB 2 is
CA-certified. I can tell you with considerable confidence that it is
not at this time, and that it is not at all clear what we would need to
do in order to do so -


I stand corrected. Appreciate the correction.

would GRUB have to be modified to only boot

signed kernels if we were to avoid our key being immediately revoked?
That wouldn't be pretty.


Right, we'll be acting like Microsoft then, we are not that evil.





(Anyway, Matthew Garrett has responded to Microsoft's response ...)


Still, it is inconceivable that Microsoft would want to 'lock
itself' out of the substantive and lucrative upgrade market.


It may well be that it behaves differently on prior firmware versions,
but as Matthew Garrett has pointed out, any new system that wants to get
Windows 8 certification must ship with "secure boot" enabled and is not
required to provide an option to disable it.




I somehow like to see them try...
and watch the fireworks fly...
we here don't need windows to get by...
no need to push others to say goodbye...
(hey, it rhymes)

Good of you Colin, to drop by here once in a while
And have a virtual beer, coffee or water with us.

Take care - Goh Lip

--
Life is a sexually transmitted disease with a 100% mortality rate.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 09-27-2011, 04:09 PM
Bill Stanley
 
Default Windows 8's use of the UEFI Secure Boot

Perhaps this would explain better...
http://www.winrumors.com/microsoft-clears-up-linux-confusion-over-windows-8-secure-boot-feature/



A word about the link provided...

I read the linked webpage and judging from the reader comments, this
website is hardly neutral. The opinions are distinctly pro-Windows.
It's not surprising that they paint a pretty face on things. They say
that Microsoft did not directly develop the protocol and are simply
implementing it. My question is how much support in terms of money and
free manpower did they contribute. I wouldn't be surprised to learn
that most of the support came from M$.


Bill Stanley

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 09-27-2011, 04:15 PM
"compdoc"
 
Default Windows 8's use of the UEFI Secure Boot

>My question is how much support in terms of money and
>free manpower did they contribute. I wouldn't be surprised to
>learn that most of the support came from M$.


And if MS did contribute, that would make it evil?



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 09-27-2011, 04:48 PM
NoOp
 
Default Windows 8's use of the UEFI Secure Boot

On 09/27/2011 01:41 AM, Colin Watson wrote:
> On Tue, Sep 27, 2011 at 10:58:33AM +0800, Goh Lip wrote:
...
>> Perhaps this would explain better...
>> http://www.winrumors.com/microsoft-clears-up-linux-confusion-over-windows-8-secure-boot-feature/
>>
>> but granted, it may be interpreted that Microsoft uses
>> CA-certification to block other boot-loaders booting it.
>
> Nothing in that article supports the position that GRUB 2 is
> CA-certified. I can tell you with considerable confidence that it is
> not at this time, and that it is not at all clear what we would need to
> do in order to do so - would GRUB have to be modified to only boot
> signed kernels if we were to avoid our key being immediately revoked?
> That wouldn't be pretty.
>
> (Anyway, Matthew Garrett has responded to Microsoft's response ...)

For those interested, Matthew's Journal is here:
http://mjg59.livejournal.com/
http://mjg59.dreamwidth.org/5552.html
[UEFI secure booting]
http://mjg59.dreamwidth.org/5850.html
[UEFI secure booting (part 2)]
http://mjg59.dreamwidth.org/6054.html
[Supporting UEFI secure boot on Linux: the details]

...


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 09-27-2011, 05:41 PM
Billie Walsh
 
Default Windows 8's use of the UEFI Secure Boot

On 09/27/2011 11:15 AM, compdoc wrote:

My question is how much support in terms of money and
free manpower did they contribute. I wouldn't be surprised to
learn that most of the support came from M$.



And if MS did contribute, that would make it evil?


But of course. Anything Microsoft touches is evil. Microsoft IS the
"Evil Empire"!!



--

"Democracy is two wolves and a lamb deciding what to have for dinner.
Liberty is a well-armed lamb." - Benjamin Franklin -


_ _... ..._ _
_._ ._ ..... ._.. ... .._


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 07:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org