[ubuntu-uk] heads up - Secure Boot Problems for Linux Users Are Here Already

James Morrissey morrissey.james1 at gmail.com
Tue Nov 1 07:02:22 UTC 2011 

Just to be clear here, isn't there some relevance to the secure boot.
I mean even in Linux systems you wouldn't want malware to install
itself onto the software which runs the firmware. Wouldn't such
malware a danger to all systems, be they Windows or Linux?

As such, as i understand it, the problem is not that MS are advocating
for secure boot. Instead its that while they do so they are not
insisting that the secure boot option be something that can be
overridden, or switched off, if the user wishes to install a piece of
software that they approve of. Instead MS are just insisting that it
be switched on at sale of Windows 8 machines.

So, while i agree that MS's approach to secure boot is
anti-competitive behavior wrapped up in narrative of security, having
secure boot systems that could easily - and i mean in a totally user
friendly way (ideally through a GUI) - be switched off would be a good
thing for all users.

To my mind the issue then lies with manufacturers who are not bound to
make secure boot unchangeable. MS aren't playing fair, but that's
nothing to be surprised by. With this in mind shouldn't pressure be on
making manufactrer's generate systems which allow the user both
security and the ability to choose their operating system. My sense is
this would be the best expenditure of our energies.

Is this right or have i missed something?

j

On 1 November 2011 06:30, Michael Holmes <holmesmich at gmail.com> wrote:
> On 31 October 2011 09:58, Robert Flatters <robert.flatters at gmail.com> wrote:
>> This will be a growing problem, if there is no step processes in place to
>> get UEFI turned off you HP Guy will have big problems in the coming months.
>> I fear Microsoft is trying to lockout Linux from installing on new machine.
>
> UEFI isn't something you "turn off". It's a new loader for PC systems
> that replaces the BIOS - and for good reason. The BIOS works in 16-bit
> real mode, is slow to boot, and cannot boot hard drives over 2TB -
> which is now an issue. It also has very limited facilities to
> interface with hardware, hence why BIOS screens look like TTYs for the
> most part.
>
> You're confusing UEFI with the proposed UEFI "security standard" that
> is Secure Boot. They're not the same. UEFI alone does not prevent you
> from booting into Linux.
>
> Imagine that you want to buy glasses, and that the frames are
> UEFI/BIOS/whatever, and the lenses are operating systems.
>
> BIOS is like the old pair of frames you have that are a bit bent and
> scuffed, and generally becoming unfit for use. UEFI is like a new,
> stylish and modern set of frames. These new frames might not fit the
> old lenses, because of the different shape, but soon new lenses will
> hit the market that fit it. You are *not* being actively prevented
> from changing out the lenses at will.
>
> Secure Boot is different - imagine these new frames had a lock on
> them, and you had to go to an authorised vendor to fit in new
> authorised lenses. That lock is the equivalent of the UEFI Secure Boot
> initiative. Your freedom to change the lenses has been taken away,
> most likely under the pretence that "lenses not certified for use
> with" these frames could "cause damage to your eyesight". In both
> cases, anti-competitive actions are being disguised with good
> intentions.
>
> HTH,
> Mike
>
> --
> ubuntu-uk at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
> https://wiki.ubuntu.com/UKTeam/
>

More information about the ubuntu-uk mailing list