[ubuntu-uk] efi boot, Windows 8 and Linux

Fri Sep 23 16:33:19 UTC 2011

On 23 September 2011 16:59, Tony Pursell <ajp at princeswalk.fsnet.co.uk>wrote:

>
>
> On 23 September 2011 16:20, James Morrissey <morrissey.james1 at gmail.com>wrote:
>
>> This appeared on the OMGUbuntu site earlier today:
>>
>>
>> http://www.omgubuntu.co.uk/2011/09/microsoft-attempt-address-windows-8-linux-worries/
>>
>> james.
>>
>> On 23 September 2011 16:05, gazz <pmgazz at gmx.co.uk> wrote:
>>
>>>
>>>
>>> On Thu, 2011-09-22 at 00:06 +0100, Alan Bell wrote:
>>> > On 21/09/11 23:29, Bea Groves wrote:
>>> > > Just read the following. Comments?
>>> > >
>>> > yeah, it is potentially very nasty.
>>> > To be Windows 8 certified computers will have to be able to do this
>>> > secure boot thing. Most will include an option to turn it off, exactly
>>> > like the google chromebooks do, they have a switch to turn off the code
>>> > signing requirement so you can run unsigned operating systems. The OLPC
>>> > also has this exact same feature, but you can get a dev key and turn it
>>> off.
>>> > The problem is that some manufacturers might start not bothering to
>>> > include an off switch. So that would creep in as a set of machines
>>> > (probably quite mainstream high volume ones) that won't run anything
>>> but
>>> > the pre-installed Windows 8 or above.
>>> > The big problem is that Windows 9 might *require* secure boot to run.
>>> > This means it won't run on older machines (driving hardware sales, the
>>> > industry likes that) and means that more manufacturers will fail to
>>> > include an off switch for the secure boot. If the market doesn't punish
>>> > them by people avoiding these pre-bricked computers then they will keep
>>> > doing it. Microsoft will carefully not require OEMs to fail to include
>>> > an off switch, because that would be anti-competitive. Virtualbox and
>>> > VMware and so on can include the public keys and provide a secure boot
>>> > environment, or run unsigned code for developing drivers and running
>>> > Linux, but you won't be running Linux on the hardware, only
>>> virtualised.
>>> > It is kind of like the current trend for using up 4 primary partitions
>>> > and not creating extended partitions to make dual booting harder, but
>>> > this one you potentially can't get round. I can see a time when you
>>> have
>>> > to get a laptop chipped to run Linux like you would a DVD player to do
>>> > multi region.
>>> >
>>> > Alan.
>>> >
>>> > --
>>> > Libertus Solutions http://libertus.co.uk
>>> >
>>> >
>>> Yes, agree this is what is likely to happen. It would effectively
>>> confine Linux back to a small, techie ghetto - and that's assuming that
>>> it will still be possible to buy motherboards without the keys or with
>>> an 'off' switch.
>>>
>>> When I'm talking to voluntary sector orgs they frequently say to me that
>>> Microsoft Windows is 'part of the computer' and if you change the OS it
>>> won't work properly any more. This could make that current misconception
>>> actually true!
>>>
>>> What's Canonical's view on this? It seems tempting to team up with a
>>> producer such as Aleutia to ensure that unlocked PCs are still out there
>>> - and with an 'eco' selling point.
>>>
>>> Paula
>>>
>>>
>>> --
>>> ubuntu-uk at lists.ubuntu.com
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
>>> https://wiki.ubuntu.com/UKTeam/
>>>
>>
>>
>>
>> --
>> Dr. James Morrissey
>> Senior Research Officer
>> Refugee Studies Centre
>> Department of International Development
>> University of Oxford
>>
>>
>> It seems to me that Secure Boot, in principal, is a Good Thing and that
> all operating systems should offer it.  Its all about how it is implemented
> and the provision of an opt-out where needed.
>
> From what I have read it would be a good thing if Ubuntu came with Secure
> Boot.  So my question is - is this possible?  Is there anything to stop
> Ubuntu and other main stream distros providing it?
>
>
No, not at all. The issue would be whether the PC makers would include the
distro's key in their machines. There's an analogy with SSL certificates,
the component of a website that secures communication between you and it:
anyone can produce a certificate for a website. What makes it work is having
that certificate correctly identified by your web browser. The same will
apply to UEFI. In theory anyone could secure an OS if the firmware is
sufficiently open but realistically assurance will mean that it isn't.

s/

-- 
Twitter: @sfgreenwood
"Is this your sanderling?"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20110923/d768158d/attachment-0001.html>