Secure Boot

Microsoft pushing hardware manufacturers to try to establish a monopoly, like always, now with compulsory use fo Secure Boot for Windows 8. Those of us who install Linux systems on our computers getting the shaft again.

“There’s no need to panic just yet.”

If this change would cause a shitstorm and hurt sales, they won’t implement it. Simple as that.

Has the pit been reduced to lame-ass complaining about Micro$oft by Linux users? At least add some fuck shit stacks and make it a proper pitting.

ZDNet report - Leading PC makers confirm no Windows 8 plot to lock out Linux

Except (as kferr has already linked) it’s not compulsory, but likely to be a bios option. And out of interest, what do you think is a better approach for dealing with rootkits?

How were rootkits dealt with in the past?

Assuming you’re referring to Windows rootkits, then the first reaction was to congratulate Mr Hoglund on his very interesting proof of concept, and then the second reaction a few years afterwards was to ask Sony what the fuck they were playing at when they started using them as a DRM tool, and even that one was a pain in the arse to sort out.

Ah, the good old days. When the worst you had to worry about from a virus was it scragging your computer.

Now give it 6 years of arms race level development, and we find ourselves in a slightly more worrying position. TDL4, for example, is one of a recent number of toolkit systems that criminals use to exploit millions of computers, whether to scam for information (banking details, etc) or just to botnet into spamming hordes or whatever. And they’re just getting more complicated and hard to kill.

So, has anyone got a better idea what MS should do? Because, neutral as I am on OS (I use Mac OS, Windows, and a few linux flavours personally) I just don’t see what other long term options there are than securing boot components…and in time I expect to see Apple take the same step, and if linux ever reaches sufficient mass to become a common domestic platform it probably will too.

If you Linux users would just pay your goddamn parking tickets, you wouldn’t … you woul…

what’s that?

Oh.

Is there any thought to implementing some sort of physical security? Not necessarily a dongle or new switch (no screwing with the formfactor please), but either a jumper or on-board button that had to be physically pressed/activated in order to get that level access to the architecture.

This is an interesting idea, but how would you implement it without making the software involved abusable by hackers? :frowning:

Magic.

Meh, my knowledge of hardware is extremely limited at best.

That said, I support this idea. Rootkits and similar viruses really are a large part of the problem with windows systems. Hell, even ones in military-grade installations! Anything that makes the system more secure without seriously limiting functionality is IMO better. And to those who believe linux would be disenfranchised: You’re using a windows computer to run Linux.

This is a whoosh, right?

they’re asking that the default be set to secure boot. They’re not trying to mandate that the system can only secure boot.

surely if you can install Linux, you can change an option in the BIOS setup?

Corporate customers won’t go for it. It really is as simple as that: Corporate customers demand to be able to image their systems from a master image, upgrade on their schedule, and, yes, run Linux (because do you actually think Google runs on Windows?). Whitebox makers will therefore not shoot themselves in the foot this time, thank you very much, and they’ll keep the Linux-friendly computers coming for all the big players who have made Linux the OS large parts of the Internet runs on, in addition to supplying all the people like me.

This isn’t 1996 anymore. Linux is a big deal now.

Yes, isn’t it?

Helpful hint. No. You need to go back to “Hardware 101”.

None of the 7 PC operating systems I use regularly, (nor the 3 more experimental ones I haven’t gotten around to permanently installing on any of my machines, yet) will run on the proposed hardware the OP mentions, and only 3 of those 7 systems are Winblows versions (and only 1 is a Linux version). But those 3 won’t work, either. And all the others have antecedents that precede Winblows.

They are NOT “windows” computers. They are IBM PC spec, which Micropenis has never owned, controlled, or otherwise had much input into. The basic spec was developed before MSDOS, the expanded specs were developed before Winblows.

As a matter of fact, Micropenis has been trying to catch up, hardware-wise, since they came into existence. And have been managing to convince fools that they are “cutting edge”. At least they’ve managed the “convince fools and get their money” part right.

Winblows was developed to the pre-existing spec, not the other way around. They are NOT “windows” computers.

Breaking the hardware to make up for Micropenis’s failings is not a wise idea. Unless you think Micropenis should be able to control all your computing from their central storehouse of wisdom? They would never tell you “Where do we want you to go, today”, after all.

I don’t disagree with the technical thrust of the above, but the use of ‘micropenis’ and ‘winblows’ is just lame and dickish. Not sure if that was your aim.

Amen. Sometimes people take their choice of operating systems way too seriously.

Can something be done with public key encryption of the data from hardware channels?

The lame and dickish stuff is bad enough, but worse than that are the factual errors. If you’re going to try to play the geek equivalent of comic book guy, at least try to get the basic IT stuff right.

  1. As stated above, none of the secure boot stuff is likely to be unavoidable. The percentage of linux users means that PC manufacturers will include a bios option to turn it off.

  2. Considering Microsoft’s inroards into hardware are mostly the xbox, mice and keyboards, it’s a bit weird to claim they’ve “been trying to catch up, hardware-wise, since they came into existence”. Erm, ok. What hardware program was that on? I suppose the courier was a bit of a fail, but hell it actually looked like a good concept. I could understand if he’d said that PC manufacturers were struggling to copy Apple, or server manufacturers struggling to match Sun, or something like that…but that’s nowt to do with MS.

  3. I’d be interested in knowing what cheshire proposes to stop the threat of rootkits and similar bugs if not some form of secured component check on bootup? Hell, I don’t even understand how he blames this sort of problem on Microsoft. Considering there’s been succesful rootkit exploits against Sun, Apple, and even low level hardware controllers it’s not as if MS are particularly vulnerable here. They get targeted hardest because they’re the most common OS.

So, as well as being a bit sad, as far as I can see he’s also a bit wrong. Has to be said though, the most pathetically silly bit was the one upmanship over operating systems. Everyone knows Amiga DOS is the worlds finest operating system, it doesn’t even need to be said.