Microsoft tries to block Linux off Windows 8 PCs

D. Hugh Redelmeier hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Thu Sep 22 15:33:48 UTC 2011


Thanks for the heads-up, Collin.

| From: Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org>

| Of course given existing windows versions aren't signed, any machine
| that requires this to work, won't work with existing windows versions,
| so the changes of that happening seems pretty slim.

All that this requires is a phase-in period.  Or MS's bootloader to
enable this.

Another example requiring a phase in period (which we are in): many of
the restrictions enabled by the Protected Video Path.  So this isn't
unprecedented.

| From: Ted <ted.leslie-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>

| I can see a company not wanting a rootkit and essentially allowing for a
| insecure boot and  other issues,

The word "company" is ambiguous.  There are a bunch of entities
involved:

- the standards organization for UEFI

- Microsoft, in its role mandating this security

- the OS manufacturer (i.e. the one with the key that has signed the
  OS).  Might be Microsoft or Redhat or whoever

- The hardware manufacturer (eg. Asus or Dell)

- the vendor (eg. Dell, Futureshop, Infonec, ...)

- the VAR

- the owner (eg. end user's employer)

- the end user

Right now, technically (but perhaps not administratively), all the
power is in the end-user's hands since there is no protection.

After this change, the power goes to the hardware manufacturer, but
Microsoft has used its market force to move that power to Microsoft.
There power flows downstream only in as much as Microsoft lets it.

| I mean  a linux distro could demand this (for valid security reasons) and lock
| out dual boot to windows?

Sure.  But no manufacturer would bother to do this.  No Linux distro
has have the marketplace power in the consumer space.

| But, is it not the case that this signing issue would not have any effect on
| dual boot from separate drives?

| So seems to me its hardly a "block", if that was even attempt by MS, but
| rather maybe a slight annoyance at best?

That in itself would be annoying.  Numericallly few users are willing
to buy a second drive for their machines and install it.

But the keys are in the BIOS so the limitations would apply to all
disks (including USB keys and CDROMS or it would be pointless).

| From: Scott Elcomb <psema4-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>

| My question is what will happen when relevant Certificate Authorities
| get "hacked" - ala DigiNotar and Comodo?

There is no CA, at least according to the article referenced in the
first post.

And hacking like this gets you thrown in jail in the US (DMCA) and
soon to be in Canada (on this fall's legislative agenda by all
accounts).  Hardly a basis for an above-board company's business
model.

| From: Ted <ted.leslie-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>

| i didn't realize that UEFI would mean that vendors would have to have
| signatures.
| Well seems to me if linux distro signatures can't be introduced to allow linux
| to dual boot,
| the HW manufactures would essentially be closing the HW off to only new
| windows,
| which is highly illegal, so why would MS do something like that?

As Collin pointed out, the action would be by hardware vendors, not
Microsoft.  Not clearly illegal.  I hope it is.

But it is under cover of "security".  Legitimately.  And that is
second only to child porn as a justification for bad laws.

Most hardware vendors in the personal computer space don't care at all
about Linux.  In fact, they might even want to fire us as customers
because we bug them more than their Windows custormers.

It is arguable that BeOS was killed by Microsoft forbidding
manufacturers from delivering dual-boot (Windows and BeOS) systems.

| From: Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org>

| If you control the setup of the UEFI secure boot, then you can choose
| which keys to load in.  So you could load a key to reocgnize microsoft
| signed binaries, as well as a key to recognize your own signed binaries
| and then go ahead and sign your grub binary and install it.  If something
| tries to replace windows' boot code with a virus, or tries to replace
| your boot loader code, it will stop booting because it is no longer what
| you told it to allow.  This sounds useful.

Yeah, but grub isn't secure.  So an attacker could change grub.conf or
whatever to get control.

| If you don't control the setup of secure boot, you on the other hand
| no longer have a choice in what your machine can boot when secure boot
| is enabled.  That sounds awful.
| 
| So the real question comes down to whether you as the owner of the
| machine get to pick the keys on the box or not.

It's pretty clear to me that mainstream consumer hardware will go the
way of least resistance and not care about locking anything they
didn't deliver out.  In fact, I imagine them even wanting to lock out
even Microsoft upgrades-that-cost-money in such a way that they get a
cut.

I imagine that computer makers must be jealous of the way phone makers
get away with locking down their product.

| From: Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org>
| 
| But if they prevent unsigned code from running, they also prevent anything
| pre windows 8 from running.

An extra-cost option: a signed WinXP.

Actually, high-end Win7 variants ("pro" and "ultimate"?) include vm
support for old versions of Windows.  That's probably the model.

| From: Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org>

| UEFI has been around for years without this new feature.  It's just a
| new optional feature that Microsoft would like to see made standard.

Like TPM, it can be used for good or ill.  The bad thing is that it
lets Microsoft gain control without even looking evil.

| I suspect lack of implementation details so far is what is making this
| sensational.

If we don't get upset now, it will be a fait accompli before we can
react.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list