Ubuntu, Red Hat Take Stand On Microsoft' Secure Boot Lockdow

PC and MAC news and discussions.

Ubuntu, Red Hat Take Stand On Microsoft' Secure Boot Lockdow

Postby crustyasp46 » Fri Oct 28, 2011 9:12 pm

Ubuntu, Red Hat Take Stand On Microsoft' Secure Boot Lockdown
Fri, 2011-10-28 09:20 by Swapnil Bhartiya

Microsoft stirred the bee's hive by announcing new requirements for manufacturers who want to ship Windows 8 systems, including a feature called 'Secure Boot'. It meant only Windows 8 will be able to run on that hardware locking GNU/Linux out, shutting all windows on Linux on these computers.

The Free Software foundation came out opposing Microsoft's requirements. More than 16,000 people signed the Free Software Foundation statement on “Secure Boot vs Restricted Boot”, which shows the users were concerned. We were expecting some response from the open source industry. Red Hat and Canonical have come forward. The two companies have published a white recommending how to implement 'Secure Boot', to ensure that users remain in control of their PCs.

What The Hell Is Secure Boot?
The UEFI Forum has defined the next generation interface between PC's firmware and any operating system that runs on it. The goal of the Forum was to make systems boot quicker and in secure manner, irrespective of what OS (whether Linux or Windows) you run. This is achieved by a process called Secure Boot which eliminates the possibility of any malware to insert itself between the firmware and the OS. This is accomplished by allowing only 'approved' to boot by a key that recognises pre-approved and signed software.

microsoft-lockdown.jpg

What Microsoft did was to push OEMs to put Windows keys on their hardware which meant nothing else will run on that hardware, meaning you can't run Linux on these PCs, even if you want to. They just won't boot into anything but Windows 8.

Microsoft remained silent over the concern raised by the Linux and free software community. The fact remains that a hardware must be able to run any OS of a users choice and that the 'secure boot' option should be available to all users and not only Windows.

While there will be no issues with PCs coming pre-installed with Ubuntu, as they will have the key, there is a major issue with PCs which comes with Windows forcefully pre-installed even if a user doesn't want it.

Red Hat and Canonical are recommending systems manufacturers to include a mechanism for allowing user to configuring her own list of approved software. This will allow a user to run Windows 8 and Linux at the same time in a PC with Secure Boot 'ON'. This should also include a user being able to try new software from a USB stick or DVD.

That is not enough because even if there is an option to add your prefered software, a non-tech users will not be able to try and test Linux on their PCs as it will be extremely hard for them to go to BIOS and make settings and changes. Thus the two companies are recommending that PCs include a User Interface to easily enable or disable Secure Boot and allow the user to chose to change their operating system.

Recommendations
The white paper highlights the recommendations for OEMs which include:

The companies recommend that all OEMs allow secure boot to be easily disabled and enabled through a firmware configuration interface. The companies write that it is essential that users are able to remove secure boot restrictions, and boot the software of their choice on the devices that they own. Furthermore, the interface to configure this option should be easily accessible by non-technical users. Of course, this option should only be available to users with physical access to the hardware, and not be accessible via programmatic means.

The two companies also recommend that OEMs (with assistance from BIOS vendors) provide a standardised mechanism for configuring keys in system firmware. For secure boot to be useful in a user-controlled environment, it must be possible for users to add custom keys (KEK, db and dbx entries) to the system firmware. Keys may then be shipped with an operating system or generated by the user. This allows the user to maintain control of the code run on their systems without giving up the benefits of secure boot.

For support purposes, the mechanism provided for key management must be consistent across platforms, and provide a simple method of booting custom software, including from removable media. A suggested implementation may be to scan removable media for signing keys and prompt the user for their installation, or using the specification-defined setup mode to allow key reconfiguration.

The companies also recommend that hardware ship in setup mode, with the operating system taking responsibility for initial key installation. Shipping hardware in setup mode allows key policy to be determined by the operating system vendor or end user. Pre-installed operating systems could then install their own signing keys on first boot. This permits the user to avoid the situation where pre-installed signing keys do not match the user's desired security policy.

Download the white paper.

Source: http://www.muktware.com :headbang: :headbang: :headbang:
User avatar
crustyasp46
He's Everyones Daddy
He's Everyones Daddy
Next LVL Up at : 1750
Next LVL Up at : 1750
 
Posts: 1716
Joined: Sun Jun 06, 2010 11:06 pm
Has thanked: 2653 times
Been thanked: 1006 times

Re: Ubuntu, Red Hat Take Stand On Microsoft' Secure Boot Loc

Postby Kherr » Fri Oct 28, 2011 11:20 pm

Thanks for this Crusty, just another reason to stay away from windows unless you're a gamer like myself. >.>' :hi:
Image
Image
Image
Image
User avatar
Kherr
Site Admin
Site Admin
Next LVL Up at : 1800
Next LVL Up at : 1800
 
Posts: 1776
Joined: Wed Feb 03, 2010 4:19 pm
Location: Detriot, MI, USA
Has thanked: 617 times
Been thanked: 564 times
Fav System: PC/NES/SNES/Genesis
Steam ID: DAKherr

Re: Ubuntu, Red Hat Take Stand On Microsoft' Secure Boot Loc

Postby gamfrkI » Sat Oct 29, 2011 1:14 am

i would of moved to ubuntu (or any linux os) if only the games were compatible :/ and another reason why not to update to win 8
Image

Image
User avatar
gamfrkI
Unlimited Member
Unlimited Member
Next LVL Up at : 1050
Next LVL Up at : 1050
 
Posts: 1034
Joined: Sat May 22, 2010 8:49 pm
Location: LA,CA
Has thanked: 284 times
Been thanked: 138 times
Fav System: PC - 3DS - PS2 - N64
Steam ID: gamfrkI

Re: Ubuntu, Red Hat Take Stand On Microsoft' Secure Boot Loc

Postby crustyasp46 » Mon Oct 31, 2011 9:26 pm

Stand up for your freedom to install free software

The following is a public statement, open for signing. For more background, please read our more detailed explanation of the issue at : http://fsf.org/campaigns/secure-boot-vs-restricted-boot.

Microsoft has announced that if computer makers wish to distribute machines with the Windows 8 compatibility logo, they will have to implement a measure called "Secure Boot." However, it is currently up for grabs whether this technology will live up to its name, or will instead earn the name Restricted Boot.

When done correctly, "Secure Boot" is designed to protect against malware by preventing computers from loading unauthorized binary programs when booting. In practice, this means that computers implementing it won't boot unauthorized operating systems -- including initially authorized systems that have been modified without being re-approved.

This could be a feature deserving of the name, as long as the user is able to authorize the programs she wants to use, so she can run free software written and modified by herself or people she trusts. However, we are concerned that Microsoft and hardware manufacturers will implement these boot restrictions in a way that will prevent users from booting anything other than Windows. In this case, we are better off calling the technology Restricted Boot, since such a requirement would be a disastrous restriction on computer users and not a security feature at all.

Please add your name to the following statement, to show computer manufacturers, governments, and Microsoft that you care about this freedom and will work to protect it.

We, the undersigned, urge all computer makers implementing UEFI's so-called "Secure Boot" to do it in a way that allows free software operating systems to be installed. To respect user freedom and truly protect user security, manufacturers must either allow computer owners to disable the boot restrictions, or provide a sure-fire way for them to install and run a free software operating system of their choice. We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems.

First Name (Required)

Last Name (Required)

Email (Required)
After you submit this form, you'll receive an email from us that asks you to confirm your signature before we add it to the statement. Please note that signing does not put you on the general FSF mailing list; we will only follow up with you only on this particular issue.


This is a public statement and your name will be made public after you click the link in the verification email. We will not publish or share your email address with any party outside the FSF. See our privacy policy for more information.

Can be supported here : http://www.fsf.org/campaigns/secure-boo ... /statement

I would like to remind people that this is not only about Linux, read carefully, if you alter the operating system in any way without pre-approval your computer will not work. It is time to let Microsoft know that they may supply the operating system, but you own your computer and they have no right to tell you what you may or may not wish to put on your computer.

Become involved or potentially have someone remotely sitting beside you, telling you what you can do with your property. :thankyou:
User avatar
crustyasp46
He's Everyones Daddy
He's Everyones Daddy
Next LVL Up at : 1750
Next LVL Up at : 1750
 
Posts: 1716
Joined: Sun Jun 06, 2010 11:06 pm
Has thanked: 2653 times
Been thanked: 1006 times

Re: Ubuntu, Red Hat Take Stand On Microsoft' Secure Boot Loc

Postby Kherr » Tue Nov 01, 2011 5:26 am

Amen to that crusty. Amen to that. :hi:
Image
Image
Image
Image
User avatar
Kherr
Site Admin
Site Admin
Next LVL Up at : 1800
Next LVL Up at : 1800
 
Posts: 1776
Joined: Wed Feb 03, 2010 4:19 pm
Location: Detriot, MI, USA
Has thanked: 617 times
Been thanked: 564 times
Fav System: PC/NES/SNES/Genesis
Steam ID: DAKherr


Return to Modern Computing

Who is online

Users browsing this forum: No registered users and 56 guests