Announcement

Collapse
No announcement yet.

Fedor is paying MS to get ...... and the rest of us will be next.

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • SteveRiley
    replied
    Originally posted by GreyGeek View Post
    I just read an intesting rebuttal to RedHat's position.
    http://mjg59.dreamwidth.org/9844.html
    Jerry, that article is also by Michael Garrett -- the same guy who wrote about Fedora's decision.

    I have poured over everything Garrett has written and spoken about UEFI. Much of my knowledge is informed by his work. I sense he and I are of similar minds regarding UEFI: it is a welcome and necessary improvement over BIOS, but much of it remains a mystery and therefore rife for vendor abuse.
    • Top
    • Bottom

    Leave a comment:

  • GreyGeek
    replied
    I just read an intesting rebuttal to RedHat's position.
    http://mjg59.dreamwidth.org/9844.html

    Here are some pieces of that article, much of it repeating what Steve cautioned about:
    .....
    Licensing

    GPLv3 has various requirements for signing keys to be available. Microsoft's new requirement that systems support the installation of user keys would let users boot their own modified bootloaders, so that may end up being sufficient to satisfy the license. But we're then beholden on Microsoft - if they remove that requirement then users lose that freedom, and suddenly we're in an awkward licensing situation. There are ongoing conversations about exactly what we're able to do here, but it's not a solved problem.
    Key distribution

    The UEFI spec doesn't describe or mandate a central certifying authority. Microsoft require that everyone carry their key. We could generate our own, but we have much less sway with vendors. There's no way to guarantee that all hardware vendors will generate our key. And, obviously, if we generate a key, we can't just hand the private half out to others. That means that it becomes impossible for people to produce derivative versions of Linux distributions without getting their own key. The kind of identity verification that would be required for getting such a key is likely to be expensive, and also fairly likely to require that the distribution have a legally registered company in order to facilitate the identity verification. Think Extended Validation certificates, not Startssl Free. Hobbyist Linux distributions will be a thing of the past.
    Doesn't custom mode fix this?

    Microsoft's certification requirements now state that all systems must support a custom mode, implying that it will be possible for a user to install their own keys. Linux vendors would then be able to ship with their own keys on the install media and impose their own policies. Everyone's happy. It's not really good enough, though. People have spent incredible amounts of time and effort making it easy to install Linux by doing little more than putting a CD in a drive. Asking them to go into the firmware and reconfigure things adds an extra barrier that restricts the ability to install Linux to more technically skilled users. And it's even worse than that. This is the full description of the requirement for custom mode:
    1. It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK.
    2. If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system will be operating in Setup Mode with Secure Boot turned off.
    3. The firmware setup shall indicate if Secure Boot is turned on, and if it is operated in Standard or Custom Mode. The firmware setup must provide an option to return from Custom to Standard Mode which restores the factory defaults.


    There's a few things missing from this, namely:
    • Any description of the UI. It's effectively impossible to document Linux installation when the first step becomes (a) complicated and (b) vendor specific. Vendors are using the UEFI transition to differentiate themselves by coming up with their own unique firmware interfaces. Custom mode is going to look different everywhere.
    • Any description of the key format. A raw binary representation of the key? An EFI_SIGNATURE_DATA struct? A base64 encoding of one, further protected with ROT13? We just don't know.
    • Any way to use custom mode for unattended installs. It's a firmware interface that requires a physically present user. Want to install a few thousand machines over the network? This isn't a scalable approach
    • …and this one's nitpicking, but there's not actually any requirement that the user be able to add keys - a vendor could conform to this language by only letting users delete keys. This is actually ok as long as the user deletes Pk, because then we'll effectively be back in setup mode and can install our own keys from the installer, but it still results in some practical problems


    So no, custom mode doesn't make everything ok. Custom mode with a mandated UI and a documented key format would be much closer, but it wouldn't solve the problem of unattended automated installs.
    Summary

    We can write the code required to support secure boot on Linux in a minimal amount of time - in fact, most of it's now done. But significant practical problems remain, and so far we have no workable solutions for any of them.
    Here are some quotes from the comments:

    ...Custom mode is forbidden on ARM, and maybe in the future on PC, too. No one should be happy about this.



    ...The whole point of having windows available on ARM was so that us Linux heads could have arm based laptops with the long battery life and lots of cores (I've heard of 256 core boards). It will be very disappointing not to be able to run on these ARM based systems.

    ...
    • Top
    • Bottom

    Leave a comment:

  • GreyGeek
    replied
    Thanks for your series of very informative posts and replies, Steve.8)

    I knew nothing of EUFI and have had no experience with it. Reading your posts about installing Kubuntu on hardware controlled by EUFI, watching your video on EUFI and Kubuntu Plasma-Active, and Michael Garrett's post and comments about Fedora's actions, I am no longer concerned as much about it as I used to be.
    • Top
    • Bottom

    Leave a comment:

  • tek_heretik
    replied
    Originally posted by nickstonefan View Post
    I found this article from July 2011 about Microsofts contribution to the Linux Kernel.

    http://techie-buzz.com/foss/microsoft-linux-3-0.html
    Smells like self-serving, self-preservation to me, they know Linux is popular on servers, last thing they want is to lose even more business.
    • Top
    • Bottom

    Leave a comment:

  • oshunluvr
    replied
    Originally posted by woodsmoke View Post
    Oshunluvr

    Thanks for the post.

    Re ZaReason and System76, I wonder if they sell just plain mobos, couldn't find anything on the sites.

    woodsmoke
    No I don't think they sell mobo's - but I believe as long as you buy a mobo, not a windows pre-installed system you don't need a securekey thingy. Either way, I would check with the manufacturer to be sure. I usually buy Asus mobos.
    • Top
    • Bottom

    Leave a comment:

  • NickStone
    Guest replied
    I found this article from July 2011 about Microsofts contribution to the Linux Kernel.

    http://techie-buzz.com/foss/microsoft-linux-3-0.html
    • Top
    • Bottom

    Leave a comment:

  • SteveRiley
    replied
    Originally posted by SecretCode View Post
    I'd be interested to hear more about that Steve ... do you recall those sources?
    It was in a thread someplace on Phoronix, I don't remember which. A 60-second Google trawl didn't find it. I'd have to look more closely.
    • Top
    • Bottom

    Leave a comment:

  • SecretCode
    replied
    I'd be interested to hear more about that Steve ... do you recall those sources?
    • Top
    • Bottom

    Leave a comment:

  • SteveRiley
    replied
    Originally posted by tek_heretik View Post
    I dunno about that, nVidia woke up and realized the Linux crowd is a sizable market that buys their higher end products
    But yet their binary blob, according to some sources I've read, replaces large parts of the Linux kernel. One commenter on Phoronix even questioned whether you could call it Linux anymore.
    • Top
    • Bottom

    Leave a comment:

  • woodsmoke
    replied
    Oshunluvr

    Thanks for the post.

    Re ZaReason and System76, I wonder if they sell just plain mobos, couldn't find anything on the sites.

    woodsmoke
    • Top
    • Bottom

    Leave a comment:

  • oshunluvr
    replied
    IMO, there's a difference in "bending over" and simply insuring the hardware works on windows as well as other OS's. Unfortunately, until Microsoft is broken up (as they should be) we'll all have to get along at some level. At this point, I won't knowingly be buying any products that microsoft gets money from unless there is no real choice in the matter. I build my own servers/desktops and all my future laptops will come from ZaReason or system76.
    • Top
    • Bottom

    Leave a comment:

  • tek_heretik
    replied
    Originally posted by whatthefunk View Post
    Any hardware vendor that wants to exist in this world has to be sure that Windows can be installed. Can I interest you in an abacus?
    lol @ abacus, too funny

    I dunno about that, nVidia woke up and realized the Linux crowd is a sizable market that buys their higher end products, the average Joe that runs Win-DOHs mostly have a mainstream video adapter product. I am not an Intel fanboy, I just find their CPUs more reliable than AMD's, sure would hate to be forced in that direction because of M$.
    • Top
    • Bottom

    Leave a comment:

  • whatthefunk
    replied
    Originally posted by tek_heretik View Post
    Any hardware vendor that bends over for M$ does not get my geek dollars.
    Any hardware vendor that wants to exist in this world has to be sure that Windows can be installed. Can I interest you in an abacus?
    • Top
    • Bottom

    Leave a comment:

  • SteveRiley
    replied
    Originally posted by SecretCode View Post
    New motto? I want this on a KFN T-shirt.
    LOL... but please, we try hard here to keep suckage away from KFN
    • Top
    • Bottom

    Leave a comment:

  • SecretCode
    replied
    Originally posted by SteveRiley View Post
    Ultimately, I suppose, it's a matter of choosing which kind of suckage you're most comfortable with.
    New motto? I want this on a KFN T-shirt.
    • Top
    • Bottom

    Leave a comment:

Previous 1 2 3 template Next

Users Viewing This Topic

Collapse

There are 0 users viewing this topic.

Working...
X