Linux Foundation releases Windows Secure Boot fix
-
![]()
Samsung Users & Sam Varghese
Q: What restricting of user rights.
A: NONE.
What about these Samsung users?
Samsung Laptops Bricked by Booting Linux Using UEFI
It seems that the dreaded nebulous HW/SW mismatch is responsible.
How about Sam Varghese?
From this link:
Secure boot: technical types spreading half-baked information
I tested out a recent Sabayon image yesterday and while it does offer a menu that leads one to believe that it will boot after a key is installed, none of the keys provided work.
Sabayon users can't use it.
Garrett mentioned that Ubuntu 64-bit will boot on secure boot-enabled devices;
...
I tested it out sometime back and verified it; I also pointed out that it would not install on the same disk as Windows 8. One had to use a second disk.
This restricts anyone who doesn't have 2xHDD or 2xSSD (or some combination).
Garrett also mentioned that the recent test builds of Fedora 18 would support secure boot; while this is correct, the distribution cannot yet be installed on such systems, no matter if one has a single disk or two.
Fedora users can't use it.
I tested out an openSUSE 12.3 Milestone 2 release a few days back. It does not support secure boot yet - no ifs, or buts or shoulds.
OpenSUSE users can't use it.
The latest Debian test releases cannot boot on secure boot-enabled hardware either.
Debian users can't use it.
The only party who might benefit from this mess is MS (the OEMs and Linux Distro producers don't).
-
-
![]()
UEFI & Secure Boot are not Mircosoft.
You're missing the entire point. Any piece of computer that is "certified" for use with Windows 8, as in any computer that gets to party with the Windows 8 sticker, is obliged by Microsoft's requirements to activate UEFI Secure Boot and as a consequence bars any OS that does not have a security key from Microsoft from booting up. Computers that are "certified" for use with Windows 8 are going to make up the majority of the consumer desktop/laptop market. You see where this is going?
Microsoft through their Windows 8 certification program and abuse of UEFI Secure Boot is dictating what operating system a user can run on their hardware, in this case specifically Windows 8 and nothing else, unless the other software vendors and developers in question decide to pay Microsoft for the right to boot up on UEFI Secure Boot-enabled Windows 8-certified PCs.
Microsoft to stop Linux, older Windows, from running on Windows 8 PCs | ZDNet
The link above sums up what Microsoft is doing with UEFI Secure Boot nicely, I believe.
In addition, Microsoft has proven themselves to be anything but expedient and cooperative in distributing security keys even when Linux put up the white flag and decided to buy one in lieu of a workaround around UEFI Secure Boot.
You can say that Microsoft isn't stepping on users' rights all you want, but the fact remains that Microsoft is abusing UEFI Secure Boot in such a way as to forcibly ensure a Windows 8 monopoly on the general consumer PC market.
-
![]()
Please. Any PC that is certified for Windows 8, has mandatory requirement for non-ARM systems to have SecureBoot user configurable, i.e., can turn it off. You want to install something other then Windows 8, turn SecureBoot off. And be done with it. SecureBoot is a none issue.
http://msdn.microsoft.com/en-us/libr.../jj128256.aspx
Under: System.Fundamentals.Firmware.UEFISecureBoot, Section 18
Mandatory. Enable/Disable Secure Boot. On non-ARM systems,
it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. A Windows Server may also disable Secure Boot remotely using a strongly authenticated (preferably public-key based) out-of-band management connection, such as to a baseboard management controller or service processor. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure Boot must not be possible on ARM systems.
For the majority of users who use computers (They don't dual-boot, or run some other system). SecureBoot is a damn good thing to have. For us, the minority users which is a very small minority, we can turn it off or configure it. So enough with this bullshit about it taking away user's rights.
-
-
-
I will admit I was unaware MS had changed its stance from leaving the ability to enable/disable UEFI Secure Boot to the discretion of hardware vendors to mandating that such a feature be present for certification. I stand corrected in that regard and support that mandate.
That said, I still remain skeptical of MS's willingness to act honorably especially when it is obvious MS wants to forcibly make Metro and its associated closed-ecosystem the next big thing. I honestly hate the direction general computing is going and MS's antics certainly aren't helping.
Quote