Windows 8 OEM specs may block Linux booting

[James C]

Has anyone actually tried to run Puppy on one of these machines and failed? I don't have any new machines readily available to try myself.

Just built a new box (with UEFI).... no problem running Puppy or any other Linux. Yet..... Shouldn't even be a problem till that crappy Windows 8 is released.

[nooby]

James thanks for these links and quotes. But the one you bought is
prior to the next generation when them are sold in the Big Chains
like ComputerLand or whatever name these have.

And what Microsoft write I quote

The security that UEFI has to offer with secure boot
means that most customers will have their systems protected
against boot loader attacks. For the enthusiast who wants to run
older operating systems, the option is there to allow you to
make that decision.

That is only if the OEM think it is worth the cost to add that
flexibility to that product. Usually that would cost much much more
and then the retailers don't import that gear.

Compare with the added feature to use the ASUS? and others also
had to dual boot with a kind of Linux that booted within 1 to 5 seconds
being directly coded into the BIOS as ROM it had Firefox and a email
client and media player maybe? I still after three years don't have one
and I have three laptops and some 5 desktops.

And remember that Asus promised that every Mother board
from them would have this dual boot. Do they? so even
when them promise it does not get applied. So why now?

I looked for years to buy such a computer. None had them
and when it finally arrived after some three years of waiting.

Then instead of costing 2000SEK like the others then due to no demand
for it it costed 6000SEK or something on that level.

I trust the same will be for these OEM products that allow dualbooting.

The ordinary Computer Joe user will not ask for this feature so none of
the ordinary computers will allow dual booting due to security sells!

Then there will be special editions that cost three times more to buy.

So in practice one would have to buy a used such that people sell for the same price as a new that don't allow dual boot.

Money sets the rules. Linux users are too few to have a say. 1% of the
market for house hold computers are on linux

Yes servers is different. There Linux are huge

[arcanis]

Then use non-MS hardware like 32-bit ARM (as MS will choose 64-bit) and Puppy will run happily there.

It is my understanding that M$ also has versions of Win8 for ARM in both 32-bit and 64-bit architectures.

How else would you lock-up the computing world unless you could do it all? I see they are getting their armaments ready for battle. (Congratulate me: I avoided an overly obvious bad pun here.)

I do sincerely hope that legislators and governments do not lock step with them and decide the only way to secure the Internet is through the boot process lock-down. It's not only a false supposition, it has really bad consequences for us.

I choose to believe that at least some freedom is always possible. "Certain victory through an indomitable spirit."

[Flash]

Leading PC makers confirm: no Windows 8 plot to lock out Linux

Summary: The drumbeat from Linux advocates about a key security feature in Microsoft’s forthcoming Windows 8 is getting louder. They call it an anti-Linux plot. But the two leading PC makers disagree with them. I’ve got exclusive details.

Microsoft: Don’t blame us if Windows 8’s secure boot requirement blocks Linux dual-boot

[technosaurus]

Does anyone know exactly what ARM version M$ is targeting. The reason I ask is that it will provide a surplus of that type of commodity hardware. The distro that performs the best on those will grow by leaps and bounds when the bloatware fails to perform.

[James C]

Does anyone know exactly what ARM version M$ is targeting. The reason I ask is that it will provide a surplus of that type of commodity hardware. The distro that performs the best on those will grow by leaps and bounds when the bloatware fails to perform.

FWIW, the developer version was running on a NVIDIA quad-core Kal-El tablet.
http://www.theverge.com/2011/09/14/nvid ... -hands-on/

[nooby]

But reality is a totally other thing. It sounds good when Ms assert
them don't lock it down. It is up to the OEM to decide.

But the Linux users are too few for the OEM to bother about us.

And this text I think says it all. At least to me.

http://www.theregister.co.uk/2011/10/31 ... cure_boot/

No ordinary noob can do what them describe there.

The the Linux Foundation recommendations also cover how to support dual-boot systems and allowing Linux distros to be booted off a CD in the brave new world of secure boot.

Specifically a "firmware-based mechanism should be established to allow a platform owner to add new key-exchange keys to a system running in secure mode so that dual-boot systems can be set up" and a "firmware-based mechanism for easy booting of removable media".

The paper also advocates the future establishment of an operating-system-neutral and vendor-neutral certificate authority to issue keys to third-party hardware and software vendors.

Some observers have expressed concerns that secure boot could be used to exclude open systems from the market, but there is no need for things to be that way, the paper concludes. "If vendors ship their systems in the setup mode and provide a means to add new KEKs to the firmware, those systems will fully support open operating systems while maintaining compliance with the Windows 8 logo requirements."

I am not good at reading any kind of text but it does cleary say that
you do need a authorized certificate key to unlock it unless you know
how to make it get out of Ms Windows secure boot and go back to the insecure "set up" state and start all over.

so if you want to do dual boot then you need to hijack Suse or Ubuntu payed key certificate and go piggy back riding dual booting with them adding Puppy as a dual booting OS to the Dual boot that Ubuntu provide for you. Would Ubuntu really care about a Root for ever crowd?

Them hate root already now. If Ms Win force them to pay for these UEFI thing then why would them feel for letting us in the back door?

So then the only way to boot puppy would be using an external CD player that cost as much as the tablet itself or the netbook itself
and that would work only if the OEM allow that one to boot anything that don't have the UEFI keys.

One has to be realistic how money works. There is not money in it for them to allow this. Rather the opposite. Them can sell their product
using security that it fail to boot foreign OS so the Company buying the computers feel secure that no employee that is not loyal boot another OS to circumvent the security set up by Ms Win to protect them from spying.

[arcanis]

I have two thoughts:
Firstly, I think the paper linked to in the above article cited by nooby offers some hope. Here is the direct link to the paper the article is discussing, the same as the link within the article itself:
http://blog.canonical.com/2011/10/28/wh ... -on-linux/

Secondly, it might be helpful for someone to organize a campaign to make sure the OEM's know how we feel, and that we don't buy their machines and parts for the operating system.

I agree that the money is their god, but they will occasionally offer a sacrifice toward good will(=marketing or image) if they think it will lock in future profits.

And judging by the numbers of people still running eVista, and the even larger number running eXP, the switch to 8 is going to be gradual at best. So, we still have time to make our combined voice heard, or at least we should try.

[nooby]

Arcanis that is a supportable attitude indeed. Hopefully it will work for us.

Now kind people that have English as your first language.

Microsoft: Don’t blame us if Windows 8’s secure boot
requirement blocks Linux dual-boot

One can read that in a positive way. An optimistic interpretation.

But one can also be cautious and realize that them express
it that way because Micrisoft already now know
that the OEM and retailers see no money into providing us
with unlocked or unlockable hardware.

So most likely it will go same way as it did with Asus EEEPC
that first had poor versions of proprietary Linux on them and
then later them only had Win XP or Win 7 on them.

Retailers sent the Linux computers back because them could not be sold.

Yes I know this is not like that but if there is no money in it for
OEM and Retailers then them only give a damn if they get very
bad publicity for not providing ability to have linux on the computers.

May I predict that Suse and Ubuntu will be allowed and nothing else?
Only them having the money to pay for the keys needed to unlock the UEFI BIOS

[Puppyt]

Nah - this sort of blatant monopolising would be IMPOSSIBLE here in Oz - we have this super-diligent body called the ACCC ("Ay-triple C" - Australian Competition and Consumer Commission) who's edict is to:

The ACCC promotes competition and fair trade in the market place to benefit consumers, businesses and the community. It also regulates national infrastructure services. Its primary responsibility is to ensure that individuals and businesses comply with the Commonwealth competition, fair trading and consumer protection laws.

... and it has the Australian banking system, the communications monopoly that is Telstra, and the world's strongest supermarket duopoly of Coles and Woolworths - all shaking in their collective boots.

... or rather - wetting themselves silly with convulsive giggling.

In an ideal world, rather than getting tax exemptions for buying the latest computer hardware with Win8 pre-loaded, M$Office, and the milieu of "security" software needed to accompany the Windows platform, we should get exemptions for:
1) "Buying" our software from BK/Puppy Linux Trust etc.;
2) get carbon credits for productively using recycled computers - "Cash for Clunkers" in reverse;
3) get credit for the environmental savings of unused packaging etc that plague the shelves of computer stores;
and,
4) facilitate and enforce the Windows "buyback" system - the almost mythological clause that states you can have your money back from M$ if you have their operating system removed when purchasing a new computer.

Alas, for such an Australian Utopia to occur in a future that is teetering on the brink of recognising the value in a frugal human existence (i.e., carbon neutral/ carbon-negative), we would need the ears and hearts of a political party so inclined (and that carries the balance of power), and a cash-strapped Federal Portfolio - such as the Education Department - that might try the non-MicroSoft approach, as adopted widely in the EU.
NEVER GOING TO HAPPEN
We'd need a federal minister with greenish leanings and the moral turpitude to buck the current gutlessness in his party. Won't be burning the midnight oil dreaming of such a figment of our imagination, will we?

But seriously, how can we ensure that donations to Barry and the Puppy Linux developers are acknowledged as justifiable expenses and be eligible for tax exemptions? Does anyone know of the steps needed to bring non-proprietary software purchases out of the cold?

Has the buyback clause for Win8 been revoked entirely? Does anyone know?

[Lobster]

Does your phone or tablet run a MS (corporate viral operating system)
No?

Do the world's computer manufacturers (China) advocate a closed operating system from Microsift
No?

Will Apple be running Microballmer OS?
No?

Do the 1% of knowledgeable Linux users intend to support hardware closing their options?
No?

Are IBM and other major Linux users going to allow the MicroShark legal dept. a free ride?
No?

Is every major government purchasing block, totally dependent on Microsoftee posturing and corrupt monopolising?
No?

Did MS make friends whilst it was a global force?
Tsk . . . Tstk . . . No

Micro by name.
Now by influence too.

Just say No!
Now you know

[nooby]

Lobster your English is so far beyond my poor grasp of it
that I have no idea what you try to say. Sorry. I really did try.

The facts are that Microsoft are now helping Nokia in Finland
to survive using Ms Win 8 smartphones instead of making
Linux based smartphones or Symbian based smartphones.

So why did them not make Android like Samsung or HTC or ...

Maybe because Android do have proprietary code in it that
cost them money to get permission to use?

Apple's Steve Job did his best to destroy Android.

So it is not as you say at all. There is fierce competition
and it does not look good for independent Linux developers
at all.

And for how long will them allow jailbreaking of Apple and Android?

Ms seems to already know what the OEM is going to do.
So them write. Don't blame it on us if you fail to boot Linux.

[gerry]

We hear about projects like the London Stock Exchange and the Large Hadron Collider working on Linux, but what do the Large Hadron Collider scientists have on their desktops/laptops? Linux? MS? Or possibly even Unix?

Do establishments like that represent a free software stronghold? Or is it only the machinery that uses Linux?

[nooby]

I trust that money talks. When it is economical to have linux
and it seems to be very economical to have it on Servers.
then big corporations do tend to have it.

At other times them have Apple if them are into Journalism or
Design or something and them want to have certain software
them learned to love.

Some Universities got sponsored by Apple so there are only Apple
or MacIntosh or something in their school but then other departments
can have Microsoft or Linux. it depends on many factors.

AFAIK the average Joe do have Microsoft to some 95% or something.

[gcmartin]

interesting views.

• MS has been running on ARMs for several years. Not new news.
• MS is not going to "lock" Linux in any way. Not good image.
• Linux has already stepped and address, new method of Disk Management. ISO standard.
• OSs (MACs & Windows) are going to evolve to address the direction that the industry has already shown you. Open your hand and look at you "calling thingy".
• Expect a significant use of audio/video among tomorrow's peoples. Its already happened.
• There will continue to be 95% consumer products running MS.

Puppy will, necessarily, evolve as well.

[sickgut]

Thanks indeed for pointing this out to us.

Guys I just love this. This is exactly what I have been warning for
for years. I am a true pessimist and reality always turns out to be
ten times more bad than even my worst nightmares

Haha this is so funny.

Windows 8 OEM specs may block Linux booting
New secure boot process leaves unsigned Linux out in the cold

September 20, 2011, 9:45 PM —

After years of trying to cut off Linux growth as a desktop platform on x86 and x64 PCs, Microsoft may have actually figured out a way to stop Linux deployments on client PCs dead in their tracks.
...
EFI, and the later UEFI specification, is not the problem for Linux. The problem is Microsoft's other requirement for any Windows 8-certified client: the system must support secure booting. This hardened boot means that "all firmware and software in the boot process must be signed by a trusted Certificate Authority (CA)," according to slides from a recent presentation on the UEFI boot process made by Arie van der Hoeven, Microsoft Principal Lead Program Manager.

The slides, posted on Garrett's in a blog Tuesday afternoon, reveal Microsoft's plan to lock down the boot process, which Microsoft rightly points out has become a high-value target vector for injecting malware onto Windows PCs. To combat this, Microsoft is requiring all Windows 8 devices to have a hardened boot. Right now, even though there are EFI-ready Linux bootloaders and distros available, none of them are signed, Garrett reminded me.

It's not just a matter of replacing the UEFI system on the device with other, unencrypted, firmware. If all parts of the chain need to have a CA signature, then swapping out a machine's signed EFI layer with, say, an unsigned BIOS or EFI would not work. Garrett described the problem in more detail:

John deMurga can get in trouble if I quote all if it. Read at the first link first
http://www.itworld.com/it-managementstr ... ux-booting

them have finally found a way to force us to get our own OEM makers of hardware. To go get together to collect money to ask the hardware guys to make our own Linux hardware.

May I give a reasonable prediction. Lobby will ask the European Union to set a law for all of Europe that no ISP will allow a pc to go out on internet that doesn't show this secure UEFI certificate in place.

that is a very likely scenario folks!


Edit

one of the commentators and most likely not the only ask this

01NarrativeMode_tw330709924 9 hours ago
Wouldn't the simplest solution be to boot from an external device like a cd or more likely usb key? Dual boot when you want it, walk away with your cache files. Done.

That sounds too simple for them to allow. As I get it them would not allow such booting because it does not have those certificates. ???

Am I wrong? I mean if them to go to such length to secure the hdd booting why would them then allow anybody to boot using any odd CD/DVD/USB with possible malware on it?

USB or CDROM booting would always still work. Windows 8 could have every blocking device known to man, but if you select to boot from USB or CDROM in your bios then the computer ill leave the HDD alone. There is no way a program or OS on a HDD can stop you booting from an external source, because you bypassing the bootloader on the HDD completely. Windows 8 isnt hardware, its sofware. It doesnt exist anywhere on your computer other than the HDD, unless Windows 8 starts to load or whatever bootloader it uses that does the blocking is executed, then how could a program sitting on a HDD interfer with anything at all if that program never gets loaded? Also you could disable the HDD controller in the BIOS. The only way that booting from usb or cdrom could be disabled is if the manufacturers (the OEMs) actually disable the boot from USB or CDROM in the BIOS completely and there is no reason for them to do that, as PC manufacturers want everyone to buy their computers... win users, linux users ... whoever ... and would certainly not deliberately modify their hardware just so that all linux users wont buy their computers.

[nooby]

sickgut I can be wrong but that is what an UEFA is.
That is the BIOS with another name.

So it is impossible to boot using CD/DVD/USB or Dual boot
if you don't have the certificated keys that you have to pay for.

SUSE or Ubuntu may have the money to pay for these but I doubt Puppy would.

So then the only other option is that the OEM would allow the customer
to shut it off.

But that goes totally against the reason it was created.
The reason there is a UEFA taking over from BIOS and
the reason there will be no more BIOS ever again is
the security that sells.

Couple this with the Lobby that has taken momentum now
that only certificated software should be allowed to enter
the internet. Even if you manage to bypass the certificates
then your Puppy don't have the certificate to get out on internet.

The ISP would be required to have filters to not let you get an IP!

Not implemented yet but them are working on it. They pay people
to meet European Parliament representatives to have security in mind
and sooner or later then accept in the name of security.

Politicians wants to be popular and security is important and
if 95% of all OS are Microsoft and them have alredy payed
for the Certificate and if Apple and Android also pay.

then there is only Linux left. Some 1% or less and if Ubuntu pay
then how many percent of users outside of Ubuntu can persuade
their Politicians to care about Puppy? Why don't you use Ubuntu
them would tell you.

gcmartin that is why Microsoft say "Don't blame us" because them
know that the OEM and Hardware firms would have no economical
reason to allow anything else than those who pay the certificate
keys.

We allow anything as long as you pay the keys. So sure Microsoft
will not officially do anything but the signal them send to the OEM is
that them want to be alone if possible or only those that pay for it
and I expect this certification is very expensive.

There is no need for certificate keys if one could boot using USB or CD
without the keys. So booting will be impossible without either keys
or a unlockable UEFA.

Why would them make it unlockable? There is no money in having such.

[nooby]

Here is another strong sign. A commenter on a big computer mag
wanted to say FUD and to show how unsupported this is.
Him being an American contacted Dell and HP and them
assured him that them will not lock their comouters.

But Dell here in Sweden is mainly bought by employee that get
subsidation from their work and that was a thing in the past.
HP felt unsure of if them should continue with their PC.

The reporter/commentator/columnist should have asked ASUS
and ACER and such them more likely will be world seller of hardware?

Even them can be minor operator soon. Acer failed to sell well
here in Sweden. So the market is in a state of flux now. There is
no reason to trust that Dell and HP will be the main seller of computers
where I live. None of them make hardware that I would want to buy either

[James C]

Linus Torvalds on Secure Boot....

http://www.muktware.com/news/2865

[nooby]

I am too lazy to really read all of it but this part supported what I wrote???

It's true that secure boot can be used for horribly,
horribly bad things but using that as an argument against
its existence at all is I think a bit naive and not necessarily right.

Because if you do things right then it's a really good thing.
I would like my own machine to have the option to not boot
any kernel, or boot loader, that is not signed by this signature.

I want to have the option to also realize that OK now
I am going to boot another operating system or do
something else and I want to undo that.

But I want that to be a BIOS set-up screen where you have to be
at the machine physically and then it is a great thing.

And I think that's actually how most secure boots would be set up.
The fact that then you could possibly set it up so that the user
at the BIOS screen can't even change it, makes it problematic.

Maybe some people would use that and that is really scary.
But at the same time that doesn't invalidate the technology
as a very powerful and useful tool.

As I get it. Him want us to have a choice at boot to
be able to shut it off. Ms Windows says them leave that
up to every maker of a motherboard to decide upon.

My take on it is that if the maker see no money into
having a user able to use linux without certificate then
the makers will not allow us to boot even using CD or USB
or to make an added frugal install because it only boot if one
have the certificate that are on the payed list of accepted OS to boot.

And Linus agreed with this and had the view that we should
have such certificates too. That it was a good way to get secure.
And I agree with that too. If one can trust these certificate then
it is a good way. But it can be too costly for the Devs of a Linux distro.

Why am I so cock sure about this? Well if even our own guys like
Debian and Ubuntu and many others use security as the argument
for not allowing us to be root. And some programs refuse to start
if them are in root. There is a trend to not allow too easily things
like Puppy to be root always. The other Linux distros look down upon it.

So to me this is same way of reasoning. In same way as Ubuntu fail
to be root in the way Puppy is root and in same way AntiX fail to allow
that I save to same drive that I booted from that is the same thinking
that will make it most likely that the makers of hardware see no reason
to allow insecure OS like Puppy to get booted ever on their mobos.

So either the makers of the hardware decide to only allow
certificated OS to boot like Sony did with their PSP or what
name the Game thing had. Like Apple do with their Ipods.
The old ipods you could boot linux on them but the new Ipods
I have not heard anybody getting around the locked down boot.

So to my sloppy reading it seems that if there is no money into
giving us the right to boot un certified linux then the makers will
not be motivated to allow us. No work around. The only thing
that would give us right to boot would be if the Tabloids made a
huge campaign that it was a shame them did not allow us.

Only money counts for the makers and bad reputation can mean less money