UEFI - The next issue.

[lucidfir]

http://www.youtube.com/watch?v=yYqkU1y0 ... e=youtu.be Watch this.
http://arstechnica.com/microsoft/news/2 ... now-it.ars Read this.

I'm not an expert, I'm curious about where this is going and if anyone here has knowledge of the issues. If indeed anyone uses these forums?

[liamreed]

I wouldn't fear there are many devices out there with locked bootloaders for instance ipods, most smart phones and games consoles. in most cases there firmware is exploited and ''jail-broken'' and since there are more experienced Linux users that are used to breaking firmware than the, in some cases, self taught xda developers which crack firmware locked boot sectors on a very regular basis so android owners can run custom firmware i think that that scene would explode with new devs.

plus we are here!

[ted]

I think that the Ars Technica article does a very good job of covering much of the ground about this issue. As for the reality of the situation, there's no way of telling anything until Windows 8/ARM computers start coming out.

I think that the Cory Doctorow talk does a good job of putting UEFI's Secure Boot into perspective, too. It's only mentioned briefly twice, and isn't seen as a worrying thing. The other point is that most PCs will probably continue to use x86, which will be much more open than the Windows 8/ARM infrastructure.

[naggedbycats]

The existence of Vistaloader and similar gives Microsoft a strong motivator to close x86 once this hardware feature is available.

[Roken]

It's almost a certainty now that, with the exception of ARM devices running Windows RT, secure boot will be user configurable (this was part of the original UEFI spec anyway, with only Microsoft dissenting). Latest reports from Redmond suggest that MS have now built configurable secure boot into the validation process for Windows 8.

[naggedbycats]

So, x86 users may run what they wish unless a large corporation with a long history of anti-competitive business practice changes its mind in the future? I'm not feeling reassured by this, you realize?

There's an interesting article on the matter with Mr Torvalds here : http://www.zdnet.com/blog/open-source/l ... dora/11187 Note his ideas on how the infrastructure should have been implemented are a bit different to Microsoft's system of charging $500 a key on sysdev.microsoft.com ...

[Roken]

I wasn't seeking to defend MS (Lord knows, I'd be the last person to do this, being exclusively a Linux user on my home machine), but merely pointing out that the issue is not quite what many people seem intent on portraying it as.

In addition, although distributable signing keys will be charged for (at $99, not $500), the Fedora team are to release a free open source tool for generating a personal signing key, which means that individual users will be able to sign their own system for their own operating system without charge. The limitation will affect those who build operating systems for small niche markets with limited or non-existent funding, since they may not be able to use a signed bootloader/kernel without paying. Having said that, again Fedora and, IMO surprisingly, Canonical may come to the rescue since using either as the base for the custom system should allow their signed boorloaders to be used.

I agree that the situation is far from ideal, but let's not make it a target for unwarrented FUD.

For the record, I'm one of those who would probably ultimately be caught by both scenarios outlined above, since I compile my own system AND I'm developing a niche Debian based ISO, so I'd rather secure boot never existed. Personally, since I build my own personal use systems, too, and it's extremely unlikely that motherboards as components will have secure boot enforced at all I will probably escape the worst of it, but I'm well aware that I'm in a minority.

I'm simply asking for objective contributions, rather than raising the red flag.