wolfyboy359
Well-Known Member
ok, so encryption it is. My point is, it isn't time to run around screaming the sky is falling yet. People will find a way to work around it. I just am not that concerned about it.
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Microsoft gearing to stop Linux, going beyond Mac lock-in
- Thread starter EarlyMon
- Start date
ok, so encryption it is. My point is, it isn't time to run around screaming the sky is falling yet. People will find a way to work around it. I just am not that concerned about it.
ElasticNinja
Android Expert
Really? They will? Will they have to run a codebreaker for 157 days to? Its easy to not be concerned when it doesnt affect you. I may be unable to actually purchase a new laptop in the future if I cant run Ubuntu because Microsoft thinks only their software is apparently legit.
Sulfur
Member
Well of course it won't prevent all malware, the obvious target is root kits. Far from beside the point - it is exactly the point of this technology. Again, you can't claim it won't help security yet will provide 100% security against someone with physical access to the machine. An incentive is just that: an incentive. It is in no way a requirement. In fact, I think calling it an incentive is slightly inaccurate. It is an available certification, simple as that. As I've already said, manufacturers are free to do as they please. They can sell linux boxes with BIOS or UEFI. They can sell non certified hardware. They can sell certified hardware. They can close down their business because they're sick of it if they want. It is THEIR business. You're desire doesn't override their freedom of choice. The fact that it is purchased and not leased in no way means you should be able to disable anything. Don't buy that particular hardware then.
There is no evidence that they are coercing manufacturers to seek the certification. Also, I didn't know that the details of licensing deals made between handset makers and Microsoft were made public.I believe the most important thing YOU are missing is that Microsoft is a power hungry corporation just like the rest. If you somehow don't think they are into coercion you're sadly mistaken. Just like the "licensing" agreements they've come to with Android handset producers. Kind of funny how the OEM's who decided to start producing WP7 got a better deal, now isn't it?
That may be true, but it is currently powering nearly every PC, be it laptop or desktop, in the world. It doesn't matter though
Again, manufacturers are free to make an ARM win8 device with an option in UEFI to disable secure boot. Period.
I wasn't throwing stones, I was implying fundamental flaws in your reasoning, that conclusions your were reaching were neither valid nor based on accurate premises.
Fantastic, I'm very happy for you. I said equivalent.
Everyone please continue to characterize Microsoft, currently a shrinking super power in consumer software, as the big bad wolf. It doesn't change this simple fact:
There is NO requirement for manufacturers to make devices with UEFI secure boot and no option to disable it.
IOWA
Mr. Logic Pants
Lol, you must work for Microsoft. None of what you said makes any sense.
Edit: why are you defending this behavior anyway? A lock in has very little user benefit and lots of user loss.
It also makes running liveCD/liveUSB that much harder, so say goodbye to clonezilla backups, gparted(because Windows absolutely is terrible partitioning drives) and other useful live tools.
Edit: why are you defending this behavior anyway? A lock in has very little user benefit and lots of user loss.
It also makes running liveCD/liveUSB that much harder, so say goodbye to clonezilla backups, gparted(because Windows absolutely is terrible partitioning drives) and other useful live tools.
In fact, I addressed the requirement side of this earlier. Perhaps it was missed.
PC suppliers will work to advertise meeting this new standard. They will demand the lowest cost implementation.
By that path, the unlockable UEFI will become a de facto standard. It's that simple.
As is the notion that this is being done to fight rootkits is absolute FUD and Kool Aide.
PC suppliers will work to advertise meeting this new standard. They will demand the lowest cost implementation.
By that path, the unlockable UEFI will become a de facto standard. It's that simple.
As is the notion that this is being done to fight rootkits is absolute FUD and Kool Aide.
baillou2
Well-Known Member
Spacex! ;-)
Bob Maxey
Android Expert
LOL . . . the companies I work for are the best. They never falter and they never error. But I have to say that because I want to work for them next month.
Bob Maxey
Android Expert
Censorship? Nope, I prefer Enlightened Self-Interest. Censorship is such a bad word these days.
I might change my Face Book name to "SOPA Lover." Just to make more enemies.
Microsoft is working in their enlightened self interests to ensure adoption of Windows 8, without regression, and protecting people from those nasty rootkits named Windows XP and Ubuntu.
Sulfur
Member
I don't. It does.
Because I don't see anything wrong with them offering this certification. Because I believe the demonizing of Microsoft brought on by the offering of the certification is obscene. Because there is so much mis/disinformation about the subject in this thread and elsewhere. Also, the offering of this certification isn't a lock in, and it's likely that more end-users are afflicted by root kits than are dual booting with linux, so I believe that translates to more user benefit than not.
Yeah, it will probably be harder to do (for awhile, at least) on machines that don't offer an option to disable it. I, for one, won't be buying one.
Why shouldn't they be free to do so. Isn't "unlockable UEFI" what you want? And why is the last notion Kool Aide?
I'm sorry to hear that.
argedion
The TechnoFrog
Rather or not UEFI stops us from dual booting or does not stop us from dual booting the real issue is how much of the stuff we buy are we going to be dictated to how it will be used. I mean If this was Craftsman Mowers and they said that the Mower has a Sensor to detect rather or not there is a craftsman weed eater in the vicinity if not the mower wont crank how many of us would put up with that. Fortunately we have "Alternatives" if Craftsman was to ever do this but with computers we really don't. Then there is the Other side of the spectrum I have Linux and decide I want to give Windows 8, or even 9 a try well if this UEFI has a lock on it I wont be able to do that either. Regardless though I should be able to purchase a system and change it over how I want.
The really big picture is not being seen here it may start with a computer then the next thing you know Car Manufactures will have it set up where you have to get parts from them no more after market parts because Ford really needs the money. Also think of the business's this could affect whom simply can't afford to get another MS Certification they are already hurting in this weak economy.
The really big picture is not being seen here it may start with a computer then the next thing you know Car Manufactures will have it set up where you have to get parts from them no more after market parts because Ford really needs the money. Also think of the business's this could affect whom simply can't afford to get another MS Certification they are already hurting in this weak economy.
IOWA
Mr. Logic Pants
Still not making any logical sense. It's like locking Ford owners into Shell gasoline to "protect the engine".
There is very little (if any) logical sense to a locked chip.
An incentive? Most likely Microsoft will pull a page out of their old playbook. The lock in will be "optional", but the pricing will be much cheaper than say putting it on a regular rig. They may not even sell OEM versions(much cheaper than retail) to vendors who choose not to implement this chip.
They'll also no doubt put a lot of marketing spin claiming "non certified" machines are somehow not secure.
Again, this has very little to do with security and everything to do with market control. If you can't see that your logic is broken.
And I just want to throw in this won't affect me, because I build all my own rigs from scratch. I won't buy a tablet either if it's locked down.
There is very little (if any) logical sense to a locked chip.
An incentive? Most likely Microsoft will pull a page out of their old playbook. The lock in will be "optional", but the pricing will be much cheaper than say putting it on a regular rig. They may not even sell OEM versions(much cheaper than retail) to vendors who choose not to implement this chip.
They'll also no doubt put a lot of marketing spin claiming "non certified" machines are somehow not secure.
Again, this has very little to do with security and everything to do with market control. If you can't see that your logic is broken.
And I just want to throw in this won't affect me, because I build all my own rigs from scratch. I won't buy a tablet either if it's locked down.
Bob Maxey
Android Expert
Every company would like to control their market. Apple certainly does a good job with iPads. If you want to develop iPad apps, you have only one place to distribute them. Impossible to install .ipa files unless they are downloaded and installed directly from the Apple App Store. In the case of Apple and iPads, they own the market, period.
Unless you jailbreak.
We wanted to control the modem market and we wanted to control the PDA market. Nothing wrong with wanting to control. Every company thinks and tells the public that their products are better. If given a choice, people tend to choose better.
My guess is MS might be looking at the Linux folks as a zero quantity. MS also likely thinks consumers will believe their hype and it will not be a problem because most users tend to stick with Windows. In the end, all that most people consider is Apple or Windows.
wolfyboy359
Well-Known Member
How do you know it doesn't affect me? And how is this any different than your phone or an apple computer? Like I said, you don't need to panic just yet. How do you know you can't run ubuntu on your next laptop? What if it is a windows 7 Laptop? Windows 8 isn't out yet.
A.Nonymous
Extreme Android User
As I've said over and over and over and over again on this thread, you can currently buy laptops, desktops, servers, etc.... that have Linux pre-installed on them. Nothing about this would stop that. If you want Linux on your computer you purchase, just purchase it with Linux pre-installed. What's the big deal?
M
Member243850
Guest
Sulfur
Member
It isn't at all like your analogy. I'm not a fan of analogies in most cases, but a better one would be comparing it to car manufacturers using another companies engine. It happens, and there is no outcry. You're free to swap engines, just as you're free to swap OS's on a UEFI computer. The manufacturer does not, however, have to make it easy for you. The manufacturer doesn't have to provide alternate motor mounts, they don't have to make room for it, they don't have to provide some kind of universal wiring, and they don't have to use or provide room for your favorite bellhousing/adapter. Many modern cars have a seriously locked down ECM/PCM, involving very modern crypto. Hell, on many cars you can't even disable the seatbelt dinger.
There is plenty of sense to UEFI secure boot (at least I believe that's what you meant by "locked chip"). I intend to use it on all of my boxes in the near future. I just meant it that for me it MUST be and option to disable and/or be configurable.
They may choose to provide incentives similar to what you've mentioned, but I haven't seen any evidence of it yet. If they do, that up to them, just like its up to manufacturers whether or not they seek it, and on what particular products they do so.
Obviously, I don't have much to say about your empty speculatively claim on what will "doubtlessly" be a marketing claim.
Concerning the security vs control claim, you're free to attempt to prove it anytime you wish.
Not to mention, unless he plans on buying an windows certified ARM server (ha!), desktop (lol), or laptop (possible), he won't be affected. The unconscionable evil that so many seem to think this certification is, actually requires that it can be disabled on x86 machines. That's your laptop, your desktop, and probably your server. And manufacturers can do whatever the hell they want on all (that includes ARM) devices without this certification
Bob Maxey
Android Expert
Growing up in a house where there was a place for everything and everything in its place; where etiquette mattered and we had to sit together and eat dinner together, yup.
Lots of arguments about where the salt shaker must be placed.
By the way, the cake fork is always at the top or you are a bloody heathen. Smiley.
Regimented dinners aplenty. Especially at formal gatherings where we would never wear jeans and sweats to the table. Or grab a pork chop with the fingers or feed the dog at the table.
Fortunately, I am grown and I can slurp Ramen noodles while naked, standing in front of the sink and I can scratch myself at will.
From the Etiquette Scholar web site:
Salt and Pepper
Since more people use salt than pepper (and most people are right-handed), the salt shaker is placed to the right of the pepper shaker, in a position closer to the right hand.
The placement of the pepper shaker is to the left of the salt shaker, and for added definition it is angled slightly above the salt shaker.
Small salt and pepper shakers, approximately 1
IOWA
Mr. Logic Pants
Don't discount ARM, they are up and coming and most of the next ARM chips will have enough horsepower to be the brain on most users PC's.
And you're still missing the point. The secure boot should be required to have an unlock on all devices in which its implemented. I have nothing against the tech itself, just Microsofts implementation of it.
A.Nonymous
Extreme Android User
Because?
Indeed, UEFI can be used in secure or unsecured mode and what I have read ensures standards when the options are available.
I have read no where that the option MUST be offered and I know from experience how these things can go awry. Couple this with the fact that according to one article, Microsoft is referring to unsecured as custom mode and I become quite a bit more uncomfortable. Custom, in the personal computer commercial lexicon, has a way of always meaning more expensive.
Link me to facts showing my error, and I'll stand down as sincerely, gratefully, corrected.
And speaking of implementation, the HP article I linked seems to explain the architecture in a clear and unbiased fashion.
It raises a simple question.
Why can't this security layer be implemented in software and stored on the hard disk?
In fact, it could. It could be placed on a read only, encrypted partition that bootstraps itself with sufficient encrypted key and encrypted function process returns that it could not be spoofed and would force shutdown if compromised. Said partition could then be re-installed from an optical install disk if compromised, the system booted into a restricted mode to allow sanitation and the rootkit problem would be a thing of the past.
All of this could be accomplished by the same brainpower that thought up the firmware scheme. And this isn't science fiction, it's a known technology. I have personally worked on an industrial software stack with a site license costing between US$1 AND 2 million, and that license system was protected with similar means.
So, this is why I have formed a personal opinion that the sales pitch on this approach being the only way and being primarily for rootkits is Kool Aide.
As for mobile devices, sorry. Were they to implement this on desktops as I suggest and then on mobile platforms as they plan, saying, apologies, no disk, must lock firmware, then I would be OK with that. Plenty of people buy locked Androids knowing that the vendors simply wanted lock-in, and what's good for the goose is good for the gander.
These are just my opinions, though. And as I indicated, I am open to all factual rebuttal. Aren't we all?
I have read no where that the option MUST be offered and I know from experience how these things can go awry. Couple this with the fact that according to one article, Microsoft is referring to unsecured as custom mode and I become quite a bit more uncomfortable. Custom, in the personal computer commercial lexicon, has a way of always meaning more expensive.
Link me to facts showing my error, and I'll stand down as sincerely, gratefully, corrected.
And speaking of implementation, the HP article I linked seems to explain the architecture in a clear and unbiased fashion.
It raises a simple question.
Why can't this security layer be implemented in software and stored on the hard disk?
In fact, it could. It could be placed on a read only, encrypted partition that bootstraps itself with sufficient encrypted key and encrypted function process returns that it could not be spoofed and would force shutdown if compromised. Said partition could then be re-installed from an optical install disk if compromised, the system booted into a restricted mode to allow sanitation and the rootkit problem would be a thing of the past.
All of this could be accomplished by the same brainpower that thought up the firmware scheme. And this isn't science fiction, it's a known technology. I have personally worked on an industrial software stack with a site license costing between US$1 AND 2 million, and that license system was protected with similar means.
So, this is why I have formed a personal opinion that the sales pitch on this approach being the only way and being primarily for rootkits is Kool Aide.
As for mobile devices, sorry. Were they to implement this on desktops as I suggest and then on mobile platforms as they plan, saying, apologies, no disk, must lock firmware, then I would be OK with that. Plenty of people buy locked Androids knowing that the vendors simply wanted lock-in, and what's good for the goose is good for the gander.
These are just my opinions, though. And as I indicated, I am open to all factual rebuttal. Aren't we all?
