Windows 8 Spells Trouble for Linux, Hackintosh Users and Malware Victims

Michael Butash michael at butash.net
Thu Sep 29 21:41:01 MST 2011 

I doubt it.  I've dealt with a few boards (intel oem servers) that 
supported both bios or efi, but it's not exactly normal to find server 
or other.  I was surprised when I bought a sandy bridge asus board and 
it booted a full pseudo mouse-driven environment via efi for bios 
control - probably an embedded linux system probably much larger and 
complex to store on a dumb bios prom.  Was kinda nifty, but the board 
would have to know how to hook either bios or efi means, and being 
*secure* usually means your options are dictated, right or wrong.

Unless oem's revolt against microsoft and say no.

Microsoft is still the 3000lb gorilla in the room, but oem's simply 
cannot ignore the sale of linux servers to lock out such a large sales 
base.  Linux is far too embedded now.  What I see is microsoft wants to 
reclaim the desktop market, controlling *consumer* hardware and leaving 
linux for "servers".  And themselves, of course.

All it means is it will be more difficult for linux desktop users as 
oem's and vendors suck microsoft for discounts, and some will simply 
remove the option/expense as they don't care about the linux market
(ahem, hp).  Dell I think will remain agnostic and support both, but who 
knows who else will from oem space.  There will be blood.

Then there's vmware/citrix that makes a ton off linux and windoze both, 
but ultimately use linux as the base.  They'll have something to say on 
the matter before it's done.  Linux of course can adapt to make use of 
it as well.  In theory, secure boot is not a "bad" thing, especially 
with a world full of lemming users out there, it just needs done in a 
sane, open manor that can still be technically secured.

Console game systems have all long proven being crackable beyond any 
best effort, that no hardware level security is infallible...  It'll 
just piss people off - ask sony about what happened when they took away 
otheros option on the ps3 unexpectedly.  There will be a middle ground 
one way or another.

-mb



On 09/29/2011 04:14 PM, James Mcphee wrote:
> Used to deal with junk like this on the thinkpads, where you couldn't
> add anything but approved hardware.  It was simple enough to simply
> overwrite their whitelist.  Is there anything to prevent us from simply
> flashing the BIOS?
>
> On Thu, Sep 29, 2011 at 6:57 AM, Michael Butash <michael at butash.net
> <mailto:michael at butash.net>> wrote:
>
>     Same deal as "secure" bootloaders on android phones that have been
>     all the rage with vendors the past few years - it'll only boot a
>     signed *approved* kernel.  I don't see how oem's will cope with
>     this, unless they "pre-load" a cert from any/all vendors, lock the
>     cert store with their own means, and everyone else is then screwed.
>       RH more or less enforces *their* kernels now, so they'll be happy,
>     but I doubt any other linux vendor like Canonical will be.
>       Obviously the consumers, especially those that like to roll their
>     own kernels, will not.
>
>     This was done in cell space largely at the request of the cellco's
>     to *control* their hardware against esn manipulation and to sell
>     them as platforms for the media cartels to hock music on (drm).
>       Since drm has all but become a 4-letter word of late, they've
>     started shipping with unlocked bootloaders, or have implemented ways
>     to unlock them remotely at the cost of voiding warranties (win/win
>     for them).  It will be interesting to see how the oem's like dell,
>     hp, and cisco that sell a lot of servers where windoze server is
>     often NOT a default option anymore...
>
>     -mb
>
>
>
>     On 09/28/2011 10:03 AM, Tom Ostlund wrote:
>
>         This has the smell of proprietary hardware all over it again....
>
>         I would agree that they would turn it off or flash the thing
>         either way
>         many tech support jobs just got job security :-)
>
>
>
>         On 09/28/2011 09:58 AM, Eric Shubert wrote:
>
>             http://www.readwriteweb.com/__enterprise/2011/09/windows-8-__spells-trouble-for-l.php
>             <http://www.readwriteweb.com/enterprise/2011/09/windows-8-spells-trouble-for-l.php>
>
>
>
>             I would think that users could simply turn off secure
>             booting in the EFI
>             (bios) in order to run whatever they like (except perhaps
>             Win8). No?
>
>         ------------------------------__---------------------
>         PLUG-discuss mailing list -
>         PLUG-discuss at lists.plug.__phoenix.az.us
>         <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
>         To subscribe, unsubscribe, or to change your mail settings:
>         http://lists.PLUG.phoenix.az.__us/mailman/listinfo/plug-__discuss <http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss>
>
>
>     ------------------------------__---------------------
>     PLUG-discuss mailing list - PLUG-discuss at lists.plug.__phoenix.az.us
>     <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
>     To subscribe, unsubscribe, or to change your mail settings:
>     http://lists.PLUG.phoenix.az.__us/mailman/listinfo/plug-__discuss
>     <http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss>
>
>
>
>
> --
> James McPhee
> jmcphe at gmail.com <mailto:jmcphe at gmail.com>

More information about the PLUG-discuss mailing list