Secure boot: Microsoft shows up Linux

IT Wire ^ | 14 December 2012 | Sam Varghese

[ShadowAce]

It's early days for secure boot, the new method that Microsoft is using to protect its desktop turf, but it would not be unfair to say that the company has succeeded in showing up the sharply fragmented nature of GNU/Linux.

Secure boot is a feature in the Unified Extensible Firmware Interface, the replacement for the motherboard firmware or BIOS. It has been implemented by Microsoft in a manner that effectively prevents easy booting of other operating systems on machines which have secure boot enabled.

An exchange of cryptographic keys takes place at boot-time so that a system can verify that the operating system attempting to boot is a genuine one, and not malware. There are further key exchanges along the way. Since Microsoft controls the key-signing authority, everyone who wishes to boot an operating system on hardware certified for Windows 8 has to buy a Microsoft key.

The fact that secure boot would be used in Windows 8 was known last September. The ideal solution would have been for all the Linux distributions, plus other companies that depend on Linux for their profits, to band together under the Linux Foundation and use their combined clout to influence things with hardware vendors.

Instead, the distributions have been unable to do anything except to work separately to devise solutions to cope with the technology. The bigger distros - Red Hat, Ubuntu and SUSE - have each devised their own methods of getting their operating systems to boot on machines with secure boot. The biggest free distribution, Debian, has still not said publicly what it will do.

The smaller distributions will probably have to depend on an act of charity to get their systems working on secure boot systems.

That act of charity has come from kernel developer Matthew Garrett who has created a shim or first-stage bootloader, and obtained a cryptographic key from Microsoft, for the purpose of signing it, with his own money. Using this, the smaller distributions can follow a procedure which he has outlined to cope with the barrier of secure boot.

When it became evident that the Linux companies would take an each-man-for-himself attitude, the Linux Foundation came up with an idea similar to that which Garrett has implemented.

The difference is that it has, thus far, failed to overcome the bureaucracy within Microsoft's ranks and complete the procedure. Garrett has been able to do what the Foundation, which blows its own trumpet quite a lot within restricted circles, could not do.

A pretty simple ploy would have been for the so-called Linux community - it looks like a collection of disparate tribes at times like this - to use the media, and the clout that it enjoys by virtue of the widespread use of the kernel in businesses, to put the onus on hardware vendors to co-operate in devising a solution. Many media outlets are sympathetic to Linux and never write a negative word about it.

But when it comes to using the media, the Linux community is in grade 1. Or probably in kindergarten. It works in a highly insular manner, preaching to the converted, and forgetting that there is a vast, thirsty audience out there, looking for good computing software.

It is not as though there is no talent in the ranks of the Linux community to come up with a solution and an elegant one at that.

Back in 2005, when the kernel project faced a crisis after Larry McVoy, the owner of the proprietary source code management system used by Linus Torvalds, said he was withdrawing the use of the free version of the system, Torvalds himself came up trumps with a SCM system called git, which was knocked together in next to no time. A few others, all talented individuals, put their hands to the wheel as well and there was barely a hiccup in the development process.

But that was then. This is now, when there is more than just a touch of arrogance in Linux circles because of the way usage has grown. Never mind that Linux is barely a whisper on the desktop, it dominates several other spaces. Why Linux people even feel proud that Android is dominating the mobile arena, forgetting that the only truly free element in that system is the kernel.

Secure boot has exposed the Linux community as a fractured entity that cannot pull together. It has inconvenienced ordinary people who often take up use of the system after testing out a downloaded CD. At the moment only one CD can be used on a Windows 8 computer with secure boot - Ubuntu 12.10 64-bit. And there are more than 300 distributions.

True to form, even the fact that this Ubuntu CD would boot on Windows 8 certified machines was never widely disseminated. Once again, it can only be put down to sheer arrogance - after all the whole world knows about Linux, so they should know that fact too, shouldn't they?

You'd have to wonder - when will people ever learn?

[ShadowAce]

[ShadowAce]

[apillar]

I give it a couple month before some hacker finds a crack or workaround that allows users of other operating systems to “spoof” the cryptographic keys and make secure boot think it’s actually loading Window’s 8

[CORedneck]

IMHO, anyone making the PC boards with this Secure Booting, they should be boycotted. Even Apple allows for Linux both under the former PPC and Intel platforms. I use to do multiple partitions in Apple but now using VMWare to run Linux.

[rarestia]

Microsoft makes me sick, and I work as a MS systems engineer. They’re due to be smacked down, and I have a feeling both Win8 and Server 2012 are going to do that. People are not ready nor do they want touchscreen desktop OSes, and forcing it on them is not the way to go.

The idea of putting a touchscreen server OS on the market is absolutely retarded. MOST datacenters are lights out, meaning no personnel on the floor during business hours. Remote KVM solutions like those provided by Avocent are not prepared for touchscreen use and thus will cause a problem. Is Microsoft going to acquire some KVM solution and sell it as a market brand for people who want to use 2012? How about remote system access utilities like HP’s iLO, Dell’s iDRAC, or IBM’s APM? You’re talking about increasing bandwidth requirements, end-to-end touchscreen capabilities, and myriad other issues with these types of deployments.

I’ve already recommended to my leadership teams that we finish upgrading to 2008 and stay put until Microsoft either pulls their head out of their ass or a better alternative comes around. Messing with UEFI in such a way as to render a machine locked down to a specific OS goes against OS freedom.

[Empire_of_Liberty]

Enjoy the PC you own, now.

In the future, you will only be able to rent.

I find it ironic that so-called “open-source” Linux has been used in the Mobile/Tablet world to pioneer the Secure Boot lock-down of the hardware you bought, and think you own.

[desertfreedom765]

I won’t buy any hardware that locks me into Windows. It’s my hardware I own it...

[expat1000]

Can I get on the ping list?

[Mr. Jeeves]

But when it comes to using the media, the Linux community is in grade 1. Or probably in kindergarten. It works in a highly insular manner, preaching to the converted, and forgetting that there is a vast, thirsty audience out there, looking for good computing software.

My gosh - the Linux community is the Republican Party! Who knew? :)

[TNoldman]

Linux is “clunky” and has limited application. I can’t imagine anyone wanting to use Linux in any serious application. About like using Com.....64.

[ShadowAce]

You’ve been added. Welcome Aboard!

[ShadowAce]

Please do some research and learn what you are talking about before spouting off some obviously uninformed and incorrect comment.

[Bikkuri]

I think you are a decade behind on knowledge about Linux...

[Yossarian]

Linux is “clunky” and has limited application. I can’t imagine anyone wanting to use Linux in any serious application.

All of the semiconductor design industry runs on Linux- both desktop and server. Almost all of the server industry runs on Linux.

[CharlesWayneCT]

I think the article is funny, how they blame the victims for this astounding exercise of power by Microsoft to dictate a proprietary and closed system to control the very boot of a computer.

[Usagi_yo]

Is it a mountain or a molehill?

I see the future and it doesn’t include a MS as big as today. They’re really under pressure. Cloud Drives are just a step on the road map to true Cloud OS. Windows for the PC is becoming stagnant ... how much more innovation can they come up with? Windows 8 out and out sucks ... the Metro interface is kind-of stupid. I immediately uninstalled Windows 8 and returned it to Best Buy saying it was a piece of junk.

The real money is going to be in small device OS’es, and Android is far a head of MS in that game, so is Apple’s IOS.

Linux is heading for a big jump in the next 3-8 years as Valve Inc is spearheading a Linux Gaming revolution. MS will even start losing console market share as Valve Inc grows.

The future is a bare bones OS that boots and OS from off the network.

[Dead Corpse]

rEFIt works great for OSX. They’ll come up with something similar for this nonsense by MS.

[Lazamataz]

I *NEED* to run multiple operating systems. If MS prevents that, they become an enemy.

[Usagi_yo]

Linux is “clunky” and has limited application. I can’t imagine anyone wanting to use Linux in any serious application. About like using Com.....64.

I could say you're nuts, but I'll refrain and just let you know I was thinking about it.

Computing is not limited to playing games and cerfing for porn and MS and windows are still pretty well much a toy as far as real computing goes, such as scientific, corporate, transactional and scalable computing and huge database engines.