lost_soul on 26/10/2011 at 18:31
(
http://www.elpauer.org/?p=1056)
Does anyone actually believe this is being done to protect end-users? In the specification, there is NO mandatory off switch. It will be up to your OEM whether you can run something other than Windows on your machine.
june gloom on 26/10/2011 at 23:27
What the fuck is this and why should anyone care? You need to elaborate.
Renzatic on 26/10/2011 at 23:44
1. Secure bootloading can be turned off. Just because it isn't mandatory doesn't mean it won't ever be included. Mobo manufacturers know full well that some people buy their hardware to run Linux on. They're not gonna shot themselves in the foot.
2. All an OS developer has to do is hand their key signature over to the UFI mobo manufacturer for it to be added to the secure boot list. Canonical more or less already does this. Hell, the way EFI is set up, you could probably add the signature yourself with minimal fuss. No, it doesn't work "out of the box", but hell, most Linux distros don't, either. Adding in that signature will be an annoying, but relatively painless step to a Linux geek used to compiling his own distro.
3. Think this is a move for MS to keep Linux off of PC's? First, you're paranoid. Secondly, what W8 is doing with the UEFI signatures and whatnot is the exact same setup Apple uses to keep OSX on Macs. We've all seen how well that works. You don't have anything to worry about.
4. The BIOS has been old for 15 years now. It's about time MS made a move to force EFI down PC manufacturers throats. Dunno if secure bootloading will be any safer than what we've got now, but the added advantages of EFI make the forced change worth it.
...so there.
gunsmoke on 27/10/2011 at 01:21
Yeah, I was wondering when we'd dump BIOS.
lost_soul on 27/10/2011 at 05:54
A better solution would be to block ALL modifications to BIOS unless they are initiated from the setup utility itself and also have options in BIOS to prevent modifications to boot sectors on drives. This way, nobody would be able to install malware in firmware, and once you installed the OS, you could be sure the boot sector doesn't get messed with. For anyone who thinks malware in firmware is a joke, a researcher found a way to infect a Mac battery a wile ago. (
http://www.securitynewsdaily.com/apple-laptop-battery-hack-0990/)
I upgraded a user's BIOS the other day from within Windows. That was kind of scary. It was like that part of Speed where the guy climbs under the bus while it is running.
Not 100% sure because I don't own one, but I thought the Mac OS did its checks "the other way around". I.e. the Apple hardware will boot anything you throw at it, but the Mac OS looks for specific Apple hardware/features in order to run.
This "secure boot" won't really solve anything because people will just get infected via the next jpeg rendering exploit... or the next exploit that is discovered in Flash. Game and music publishers will presumably still be able to root my machine by simply getting their secret drivers signed to work with UEFI.
Also, they can't take away my 4-bit, 16-color mode!
Forever420 on 27/10/2011 at 15:24
yea rite, most liek this will be like the new aug chip in Human Revolution. This new thing is about DRM and not viruses. Can't disable StarForce or Secur-rom now, can ya?
Vernon on 27/10/2011 at 20:20
Basically too many people have computers. If this kind of shit is now making it to the marketplace, then the idiots have truly won
That includes you, forever420, you fucking dog rapist
Al_B on 27/10/2011 at 21:36
In Before GoF :)
Quote Posted by lost_soul
A better solution would be to block ALL modifications to BIOS unless they are initiated from the setup utility itself and also have options in BIOS to prevent modifications to boot sectors on drives.
What does that have to do with secure boot? As far as I can tell it has nothing to do with preventing malware infecting the BIOS - other than trying to prevent it loading in the first place. It's very unlikely that secure boot will be implemented in a way that will stop Linux being booted. Even if it has a low user base, preventing it (or other operating systems) from being used serves purpose and could be a PR disaster.
Quote Posted by lost_soul
I upgraded a user's BIOS the other day from within Windows. That was kind of scary. It was like that part of Speed where the guy climbs under the bus while it is running.
What's worse - I hear if Windows slows down too much then the computer will blow up. Glad you survived that experience.
