I'm baffled. How on earth is it POSSIBLE for micro$oft to do something like this? They are NOT the god of computing, regardless of how much they may THINK they are.

The Microsoft requirements state that secure boot on x86 systems must be possible to disable and that it must be possible to sign your own keys. The signing your own keys is troublesome, as Garrett explains, but disabling secure boot will be easy, though not standardized. As for the rest of the UEFI spec and how it will affect the systems, I'd second your suggestion to avoid systems of the sort, simply due to the huge number of bugs this will bring into the fold once all the HW combos start rolling out.

If this actually goes through I would highly recommend that all Linux users do a couple of things if they have a "tower".

a) go to your nearby computer repair store and purchase maybe two motherboards that will fit the machine and put them in storage.
b) purchase a coupld of smaller hard drives, or conversely larger, depending on which is cheapest and put them in storage.
c) purchase a couple of the largest usb sticks one can purchase, or multiple small ones, to use as storage and put them away in storage.
d) purchase an "enclosure" for an external "drive" and again, get a couple of smaller drives, or one big for external storage.
e) purchase two extra memory sticks of at least one gig each. One gig will run any Linux although it may not run a bunch of eyecandy which may need to be turned off so one can keep one's favourite distro.
f) purchase a couple of second hand or maybe new, dvdrw devices.
g) purchase at least two cables that you use to connect the drives to the mobo.

Then, one a day when you are not working...get a beverage of your choice and a flashlight..... remove the side of the computer(with it turned off ) and start looking at the insides of it because, eventually, you may HAVE to put the new mobo in if you can't find a repair person who will work on something other than microsith computers.

I will never forget the day that a Microsith troll appeared in the Johnnieman's shop, I happened to be there helping to hold up a shelf of parts for the privilege of watching him rebuild computers with one hand while playing video games with the other ... and the guy demanded, legally, to see all of the Microsith liscences in the office and that he boot up, I think, ten, of the loose hard drives that he chose.

The Johniieman was legal, but Microsith does this all the time.

woodsmoke

If not rolled back, then a EUFI that is friendly to all OS's. If not, then perhaps and OEM can be found that will produce a EUFI free board. But what about the other companies who make the graphics, networking, sound and other chipsets who stand to lose the free advertising?

EDIT: I just saw lo_koraco's post which changes some things. I didn't watch the whole video so I missed the part about EUFI being disabled on x86 systems. However, how much longer before 32 bit is phased out entirely?

Regards...

Hi Woodsmoke...

I wouldn't advise this as something just anyone can do. You have to know what you're doing, despite the "do-it-yourself" sites. I've seen examples of folks trying to fix their computers without the proper knowledge (and suffering from the results) first hand in the course of my work. ;-)

Regards...

The video pointed out that the EUFI code is under the BSD license, that even though there are "a couple" versions, most vendors are downloading the Intel version. Anyone can download the 100MB plus of EUFI source code if they want to. It's the proprietary parts that drive the hardware which are not accessible. Intel's version, Tianocore, is available from here.

I agree that it is time to create a reasonable BIOS built for 64 bit operating systems, but EUFI is not the one. There is no need for a "BIOS" that generates an executable that is 10 times bigger than the Linux kernel if drivers are included.

We have some already available:
CoreBoot, formerly known as LinuxBIOS, which can boot directly to GRUB. AMD has added support for CoreBoot, along with GL 1.4. A video describing getting CoreBoot to work is here:



OpenBIOS appears to be abandon, since the last work was when V1.0 wss released.

All the other BIOS projects have evaporated.

Hi GreyGeek...

Thank you for your comments. I hope the list of supported hardware grows. Not much there. :-(

oh i don't know Aardvark.

Everyone that knows me agrees that I'm not that bright and if I could figure it out they probably could if they were "en extremis" as it were!

woodsmoke

One of the things I have never done as a computer repair person, is to stock MBs. Until now, I always considered it unnecessary as I can get a new MB from any online source with overnight shipping and have the computer repaired quickly. That way I could always get an up to date MB. I would not want to use a MB that has been sitting in my storage for a year or so. However, I am now considering that I may have to change my policy on this.

first off its "UEFI". secondly there is nothing wrong with UEFI itself.on top of that we really do need a replacement for BIOS. personally i am in favor of coreboot. oh btw openbios iirc turned into coreboot or they merged. i have one of these as the main board in my server. the UEFI has given me no problems installing a linux distro on it. the problem is that M$ thinks they can dictate to hardware manufactures how to make their boards. If M$ dictates they force key signing and don't let users put their own keys have it enabled by the default (etc..) this is indeed very bad.

The use of these keys is not in themselves bad, as long as its user modifable.Prehaps all machines with UEFI (including those that come prebuilt) should come with a disk(or better yet built in utility) you can to run to install your os's keys from a list. if your keys are not on a list provide a user with a manual where they can provide their own key via a usb stick or net address (after all its UEFI so all the hw will be working). i realise that this is might not be the most realistic case but i think it would be a case that would at least make everyone happy. unless intel jumps on the support coreboot bandwagon then we might get that.

That's what I wrote.

Since you obviously haven't watched the video allow me to present the introductory summary:
While everyone else has been talking, spinning and pontificating, Matthew has been working for RH trying to solve the code problems UEFI brings to Linux. It is HIS experience that led him to the conclusion that the EUFI code is BIG, BUGGY, and NEVER BEEN TESTED. No one else that I know of has been working with the UEFI code to clear up the question as to whether Linux will work with UEFI or not. So far, Linux is able to work on PCs that allow UEFI to be disabled, or comes with UEFI disabled. I pointed out the information at and after the 45 minute mark just to save folks the time watching the video. The first 18 minutes are cursory stuff, with hot info coming at 18:33, and again at 33:33.

Matthew points out that the OEM vendors may give a PK to, say, Ubuntu, but that doesn't mean that drivers written by others can be certified by it. It also means that Linux Mint may not be able to get certified unless the OEM gives them a key as well. Also, don't forget the BIGGEST problem of all: Ubuntu (for example) would have to get a PK from EVERY PC OEM that it wants Ubuntu to boot on, and for every model. Getting a PK from DELL for Inspiron Laptops won't help Ubuntu boot on an ASUS laptop.

In addition, as I pointed out previously, EVERY Kernel module would have to have a PK certificate from the peripheral device that module drives, and for the PC on which that device is installed. The UEFI whitelist would get gigantic. And, the UEFI code is so buggy and untested that there is no guarantee that the UEFI would be stable under those circumstances.

It is a very informative talk by one of the FEW, if not the only, Linux guys to ACTUALLY work with the EUFI code. What anyone else says is just second hand knowledge, wild speculation, or blatent spinning.

Why does this hardware manipulation continue to happen? (I know why). We saw this with usb, graphic card drivers, wireless network, power management and now with the bios change. There are some big players interested in linux IBM, Google, Redhat etc.. you would think that there would be some influence to support linux.

There is support by those big players... but at the same time each is striving for a market advantage that they can use to lock in customers, or lock out other competitors.

Apple, for example, exploited OpenSource to bring OS X to market faster, but didn't return anything of value to the community because the modified source specifically called binary drivers which were not available to Linux users. Hence, Safari is Konqueror refashioned for the Mac OS X, but a Linux box can run Safari. Similar tricks are being tried with PostgreSQL, Java, and many other FOSS.

EUFI is Microsoft's attempt to lock Linux out of the PC market. It is using its legal and financial clout to force/intimidate other corporations, mainly the PC and peripheral OEMs, to comply with its Win8 "certification". IF they don't comply then the price of Win8 to them becomes significantly greater than that paid by the other OEMs who do knuckle under. In addition, PC OEM profit margins are so RAZOR thin that often the proift isn't in the sale of the hardware but in avoiding spending money on advertizing. In a Quid Quo Pro for "certifying" their hardware to Win8, Microsoft will pay for ads featuring Win8 on their hardware, as they've done for previous versions. Hence you see Win7 ads (and soon Win8 ) showing Windows AND some specific vendors hardware, which is prominently displayed running Windows. This is sneakier than how it was before the DOJ trial the late 1990s. Before they were enjoined not to do so as a result of the trial, Microsoft forced OEMs to sign agreements (under an NDA --- sound familiar? smartphone makers running Android?) that prohibited the OEMs from offering any other OS pre-installed on their desktops, without Microsoft's approval. Then as now, those that didn't comply didn't get "favored OEM" status and found themselves uncompetitive. Their "oxygen supply was cut off". Thus, DELL made a big show about offering SUSE, then RH, then Ubuntu on "selected" hardware, but it was hardware that didn't have many options or peripherals available, at a price that didn't reflect the savings not having to pay for an OS license would provide. By my own count, the maximum number of machines on which Linux was offered was 6 out of 42, but those six were machines with limited capabilities and available options or peripherals. At NO TIME did DELL put links on their HOME page pointing to their Linux offerings. Doing a search for Linux boxes on their site resulted in a scattered offerings of distribution offerings, but rarely hardware. You had to be clever to find the Linux pages, and surrounding each link leading into that rabbit hole, and even on the pages showing Linux offereings, were banners and buttons proclaiming that "DELL Recommonds Windows". IF they wanted to kill any potential sales of machines running Linux they couldn't have done a better job.

IMO, the whole fiasco was a CON JOB designed to give the illusion that the PC desktop market was a level playing field and the only reason why Linux wasn't doing better is because consumers "prefered" Windows, which is an obvious lie. Obvious because the only way a majority of Linux users can run Linux is to:
1) download an iso from a distro's website
2) burn the iso and check it to validate the burn
3) set their BIOS to boot from the CDROM first, then boot the LiveCD.
4) install the distro, doing the necessary partitioning if the entire HD wasn't given to Linux.

In spite of those steps, Linux use grew through the last decade. It was 3% in 2003 according to IDC, who predicted 6% in 2006. That must have been accurate because Ballmer himself reported that the Linux desktop market share was around 12% in 2009, at the height of the VISTA fiasco. Now, governments, military and businesses are moving to Linux en masse', and yet FEW of the PC OEMS are, as of yet, offering Linux preinstalled. Only HP is offering a single model as an enterprise workstation, not a consumer desktop. ALL of these movents to Linux are because folks are using the four steps mentioned above. THAT, alone, shows the demand for Linux is real and palpable. Linux does not have an "Accounts Receivable" from which it can draw ad money to promote Linux. So, websites, magazines and news media are careful not to offend Microsoft with many pro Linux stories for fear of having their "air supply", and hence payroll, cut off. But, despite the roadblocks of the past Linux moved around them and continued to grow. The EUFI is nothing less than an attempt to use a "shotgun", pellets hitting multiple targets at a time, to stop Linux. The EUFI attempts to block Linux at the hardware and software level across the market.

As the PC market share declines OEMs who haven't begun making smartphones, which is most of them, will be hard-pressed to sustain a profit in the declining market. They'll want to maximize the monetary benefits they can get from kneeling to Microsoft's demands. Microsoft will want the EUFI to be as locked down as possible, and Microsoft will punish those OEMs who do give PK certificates to Linux distro makers and make Linux drivers for their peripherals. That is why the FIRST OEM who breaks their chains and escapes from the Microsoft plantation by offering a PC which offers either CoreBook or is sold naked will reap rewards. Exactly when and with what vendor this will occur depends on the duration of their legal agreements with Microsoft. It will be tough move. More than likely it will be a 3rd tier vendor like System76.

This is my point. I purchased a netbook from system76 a year ago for my mom. I did this because I wanted the smoothest linux experience possible for her. Unfortunately, power management had a bug and was a major pain. Of course, I let system76 know in their sub-forum on the ubuntu forum. I was thinking "this is why I bought it from a vendor". They will look into it and have a fix in the repo in a timely manner. They didn't. Of course I can come up with a work around, but my mom can't. I don't mean to rant...I just think it is stupid to have all these developer resources working on GUI fluff, meanwhile I don't have the full capability of my hardware. It doesn't matter how pretty anything is, if my wireless network, my power management, graphics driver or "whatever" doesn't work. It is time to stop pissing around with fluff and foster a hardware friendly environment. end rant.