Announcement

**SteveRiley** · Jun 05, 2012, 12:20 AM

Originally posted by whatthefunk View Post

If Ubuntu could get a key, would it apply to Kubuntu/Lubuntu/Xubuntu etc? Taking it back a step further, if Debian got a key, would Debian be able to issue it to trusted Debian spinoffs like Ubuntu?

If Canonical followed the Fedora approach, all recognized flavors of Ubuntu would be included.

If Debian followed the Fedora approach, it would extend down the derivative chain to the point where a distro uses its own kernel and drivers. So while Ubuntu is Debian-derived, it wouldn't benefit from a signed Debian stub bootloader since Ubuntu compiles its own kernel.

**SteveRiley** · Jun 05, 2012, 12:38 AM

Originally posted by tek_heretik View Post

Any hardware vendor that bends over for M$ does not get my geek dollars.

To some degree, the design specification for hardware suppport of keys is faulty. A prior article on Michael's blog dispels a few myths about secure boot. Here's a relevant portion (emphasis added).

Only machines that want to boot Windows need to carry Microsoft's keys
Again, misleading. Microsoft only require one signing key to be installed, and the Windows bootloader will be signed with a key that chains back to this one. However, the bootloader is not the only component that must be signed. Any drivers that are carried on ROMs on plug-in cards must also be signed. One approach here would have been for all hardware vendors to have their own keys. This would have been unscalable - any shipped machine would have to carry keys for every vendor who produces PCI cards. If a machine carried an nvidia key but not an AMD one, swapping a geforce for a radeon would have resulted in the firmware graphics driver failing to load. Instead, Microsoft are providing a signing service. Vendors will be able to sign up for WHQL membership and have their UEFI drivers signed by Microsoft.

This leads to the problem. The Authenticode format used for signing UEFI objects only allows for a single signature. If a driver is signed by Microsoft, it can't be signed by anybody else. Therefore, if a system vendor wants to support off-the-shelf PCI devices with Microsoft-signed drivers, the system must carry Microsoft's key. If the same key is used as the root of trust for the driver signing and for the bootloader signing, that also means that the system will boot Windows.

**SecretCode** · Jun 05, 2012, 01:08 AM

Originally posted by SteveRiley View Post

Ultimately, I suppose, it's a matter of choosing which kind of suckage you're most comfortable with.

New motto?

I want this on a KFN T-shirt.

**SteveRiley** · Jun 05, 2012, 02:18 AM

Originally posted by SecretCode View Post

New motto?

I want this on a KFN T-shirt.

LOL... but please, we try hard here to keep suckage away from KFN

**whatthefunk** · Jun 05, 2012, 05:54 AM

Originally posted by tek_heretik View Post

Any hardware vendor that bends over for M$ does not get my geek dollars.

Any hardware vendor that wants to exist in this world has to be sure that Windows can be installed. Can I interest you in an abacus?

**tek_heretik** · Jun 05, 2012, 09:56 AM

Originally posted by whatthefunk View Post

Any hardware vendor that wants to exist in this world has to be sure that Windows can be installed. Can I interest you in an abacus?

lol @ abacus, too funny

I dunno about that, nVidia woke up and realized the Linux crowd is a sizable market that buys their higher end products, the average Joe that runs Win-DOHs mostly have a mainstream video adapter product. I am not an Intel fanboy, I just find their CPUs more reliable than AMD's, sure would hate to be forced in that direction because of M$.

**oshunluvr** · Jun 05, 2012, 11:10 AM

IMO, there's a difference in "bending over" and simply insuring the hardware works on windows as well as other OS's. Unfortunately, until Microsoft is broken up (as they should be) we'll all have to get along at some level. At this point, I won't knowingly be buying any products that microsoft gets money from unless there is no real choice in the matter. I build my own servers/desktops and all my future laptops will come from ZaReason or system76.

**woodsmoke** · Jun 05, 2012, 11:55 AM

Oshunluvr

Thanks for the post.

Re ZaReason and System76, I wonder if they sell just plain mobos, couldn't find anything on the sites.

woodsmoke

**SteveRiley** · Jun 05, 2012, 12:14 PM

Originally posted by tek_heretik View Post

I dunno about that, nVidia woke up and realized the Linux crowd is a sizable market that buys their higher end products

But yet their binary blob, according to some sources I've read, replaces large parts of the Linux kernel. One commenter on Phoronix even questioned whether you could call it Linux anymore.

**SecretCode** · Jun 05, 2012, 12:39 PM

I'd be interested to hear more about that Steve ... do you recall those sources?

**SteveRiley** · Jun 05, 2012, 12:51 PM

Originally posted by SecretCode View Post

I'd be interested to hear more about that Steve ... do you recall those sources?

It was in a thread someplace on Phoronix, I don't remember which. A 60-second Google trawl didn't find it. I'd have to look more closely.

**NickStone** · Jun 05, 2012, 01:19 PM

I found this article from July 2011 about Microsofts contribution to the Linux Kernel.

http://techie-buzz.com/foss/microsoft-linux-3-0.html

**oshunluvr** · Jun 05, 2012, 01:38 PM

Originally posted by woodsmoke View Post

Oshunluvr

Thanks for the post.

Re ZaReason and System76, I wonder if they sell just plain mobos, couldn't find anything on the sites.

woodsmoke

No I don't think they sell mobo's - but I believe as long as you buy a mobo, not a windows pre-installed system you don't need a securekey thingy. Either way, I would check with the manufacturer to be sure. I usually buy Asus mobos.

**tek_heretik** · Jun 05, 2012, 10:27 PM

Originally posted by nickstonefan View Post

I found this article from July 2011 about Microsofts contribution to the Linux Kernel.

http://techie-buzz.com/foss/microsoft-linux-3-0.html

Smells like self-serving, self-preservation to me, they know Linux is popular on servers, last thing they want is to lose even more business.

**GreyGeek** · Jun 06, 2012, 08:43 AM

Thanks for your series of very informative posts and replies, Steve.8)

I knew nothing of EUFI and have had no experience with it. Reading your posts about installing Kubuntu on hardware controlled by EUFI, watching your video on EUFI and Kubuntu Plasma-Active, and Michael Garrett's post and comments about Fedora's actions, I am no longer concerned as much about it as I used to be.

Announcement

Fedor is paying MS to get ...... and the rest of us will be next.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment