Tech, Gadgets, Photography, Social Media and Poor Spelling

Since when was a Computer only a Windows Computer and not just a computer? Whats all this UEFI for?

When i read headlines like this it makes my blood boil

Windows 8 PCs will come with Microsoft’s UEFI (Unified Extensible Firmware Interface) Secure Boot. This “feature” will make it much harder to boot Linux or other operating systemsCanonicalUbuntu Linux’s parent company, is going to take a new approach to address this problem.

Really? Since when was the PC only for running Microsoft products on? What great mind came up with that idea? I thought a PC was for running an OS on, it could be Microsoft, but then it could be Linux, BSD, OpenSolaris.. Come to think of it doesn’t this cause Windows 8 PC buyers a problem if, when like the rest of the world they realise Windows 8 is a clusterbomb of uselessness and they have been ripped off, downgrading to Windows 7?

This is a move which smacks of Microsof Desperation, and before anyone gets on the high horse and states Apple only runs Apple OS, yes, but Apple make both the hardware and the software so i think they are allowed, and i run Ubuntu on a Macbook Pro fine..

UEFI is here to replace the BIOS, the bit of the computer you see (sometimes) boot up showing a logo and probably some hard disk stats, pressing F12 or something like that lets you boot from other devices or change settings. Its the interface between the OS and hardware and it’s been around for as long as I’ve been working with computers..

Changing this for something new isn’t an issue, and neither is the secure boot feature

Secure boot

The UEFI 2.2 specification adds a protocol known as Secure boot, which can secure the boot process by preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature. When secure boot is enabled, it is initially placed in “Setup” mode, which allows a public key known as the “Platform key” (PK) to be written to the firmware. Once the key is written, secure boot enters “User” mode, where only drivers and loaders signed with the platform key can be loaded by the firmware. Additional “Key Exchange Keys” (KEK) can be added to a database stored in memory to allow other certificates to be used, but they must still have a connection to the private portion of the Platform key. Secure boot can also be placed in “Custom” mode, where additional public keys can be added to the system that do not match the private key

The problem is, some vendors are not enabling the facility to turn OFF the secure boot or turn on the Custom mode, potentially stopping other OS’s which are not Microsoft installing on the devices. As Microsoft will have their key in the firmware.

Obviously the internet finds a way, and so do developers..

The three leading GNU/Linux distributions FedoraSUSE and Ubuntu were working on solutions to run their distros on Microsoft‘s UEFI Secure boot PCs. openSUSE gave inidcations of using Fedora’s solution Initially Ubuntu had come out with its own solution (weeks after Fedora proposed their plan) which met with controversies mainly because they decided to drop Grub 2 due to GPL licence. The FSF stepped in to clarify the doubts Canonical had over private key. Eventually Ubuntu also resorted to using Fedora’s solution in parts.

The un-unified efforts by these distributions did not go very well with the entire open source community. OpenBSD founder Theo de Raadt criticized both Canonical and Red Hat. “I fully understand that Red Hat and Canonical won’t be doing the right thing, they are traitors to the cause, mostly in it for the money and power. They want to be the new Microsoft.”

You can read our entire coverage of UEFI Secure Boot Here

Now The Linux Foundation has stepped in with a solution which will allow every (and not just one distro or only Linux distro) open source operating system to run on UEFI secure boot systems.

Source [muktware]

The solution at the moment?

In a nutshell, the Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system). The pre-bootloader will employ a “present user” test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems. This pre-bootloader can be used either to boot a CD/DVD installer or LiveCD distribution or even boot an installed operating system in secure mode for any distribution that chooses to use it.  The process of obtaining a Microsoft signature will take a while, but once it is complete, the pre-bootloader will be placed on the Linux Foundation website for anyone to download and make use of.


So lets understand this..

Microsoft have lobbied with promises of who knows what the major PC Vendors and got them to include Microsoft keys in the UEFI firmware and then convinced these same people to lock out, lets say, other OS’s (cough, Linux, Cough) and probably spent a little bit of cash doing this one way or another. Essentially making PC’s Windows 8 only. this would also stop the embarrassment of people downgrading their OS which happened with people downgrading to XP after receiving the dog slow Vista PC. You’ve got Windows 8 and you are stuck with it..

Then the Ubuntu COmmunity comes up with several work arounds and sets about circumventing the whole system..

So why bother? Its not like history has not taught us this won’t happen.. Android Tablets running Ubuntu, Mac’s Running Linux, iPhones running Android..



2 comments on “Since when was a Computer only a Windows Computer and not just a computer? Whats all this UEFI for?

  1. Will (@wmarone)
    October 16, 2012

    While I’m not a fan of the way Secure Boot is set up (it clearly favors Microsoft in all possible ways) they -did- make it a requirement that on x86 for Windows 8 logo certification it must be possible to turn Secure Boot off.

    It’s not a complete solution, nor is it optimal, but no x86 PC will be windows-only for the time being. This doesn’t hold for ARM devices, which are mandated to be locked down.

    • projectzme
      October 16, 2012

      That’s pretty much all I am saying.. You must be able to turn options on or off

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


This entry was posted on October 13, 2012 by in comment and tagged , , , , , , , , , , , .
%d bloggers like this: