DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st March 2015
LeFrettchen's Avatar
LeFrettchen LeFrettchen is offline
Marveled user
 
Join Date: Aug 2012
Location: Bronvaux, France
Posts: 253
Default OEMs Allowed To Lock Secure Boot In Windows 10 Computers

http://tech.slashdot.org/story/15/03...s-10-computers

Quote:
Hardware that sports the "Designed for Windows 8" logo requires machines to support UEFI Secure Boot. When the feature is enabled, the core software components used to boot the machine are verified for correct cryptographic signatures, or the system refuses to boot. This is a desirable security feature, because it protects from malware sneaking into the boot process. However, it has an issue for alternative operating systems, because it's likely they won't have a signature that Secure Boot will authorize. No worries, because Microsoft also mandated that every system must have a UEFI configuration setting to turn the protection off, allowing booting other operating systems. This situation may now change. At its WinHEC hardware conference in Shenzhen, China, Microsoft said the setting to allow Secure Boot to be turned off will become optional when Windows 10 arrives. Hardware can be "Designed for Windows 10," and offer no way to opt out of the Secure Boot lock down. The choice to provide the setting (or not) will be up to the original equipment manufacturer.
__________________
The secret of wisdom is not wisdom itself, it's the road that leads us there.
Reply With Quote
  #2   (View Single Post)  
Old 21st March 2015
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 533
Default

http://srobb.net/seenit.mp4


Yeah, that was, IMLTHO (less than humble) going to happen sooner or later. If there were an assocation of non-WIndows users, for all the Linux/BSD users, I wonder if it would be enough to make manufacturers continue to make it possible to disable it. As it is, I suspect MS will put pressure on most of them to make it unable to be disabled, disabling the disable, so to speak.
Reply With Quote
  #3   (View Single Post)  
Old 22nd March 2015
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

The only thing holding this nonsense at bay is the OEMs not wanting to be "that guy" that disabled it first. Anyone can come second, but to be the first jerk to enforce Windows only is something they seem at least reluctant to do, thankfully.

I don't expect it to last long once one of them is paid enough or finds some positive light to spin it in, though.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
  #4   (View Single Post)  
Old 22nd March 2015
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 759
Default

If they get "paid" to do it (in some generalized sense), surely they will find the spin. But is it really worth it for them to do it without being paid? I suppose an extra few % of users may not make a big difference to one manufacturer, in a low-margin PC business. But if enough join the dark side, that might leave enough extra users to make a difference for someone else, who can play the good guy. Certainly points toward having much less choice though, potentially. Sucks.

Good thing I've been collecting old machines ... though a couple have died in recent months
Reply With Quote
  #5   (View Single Post)  
Old 22nd March 2015
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,101
Default

This is actually pretty irrelevant news. Microsoft is beating a dead horse by killing the business model (open hardware) which brought them to prominence . The Desktop market is dead anyway. Most consumer already use only hand held devices and cloud for their computing needs. Handheld devices are largely vendor locked (vendor supplies both hardware and OS) just like computers in 70s and 80s were locked.

Microsoft has lost the hand held device battle without firing a shot (they have never put anything worth using anyway). I am not up to date with the situation on the cloud front but IIRC situation from a year ago they were positioning themselves nicely. It looks that Microsoft Hyper-V has also some serious following even though ESXi is still the guy to beat. In spite of Red Hat hype with RHEV I think that Xen being used by Amazon and few other major cloud players is very well positioned on the market as well.

Open hardware server market is also getting scary. There was just a thread on the FreeBSD forum regarding firmware updates for Sun machines and it turns out not only evil Oracle but all vendors IBM, HP with exception of DeLL have locked their hardware and provide firmware updates only to their customers. That might be also too little to late as most small to medium shops like mine use OEM Supermicro servers and similar.

What is left for us Geeks to do? Well I am sincerely hopping that we are less than a year from open hardware really usable ARM multi processor server and desktop motherboards. There will be vendors like Raspberry
Pi who will try to vendor lock that market as well but I think that due to poor quality of their craftsmanship they ultimately be defeated or unable to completely lock the market.
Reply With Quote
  #6   (View Single Post)  
Old 22nd March 2015
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by Oko View Post
In spite of Red Hat hype with RHEV I think that Xen being used by Amazon and few other major cloud players is very well positioned on the market as well.
RedHat rode the coat tails of the Rackspace/NASA joint effort to produce OpenStack, then when OpenStack was forked off as a foundation, it became a free for all. RHEV is just rebranded OpenStack running on top of RHEL...OpenStack itself is just a somewhat poorly implemented (IMHO) control suite for Xen...it's nothing fancy.

OpenStack as a whole has a long ways to go to be competitive in the public cloud market. It may have a niche in private cloud (typically dominated by ESXi and Hyper-V), but it lacks the polish and capability of many of the big cloud players (who all run closed-source Xen control frameworks, with the exception of Microsoft, of course).

Edit - I was employed by Rackspace as a Linux Engineer when Lanham Napier decided we'd had enough success in the Enterprise Managed Hosting arena and needed to get some of that cloud action to remain competitive. We started hearing about competition with AWS, Microsoft, and Google (companies who have near infinitely larger pocketbooks and "nerd pools" compared to Rackspace...in fact, Rackspace ate itself from the inside trying to supply Linux nerds to the cloud revolution taking place downstairs from the Enterprise support floor). I watched the hype of OpenStack drive the company stock up above $80/share, and I then watched the bubble burst and stock drop below $35/share nearly overnight. Lanham was a convincing guy, and his passion for moving to the cloud stuck with me (even after he left Rackspace), so I left Rackspace to find employment with AWS so I could see the cloud for what it is really capable of. Perhaps my views on OpenStack are a bit biased, but I call it like I see it.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.

Last edited by rocket357; 22nd March 2015 at 05:15 AM.
Reply With Quote
  #7   (View Single Post)  
Old 22nd March 2015
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,101
Default

Quote:
Originally Posted by rocket357 View Post
RedHat rode the coat tails of the Rackspace/NASA joint effort to produce OpenStack, then when OpenStack was forked off as a foundation, it became a free for all. RHEV is just rebranded OpenStack running on top of RHEL...OpenStack itself is just a somewhat poorly implemented (IMHO) control suite for Xen...it's nothing fancy.

OpenStack as a whole has a long ways to go to be competitive in the public cloud market. It may have a niche in private cloud (typically dominated by ESXi and Hyper-V), but it lacks the polish and capability of many of the big cloud players (who all run closed-source Xen control frameworks, with the exception of Microsoft, of course).

Edit - I was employed by Rackspace as a Linux Engineer when Lanham Napier decided we'd had enough success in the Enterprise Managed Hosting arena and needed to get some of that cloud action to remain competitive. We started hearing about competition with AWS, Microsoft, and Google (companies who have near infinitely larger pocketbooks and "nerd pools" compared to Rackspace...in fact, Rackspace ate itself from the inside trying to supply Linux nerds to the cloud revolution taking place downstairs from the Enterprise support floor). I watched the hype of OpenStack drive the company stock up above $80/share, and I then watched the bubble burst and stock drop below $35/share nearly overnight. Lanham was a convincing guy, and his passion for moving to the cloud stuck with me (even after he left Rackspace), so I left Rackspace to find employment with AWS so I could see the cloud for what it is really capable of. Perhaps my views on OpenStack are a bit biased, but I call it like I see it.
I know that we are border line OT original thread but three thumbs up for this post. This is the kind of information which keeps me coming back to this portal for more and more. Did you mean to say that OpenStack is control suite for Xen or you meant to say KVM? Pardon my ignorance. Can you post anything on this thread?

https://forums.freebsd.org/threads/f...2/#post-285200
Reply With Quote
  #8   (View Single Post)  
Old 22nd March 2015
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

OpenStack is "hypervisor-agnostic", however in practice it tends to be implemented over Xen (i.e. Rackspace's cloud, for instance, which was, last I checked, the largest OpenStack installation in the world). Thanks for pointing that out.

I'm not terribly familiar with bhyve, unfortunately, but I want to setup a testbed for Xen/KVM/etc... on my network, so I'll add that to my #TODO list =)

Edit - as for the other post, unfortunately I haven't had time of late to mess around with NetBSD dom0. My wife and I have been preparing to buy a house hopefully this time next year, so every spare penny (save $10/month for two VULTR VPSs) has gone to positioning ourselves for buying another home.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.

Last edited by rocket357; 22nd March 2015 at 06:19 AM.
Reply With Quote
  #9   (View Single Post)  
Old 22nd March 2015
Plast0000 Plast0000 is offline
PWND
 
Join Date: Mar 2015
Posts: 6
Default

MS said that users can always change it from UEFI on x86 systems

if they are going to force it, then developers better get a signature to be able to use their OS on secure boor environments
Reply With Quote
Old 22nd March 2015
fn8t's Avatar
fn8t fn8t is offline
Real Name: Ego
Shell Scout
 
Join Date: May 2014
Location: Tao
Posts: 120
Default

This does suck. But, it is probably going to be one of the lessor burdens "we" face in the coming future.

Devices that can only run approved (secure) code is a start. Even those devices will, eventually have limited local resources. The local O.S. being a workstation for a cloud like O.S. brought to you via web technology interface. Less and less hardware with capacity (USB ports) to transmit data to local storage devices (its safer on the cloud, right). Your online O.S. will be in a perpetual state of update (version incrementation), while you will need to continually buy a currently supported workstation (be it mobile or not). You'll need to have internet for almost all device functionality, likely that functionality will be part of a vendor owned network service. You'll be able to use your O.S. from anywhere, even if it isn't your device, since your O.S. and data are unconditionally linked to you. This will one day be maintained biometrically. It will be unlawful to tamper with these devices in effort to achieve other than vendor intended functionality, especially if you connect to the network with it. It'll be a blurry line between tinkering and terrorism.

Who knows how fast it'll all drop down? In the unlikely event that most people (the technically inept) aren't already begging for it (shiny Ipad syndrome) some major online catastrophes will begin to occur more and more often, threatening the simple minded users commercially and privately. Some propagandist headlines about peoples online technology luxuries being interrupted by evil hackers using unsecured devices. Certified non terrorist freedom will be opensource inside of an SDK, if any vendor allow for it. The SDKs will probably be limited enough to prevent any development that competes with vendor product.

I know it all sounds far fetched, but if you look around you its all but forced. Much of this is already a reality, as far as technological capacity is concerned. For the most part people get all the more pleased when some new shackle hits the market. The more shackles it implements, the more proud they are of the purchase.

It seems unthinkable, but maybe one day I'll have to order my O.S. over the mail, and agree not to attempt any connection to "The Network".

Maybe I'm just paranoid and imaginative. But, if stuff like this is real and actually pulls through, it won't be all that more difficult to make my paranoid imagination a reality.
Reply With Quote
Old 22nd March 2015
fn8t's Avatar
fn8t fn8t is offline
Real Name: Ego
Shell Scout
 
Join Date: May 2014
Location: Tao
Posts: 120
Default

You could write your O.S. as an image file with the native boot loader inside of it. Write that image to a new partition. Then edit the Windows boot loader accordingly. Then erase the Windows partition and add the new space to your partition. Finally grow and slice space via your booted image. Instead of a installation process, you'd run a configuration process. (This would require tools made to run within Windows, like this.)

If you are a real hobbyist, you could remove the cancer and replace it with something like coreboot. The problem is that eventually some machines would probably require physical modifications.
Reply With Quote
Old 22nd March 2015
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,101
Default

Quote:
Originally Posted by fn8t View Post
Devices that can only run approved (secure) code is a start.
I can't believe what I read. Approved by whom? Chinese government, Vladimir Putin or the same U.S. Senate which casually attached amendment to a counter-terrorism bill 266 of 1991 trying to force manufacturers of communications equipment to insert special "trap doors" in all their products?
Reply With Quote
Old 23rd March 2015
fn8t's Avatar
fn8t fn8t is offline
Real Name: Ego
Shell Scout
 
Join Date: May 2014
Location: Tao
Posts: 120
Default

Quote:
Originally Posted by Oko View Post
I can't believe what I read. Approved by whom? Chinese government, Vladimir Putin or the same U.S. Senate which casually attached amendment to a counter-terrorism bill 266 of 1991 trying to force manufacturers of communications equipment to insert special "trap doors" in all their products?
Actually, the whole thing is just my own personal nightmare. Likely operating systems could gain certification by conforming to some government regulated standard. Certainly, it would be as bad if not worse then enforcement of blob inclusion.

I'm sure the IIC would be involved.

Last edited by fn8t; 23rd March 2015 at 12:58 PM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeBSD FreeBSD begins process to support secure boot J65nko News 0 1st July 2013 07:47 PM
Secure Boot complaint filed against Microsoft J65nko News 0 26th March 2013 10:30 PM
Grub Secure Boot shep News 0 2nd December 2012 02:01 AM
Windows 8 secure boot would 'exclude' Linux and BSD* J65nko News 6 24th September 2011 06:27 PM
Ransomware claims to lock Windows licence J65nko News 2 23rd April 2011 12:08 AM


All times are GMT. The time now is 05:52 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick