* [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? @ 2011-09-26 15:01 Mick 2011-09-26 15:10 ` Nilesh Govindarajan 2011-09-26 15:21 ` James Broadhead 0 siblings, 2 replies; 30+ messages in thread From: Mick @ 2011-09-26 15:01 UTC (permalink / raw To: gentoo-user I don't know if you have seen this. Given that we're moving into UEFI boot what are the workarounds to compensate for Microsoft's efforts to exclude other operating systems from available hardware? http://www.theregister.co.uk/2011/09/26/uefi_linux_lock_out_row_latest/ -- Regards, Mick ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:01 [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? Mick @ 2011-09-26 15:10 ` Nilesh Govindarajan 2011-09-26 15:17 ` Mark Knecht 2011-09-26 15:21 ` James Broadhead 1 sibling, 1 reply; 30+ messages in thread From: Nilesh Govindarajan @ 2011-09-26 15:10 UTC (permalink / raw To: gentoo-user On Mon 26 Sep 2011 08:31:10 PM IST, Mick wrote: > I don't know if you have seen this. Given that we're moving into UEFI > boot what are the workarounds to compensate for Microsoft's efforts to > exclude other operating systems from available hardware? > > http://www.theregister.co.uk/2011/09/26/uefi_linux_lock_out_row_latest/ > That feature is optional, see official word from MS: https://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx Microsoft has at least done something good for the Linux community :D -- Nilesh Govindarajan http://nileshgr.com ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:10 ` Nilesh Govindarajan @ 2011-09-26 15:17 ` Mark Knecht 0 siblings, 0 replies; 30+ messages in thread From: Mark Knecht @ 2011-09-26 15:17 UTC (permalink / raw To: gentoo-user On Mon, Sep 26, 2011 at 8:10 AM, Nilesh Govindarajan <contact@nileshgr.com> wrote: > On Mon 26 Sep 2011 08:31:10 PM IST, Mick wrote: >> I don't know if you have seen this. Given that we're moving into UEFI >> boot what are the workarounds to compensate for Microsoft's efforts to >> exclude other operating systems from available hardware? >> >> http://www.theregister.co.uk/2011/09/26/uefi_linux_lock_out_row_latest/ >> > > That feature is optional, see official word from MS: > https://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx > Microsoft has at least done something good for the Linux community :D > > -- > Nilesh Govindarajan > http://nileshgr.com It's only optional if the BIOS includes an option to disable the feature. I don't think that option is _required_ by Microsoft so if (insert name here) contracts with their BIOS developer to not include that option then I believe we're potentially out of luck. - Mark ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:01 [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? Mick 2011-09-26 15:10 ` Nilesh Govindarajan @ 2011-09-26 15:21 ` James Broadhead 2011-09-26 15:26 ` Nilesh Govindarajan 1 sibling, 1 reply; 30+ messages in thread From: James Broadhead @ 2011-09-26 15:21 UTC (permalink / raw To: gentoo-user On 26 September 2011 16:01, Mick <michaelkintzios@gmail.com> wrote: > I don't know if you have seen this. Given that we're moving into UEFI > boot what are the workarounds to compensate for Microsoft's efforts to > exclude other operating systems from available hardware? My opinion is that signed boot is probably on its way (despite not actually offering much in the way of security, as the Apple Battery hack has shown), and so we'll enter an era where you have the option between a fully-signed system (Windows 9 / OS XI or so) or a cracked boot, with little in the way of switching between the two, at least initially I know which one I'd pick if it came down to it :) ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:21 ` James Broadhead @ 2011-09-26 15:26 ` Nilesh Govindarajan 2011-09-26 15:37 ` James Broadhead ` (3 more replies) 0 siblings, 4 replies; 30+ messages in thread From: Nilesh Govindarajan @ 2011-09-26 15:26 UTC (permalink / raw To: gentoo-user On Mon 26 Sep 2011 08:51:17 PM IST, James Broadhead wrote: > On 26 September 2011 16:01, Mick <michaelkintzios@gmail.com> wrote: >> I don't know if you have seen this. Given that we're moving into UEFI >> boot what are the workarounds to compensate for Microsoft's efforts to >> exclude other operating systems from available hardware? > > My opinion is that signed boot is probably on its way (despite not > actually offering much in the way of security, as the Apple Battery > hack has shown), and so we'll enter an era where you have the option > between a fully-signed system (Windows 9 / OS XI or so) or a cracked > boot, with little in the way of switching between the two, at least > initially > > I know which one I'd pick if it came down to it :) And you really need not worry about it, some geek (Torvalds?) will surely find out a way. -- Nilesh Govindarajan http://nileshgr.com ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:26 ` Nilesh Govindarajan @ 2011-09-26 15:37 ` James Broadhead 2011-09-26 15:42 ` Dale ` (2 subsequent siblings) 3 siblings, 0 replies; 30+ messages in thread From: James Broadhead @ 2011-09-26 15:37 UTC (permalink / raw To: gentoo-user On 26 September 2011 16:26, Nilesh Govindarajan <contact@nileshgr.com> wrote: > And you really need not worry about it, some geek (Torvalds?) will > surely find out a way. Oh, I don't doubt that I'll be able to boot Linux, I just think that we're going to enter another era where setting up a functional and easily-switched dual boot between Linux and Windows will be difficult again for a while. Hopefully it won't require us to all be careful to buy specific hardware, but who knows. Case in point: The Windows 7's installer mangling of the MBRs on disks that it has no business touching. ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:26 ` Nilesh Govindarajan 2011-09-26 15:37 ` James Broadhead @ 2011-09-26 15:42 ` Dale 2011-09-26 15:46 ` Michael Mol 2011-09-26 15:54 ` Indi 2011-09-26 19:29 ` Jonas de Buhr 3 siblings, 1 reply; 30+ messages in thread From: Dale @ 2011-09-26 15:42 UTC (permalink / raw To: gentoo-user Nilesh Govindarajan wrote: > On Mon 26 Sep 2011 08:51:17 PM IST, James Broadhead wrote: >> On 26 September 2011 16:01, Mick<michaelkintzios@gmail.com> wrote: >>> I don't know if you have seen this. Given that we're moving into UEFI >>> boot what are the workarounds to compensate for Microsoft's efforts to >>> exclude other operating systems from available hardware? >> My opinion is that signed boot is probably on its way (despite not >> actually offering much in the way of security, as the Apple Battery >> hack has shown), and so we'll enter an era where you have the option >> between a fully-signed system (Windows 9 / OS XI or so) or a cracked >> boot, with little in the way of switching between the two, at least >> initially >> >> I know which one I'd pick if it came down to it :) > And you really need not worry about it, some geek (Torvalds?) will > surely find out a way. > Well, since I don't have or use M$'s junk, I guess I am OK then? I just need to make sure any mobo I buy in the future either doesn't have this or can be disabled? Heck, if you didn't have to reboot windoze all the time, they wouldn't need this. lol Dale :-) :-) ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:42 ` Dale @ 2011-09-26 15:46 ` Michael Mol 2011-09-26 16:15 ` Dale 0 siblings, 1 reply; 30+ messages in thread From: Michael Mol @ 2011-09-26 15:46 UTC (permalink / raw To: gentoo-user On Mon, Sep 26, 2011 at 11:42 AM, Dale <rdalek1967@gmail.com> wrote: > Nilesh Govindarajan wrote: >> >> On Mon 26 Sep 2011 08:51:17 PM IST, James Broadhead wrote: >>> >>> On 26 September 2011 16:01, Mick<michaelkintzios@gmail.com> wrote: >>>> >>>> I don't know if you have seen this. Given that we're moving into UEFI >>>> boot what are the workarounds to compensate for Microsoft's efforts to >>>> exclude other operating systems from available hardware? >>> >>> My opinion is that signed boot is probably on its way (despite not >>> actually offering much in the way of security, as the Apple Battery >>> hack has shown), and so we'll enter an era where you have the option >>> between a fully-signed system (Windows 9 / OS XI or so) or a cracked >>> boot, with little in the way of switching between the two, at least >>> initially >>> >>> I know which one I'd pick if it came down to it :) >> >> And you really need not worry about it, some geek (Torvalds?) will >> surely find out a way. >> > > Well, since I don't have or use M$'s junk, I guess I am OK then? I just > need to make sure any mobo I buy in the future either doesn't have this or > can be disabled? > > Heck, if you didn't have to reboot windoze all the time, they wouldn't need > this. lol Most hardware will have UEFI. The trick will be making sure the harware you buy allows the "secure boot" part of it to be turned off. Microsoft's program requires vendors to support using secure boot, but doesn't _require_ them to support _not_ using secure boot. -- :wq ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:46 ` Michael Mol @ 2011-09-26 16:15 ` Dale 2011-09-26 22:46 ` Albert W. Hopkins 0 siblings, 1 reply; 30+ messages in thread From: Dale @ 2011-09-26 16:15 UTC (permalink / raw To: gentoo-user Michael Mol wrote: > On Mon, Sep 26, 2011 at 11:42 AM, Dale<rdalek1967@gmail.com> wrote: >> Nilesh Govindarajan wrote: >>> >>> Well, since I don't have or use M$'s junk, I guess I am OK then? I just >>> need to make sure any mobo I buy in the future either doesn't have this or >>> can be disabled? >>> >>> Heck, if you didn't have to reboot windoze all the time, they wouldn't need >>> this. lol > Most hardware will have UEFI. The trick will be making sure the > harware you buy allows the "secure boot" part of it to be turned off. > Microsoft's program requires vendors to support using secure boot, but > doesn't _require_ them to support _not_ using secure boot. > So buy a mobo without it or that can disable it. Got it. It'll be a good while before I buy a new mobo tho. I'm sure they will have a nice fix by then but this is something I need to remember just in case. ;-) Dale :-) :-) ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 16:15 ` Dale @ 2011-09-26 22:46 ` Albert W. Hopkins 2011-09-26 23:03 ` Alan McKinnon ` (2 more replies) 0 siblings, 3 replies; 30+ messages in thread From: Albert W. Hopkins @ 2011-09-26 22:46 UTC (permalink / raw To: gentoo-user On Mon, 2011-09-26 at 11:15 -0500, Dale wrote: > So buy a mobo without it or that can disable it. Got it. It'll be a > good while before I buy a new mobo tho. I'm sure they will have a > nice > fix by then but this is something I need to remember just in > case. ;-) Ok, I'll bite... It depends on who makes your system. For example, I've got a new laptop, with UEFI BIOS and SATA HDD, but if you go in the UEFI settings and change a couple of settings, you'll be able to boot into DOS. Why? Because, surprisingly, they still have quite a few corporate customers that need to use DOS. So if you can boot DOS you can boot Linux. Some manufacturers still provide firmware and BIOS updates via DOS boot cds. If you can boot from a non-signed CD, you can boot Linux. Some manufactures still consider it a competitive advantage to offer "fast-boot" linux-based firmware. Likely those would be able to be manipulated in order to to boot Linux from disk. On the server side, I don't think there is any major server manufacturer dumb enough to sell a system not capable of running Linux. In short, it's probably less of a problem then than people make it out to be. It's akin to the old(?) days when Broadcom cards didn't work with Linux. The solution is always simple: don't buy a system that has a Broadcom card. ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 22:46 ` Albert W. Hopkins @ 2011-09-26 23:03 ` Alan McKinnon 2011-09-26 23:24 ` Dale 2011-09-27 4:17 ` Indi 2 siblings, 0 replies; 30+ messages in thread From: Alan McKinnon @ 2011-09-26 23:03 UTC (permalink / raw To: gentoo-user On Mon, 26 Sep 2011 18:46:21 -0400 "Albert W. Hopkins" <marduk@letterboxes.org> wrote: > On the server side, I don't think there is any major server > manufacturer dumb enough to sell a system not capable of running > Linux. How very true. If a manufacturer tried that, they would lose the entire ISP and backbone market in a flash. Linux, BSD and Solaris rules that area. Windows doesn't even get a look-in. Next they'd lose the Oracle/Sybase/IQ/any-db-that-matters market where those products do run on Windows (sort of a token gesture, useful for POCs run by the technically clueless) but anyone with a brain does the real work on Unix. It usually takes just one phone call from the right person and an entire corporate can switch from vendor X to vendor Y. It's scary to watch. -- Alan McKinnnon alan.mckinnon@gmail.com ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 22:46 ` Albert W. Hopkins 2011-09-26 23:03 ` Alan McKinnon @ 2011-09-26 23:24 ` Dale 2011-09-27 4:17 ` Indi 2 siblings, 0 replies; 30+ messages in thread From: Dale @ 2011-09-26 23:24 UTC (permalink / raw To: gentoo-user Albert W. Hopkins wrote: > On Mon, 2011-09-26 at 11:15 -0500, Dale wrote: >> So buy a mobo without it or that can disable it. Got it. It'll be a >> good while before I buy a new mobo tho. I'm sure they will have a >> nice >> fix by then but this is something I need to remember just in >> case. ;-) > Ok, I'll bite... > > It depends on who makes your system. For example, I've got a new > laptop, with UEFI BIOS and SATA HDD, but if you go in the UEFI settings > and change a couple of settings, you'll be able to boot into DOS. Why? > Because, surprisingly, they still have quite a few corporate customers > that need to use DOS. So if you can boot DOS you can boot Linux. > > Some manufacturers still provide firmware and BIOS updates via DOS boot > cds. If you can boot from a non-signed CD, you can boot Linux. Some > manufactures still consider it a competitive advantage to offer > "fast-boot" linux-based firmware. Likely those would be able to be > manipulated in order to to boot Linux from disk. > > On the server side, I don't think there is any major server manufacturer > dumb enough to sell a system not capable of running Linux. > > In short, it's probably less of a problem then than people make it out > to be. It's akin to the old(?) days when Broadcom cards didn't work > with Linux. The solution is always simple: don't buy a system that has > a Broadcom card. > Well, I build my rigs and no laptops either. Basically, if this does come to pass, I'll just buy a mobo that allows it to be turned off or one that doesn't have it at all. I think the mobo should have a way to disable it hardware wise as well. Maybe a jumper or something. I know I'm not a majority here but I don't have and never have had windows. So, if some people are forced to chose, M$ could lose some more users. There are quite a few people that use windows only to play games and Linux for everything else. What's that ole saying about shooting yourself in the foot? lol Well, my current rig will last me for a few years I hope. Maybe it will be dealt with by then. Jeez, initramfs crap and this all in about a month. What will happen next month? Oh, /home has to be on / too. Dale :-) :-) ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 22:46 ` Albert W. Hopkins 2011-09-26 23:03 ` Alan McKinnon 2011-09-26 23:24 ` Dale @ 2011-09-27 4:17 ` Indi 2 siblings, 0 replies; 30+ messages in thread From: Indi @ 2011-09-27 4:17 UTC (permalink / raw To: gentoo-user On Mon, Sep 26, 2011 at 06:46:21PM -0400, Albert W. Hopkins wrote: > On Mon, 2011-09-26 at 11:15 -0500, Dale wrote: > > So buy a mobo without it or that can disable it. Got it. It'll be a > > good while before I buy a new mobo tho. I'm sure they will have a > > nice > > fix by then but this is something I need to remember just in > > case. ;-) > > Ok, I'll bite... > > It depends on who makes your system. For example, I've got a new > laptop, with UEFI BIOS and SATA HDD, but if you go in the UEFI settings > and change a couple of settings, you'll be able to boot into DOS. Why? > Because, surprisingly, they still have quite a few corporate customers > that need to use DOS. So if you can boot DOS you can boot Linux. > > Some manufacturers still provide firmware and BIOS updates via DOS boot > cds. If you can boot from a non-signed CD, you can boot Linux. Some > manufactures still consider it a competitive advantage to offer > "fast-boot" linux-based firmware. Likely those would be able to be > manipulated in order to to boot Linux from disk. > > On the server side, I don't think there is any major server manufacturer > dumb enough to sell a system not capable of running Linux. > > In short, it's probably less of a problem then than people make it out > to be. It's akin to the old(?) days when Broadcom cards didn't work > with Linux. The solution is always simple: don't buy a system that has > a Broadcom card. > It's absolutely not a concern, beyond checking to make sure any "safe boot" feature can be disabled before buying. And even that won't be necessary once it's circumvented -- which it will be. Locking the bootloader only works on (some) phones because of their mayfly-like life expectancy combined with their consumer- oriented purpose. And in spite of that, we have cyanogenmod and other successful alternative OS projects. All this latest scheme will do is help create signed malware. And some people say innovation is dying... :) -- caveat utilitor ♫ ❤ ♫ ❤ ♫ ❤ ♫ ❤ ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:26 ` Nilesh Govindarajan 2011-09-26 15:37 ` James Broadhead 2011-09-26 15:42 ` Dale @ 2011-09-26 15:54 ` Indi 2011-09-26 16:07 ` Michael Mol 2011-09-26 19:29 ` Jonas de Buhr 3 siblings, 1 reply; 30+ messages in thread From: Indi @ 2011-09-26 15:54 UTC (permalink / raw To: gentoo-user On Mon, 26 Sep 2011 20:56:20 +0530 Nilesh Govindarajan <contact@nileshgr.com> wrote: > On Mon 26 Sep 2011 08:51:17 PM IST, James Broadhead wrote: > > On 26 September 2011 16:01, Mick <michaelkintzios@gmail.com> wrote: > >> I don't know if you have seen this. Given that we're moving into > >> UEFI boot what are the workarounds to compensate for Microsoft's > >> efforts to exclude other operating systems from available hardware? > > > > My opinion is that signed boot is probably on its way (despite not > > actually offering much in the way of security, as the Apple Battery > > hack has shown), and so we'll enter an era where you have the option > > between a fully-signed system (Windows 9 / OS XI or so) or a cracked > > boot, with little in the way of switching between the two, at least > > initially > > > > I know which one I'd pick if it came down to it :) > > And you really need not worry about it, some geek (Torvalds?) will > surely find out a way. > As this is being touted a win8 feature (with win8 set for release sometime in 2012), I predict this will be defeated before the first win8 machine hits the stores -- just like product keys, slic, and wga. Also it's probably safe to predict this "secure boot" scheme will end up being another vector for windows malware. -- caveat utilitor ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:54 ` Indi @ 2011-09-26 16:07 ` Michael Mol 0 siblings, 0 replies; 30+ messages in thread From: Michael Mol @ 2011-09-26 16:07 UTC (permalink / raw To: gentoo-user On Mon, Sep 26, 2011 at 11:54 AM, Indi <thebeelzebubtrigger@gmail.com> wrote: > On Mon, 26 Sep 2011 20:56:20 +0530 > Nilesh Govindarajan <contact@nileshgr.com> wrote: > > As this is being touted a win8 feature (with win8 set for release > sometime in 2012), I predict this will be defeated before the first > win8 machine hits the stores -- just like product keys, slic, and wga. > Also it's probably safe to predict this "secure boot" scheme will end up > being another vector for windows malware. Actually, that's the point of it; the BIOS doesn't allow programmatic manipulation, and would refuse to load unsigned bootloaders. As long as the system doesn't have the 'secure boot' feature disabled, the only way for malware to get into the bootloader section will be if it's signed with the keys in BIOS. I don't know if this will go the way of Palladium and the TPM. Adding it to the Windows8 certification program gives it some weight; OEMs like being able to put those stickers on their hardware. If Microsoft makes certification necessary for OEM bulk keys, the'll have a great deal of leverage. On the other hand, they make push OEMs over the edge to try Linux systems in retail again. (Yes, I realize that'll only happen if Steam and friends become truly trivial to run on Linux) -- :wq ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 15:26 ` Nilesh Govindarajan ` (2 preceding siblings ...) 2011-09-26 15:54 ` Indi @ 2011-09-26 19:29 ` Jonas de Buhr 2011-09-26 19:42 ` Michael Mol ` (2 more replies) 3 siblings, 3 replies; 30+ messages in thread From: Jonas de Buhr @ 2011-09-26 19:29 UTC (permalink / raw To: gentoo-user >> between a fully-signed system (Windows 9 / OS XI or so) or a cracked >> boot, with little in the way of switching between the two, at least >> initially >> >> I know which one I'd pick if it came down to it :) > >And you really need not worry about it, some geek (Torvalds?) will >surely find out a way. yes, there will most likely be a technical way to circumvent it. the problem is that involved companies might try (and likely succeed) to make that illegal. the reasoning will be this: it is assumed that you only make that modification to run pirated copies of commercial operating systems. that you will also need that mod to run free operating systems on it will just not count. at least not for commercially offering the mod. just look at decss. or playstation mod chips. ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 19:29 ` Jonas de Buhr @ 2011-09-26 19:42 ` Michael Mol 2011-09-26 20:20 ` Jonas de Buhr 2011-09-26 19:49 ` Mick 2011-09-26 20:21 ` James Broadhead 2 siblings, 1 reply; 30+ messages in thread From: Michael Mol @ 2011-09-26 19:42 UTC (permalink / raw To: gentoo-user On Mon, Sep 26, 2011 at 3:29 PM, Jonas de Buhr <jonas.de.buhr@gmx.net> wrote: >>> between a fully-signed system (Windows 9 / OS XI or so) or a cracked >>> boot, with little in the way of switching between the two, at least >>> initially >>> >>> I know which one I'd pick if it came down to it :) >> >>And you really need not worry about it, some geek (Torvalds?) will >>surely find out a way. > > yes, there will most likely be a technical way to circumvent it. the > problem is that involved companies might try (and likely succeed) to > make that illegal. > the reasoning will be this: it is assumed that you only make that > modification to run pirated copies of commercial operating systems. > > that you will also need that mod to run free operating systems on it > will just not count. at least not for commercially offering the mod. > just look at decss. or playstation mod chips. I thought this is where we already are? -- :wq ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 19:42 ` Michael Mol @ 2011-09-26 20:20 ` Jonas de Buhr 0 siblings, 0 replies; 30+ messages in thread From: Jonas de Buhr @ 2011-09-26 20:20 UTC (permalink / raw To: gentoo-user >> yes, there will most likely be a technical way to circumvent it. the >> problem is that involved companies might try (and likely succeed) to >> make that illegal. >> the reasoning will be this: it is assumed that you only make that >> modification to run pirated copies of commercial operating systems. >> >> that you will also need that mod to run free operating systems on it >> will just not count. at least not for commercially offering the mod. >> just look at decss. or playstation mod chips. > >I thought this is where we already are? yes, this weird way of thinking is already established and seems to be widely accepted. my point is that it is going to be applied to UEFI cracking. meaning: a technical solution for this will not help us at all. ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 19:29 ` Jonas de Buhr 2011-09-26 19:42 ` Michael Mol @ 2011-09-26 19:49 ` Mick 2011-09-26 19:56 ` Michael Mol 2011-09-26 20:26 ` Jonas de Buhr 2011-09-26 20:21 ` James Broadhead 2 siblings, 2 replies; 30+ messages in thread From: Mick @ 2011-09-26 19:49 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: Text/Plain, Size: 1239 bytes --] On Monday 26 Sep 2011 20:29:14 Jonas de Buhr wrote: > >> between a fully-signed system (Windows 9 / OS XI or so) or a cracked > >> boot, with little in the way of switching between the two, at least > >> initially > >> > >> I know which one I'd pick if it came down to it :) > > > >And you really need not worry about it, some geek (Torvalds?) will > >surely find out a way. > > yes, there will most likely be a technical way to circumvent it. the > problem is that involved companies might try (and likely succeed) to > make that illegal. > the reasoning will be this: it is assumed that you only make that > modification to run pirated copies of commercial operating systems. > > that you will also need that mod to run free operating systems on it > will just not count. at least not for commercially offering the mod. > just look at decss. or playstation mod chips. I am assuming that unlike the old days when I used to boot Linux on PCs using a floppy with SmartBootManager, now we'll need to generate some key/hash for our freshly compiled kernel, then add it to the BIOS firmware and flash the BIOS with it before we are able to boot into it? Is it more complicated than that? -- Regards, Mick [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 19:49 ` Mick @ 2011-09-26 19:56 ` Michael Mol 2011-09-26 21:00 ` Sebastian Beßler 2011-09-27 7:35 ` Sebastian Beßler 2011-09-26 20:26 ` Jonas de Buhr 1 sibling, 2 replies; 30+ messages in thread From: Michael Mol @ 2011-09-26 19:56 UTC (permalink / raw To: gentoo-user On Mon, Sep 26, 2011 at 3:49 PM, Mick <michaelkintzios@gmail.com> wrote: > On Monday 26 Sep 2011 20:29:14 Jonas de Buhr wrote: >> >> between a fully-signed system (Windows 9 / OS XI or so) or a cracked >> >> boot, with little in the way of switching between the two, at least >> >> initially >> >> >> >> I know which one I'd pick if it came down to it :) >> > >> >And you really need not worry about it, some geek (Torvalds?) will >> >surely find out a way. >> >> yes, there will most likely be a technical way to circumvent it. the >> problem is that involved companies might try (and likely succeed) to >> make that illegal. >> the reasoning will be this: it is assumed that you only make that >> modification to run pirated copies of commercial operating systems. >> >> that you will also need that mod to run free operating systems on it >> will just not count. at least not for commercially offering the mod. >> just look at decss. or playstation mod chips. > > I am assuming that unlike the old days when I used to boot Linux on PCs using > a floppy with SmartBootManager, now we'll need to generate some key/hash for > our freshly compiled kernel, then add it to the BIOS firmware and flash the > BIOS with it before we are able to boot into it? > > Is it more complicated than that? Just a hunch, but I think the BIOS will probably be signed. Perhaps in replacement of the existing checksum functionality. I *really* wonder what this is going to do to diagnosis tools. OEMs of Compaq/HP/Packard Bell's stature* strike me as likely to use it as a lock-in for having machines diagnosed and fixed by certified technicians. * Meaning, dirt-cheap pre-built PCs and laptops. -- :wq ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 19:56 ` Michael Mol @ 2011-09-26 21:00 ` Sebastian Beßler 2011-09-27 7:35 ` Sebastian Beßler 1 sibling, 0 replies; 30+ messages in thread From: Sebastian Beßler @ 2011-09-26 21:00 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 859 bytes --] Am 26.09.2011 21:56, schrieb Michael Mol: >> Is it more complicated than that? > Just a hunch, but I think the BIOS will probably be signed. Perhaps in > replacement of the existing checksum functionality. I have something like that on my Motorola Milestone Android Phone. It is not possible to change the kernel because the bootloader is signed and only loads signed kernels. The "BIOS" of the phone is signed so that you can't change the bootloader. Milestone is out for about 2 years now, many smart people tried to hack it but till now no luck and it does not look like it will be hacked ever. I fear that something like that will come to most laptops and many ready built desktop computers in a few years. It will likely still be possible to buy mainboards without it, for a high prize I also fear. Greetings Sebastian Beßler [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 900 bytes --] ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 19:56 ` Michael Mol 2011-09-26 21:00 ` Sebastian Beßler @ 2011-09-27 7:35 ` Sebastian Beßler 1 sibling, 0 replies; 30+ messages in thread From: Sebastian Beßler @ 2011-09-27 7:35 UTC (permalink / raw To: gentoo-user Am 26.09.2011 21:56, schrieb Michael Mol: >> Is it more complicated than that? > Just a hunch, but I think the BIOS will probably be signed. Perhaps in > replacement of the existing checksum functionality. I have something like that on my Motorola Milestone Android Phone. It is not possible to change the kernel because the bootloader is signed and only loads signed kernels. The "BIOS" of the phone is signed so that you can't change the bootloader. Milestone is out for about 2 years now, many smart people tried to hack it but till now no luck and it does not look like it will be hacked ever. I fear that something like that will come to most laptops and many ready built desktop computers in a few years. It will likely still be possible to buy mainboards without it, for a high prize I also fear. Greetings Sebastian Beßler ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 19:49 ` Mick 2011-09-26 19:56 ` Michael Mol @ 2011-09-26 20:26 ` Jonas de Buhr 2011-09-26 21:48 ` Mick 2011-09-27 6:59 ` Joost Roeleveld 1 sibling, 2 replies; 30+ messages in thread From: Jonas de Buhr @ 2011-09-26 20:26 UTC (permalink / raw To: gentoo-user >I am assuming that unlike the old days when I used to boot Linux on >PCs using a floppy with SmartBootManager, now we'll need to generate >some key/hash for our freshly compiled kernel, then add it to the BIOS >firmware and flash the BIOS with it before we are able to boot into it? > >Is it more complicated than that? how are you going to write to the bios if it doesn't let you? maybe you are determined enough to manually flash the chip every time you update grub but i think thats a buzzkill for >90% of the users ;) ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 20:26 ` Jonas de Buhr @ 2011-09-26 21:48 ` Mick 2011-09-26 22:17 ` Jonas de Buhr 2011-09-27 6:59 ` Joost Roeleveld 1 sibling, 1 reply; 30+ messages in thread From: Mick @ 2011-09-26 21:48 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: Text/Plain, Size: 1139 bytes --] On Monday 26 Sep 2011 21:26:03 Jonas de Buhr wrote: > >I am assuming that unlike the old days when I used to boot Linux on > >PCs using a floppy with SmartBootManager, now we'll need to generate > >some key/hash for our freshly compiled kernel, then add it to the BIOS > >firmware and flash the BIOS with it before we are able to boot into it? > > > >Is it more complicated than that? > > how are you going to write to the bios if it doesn't let you? > > maybe you are determined enough to manually flash the chip every time > you update grub but i think thats a buzzkill for >90% of the users ;) Yes, I meant flash it of course. Just as I started getting worried about having to roll an initramfs every other day in the near future, now I will also have to be reflashing my BIOS! Ha, ha, ha! I used to build and blueprint my own engines (cars and motorbikes). Then gradually cars became electronic appliances, locked down to the extent where engine modifications became difficult and expensive to implement. I fear that PCs and before that laptops may be heading the same way. :-( -- Regards, Mick [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 21:48 ` Mick @ 2011-09-26 22:17 ` Jonas de Buhr 0 siblings, 0 replies; 30+ messages in thread From: Jonas de Buhr @ 2011-09-26 22:17 UTC (permalink / raw To: gentoo-user >I used to build and blueprint my own engines (cars and motorbikes). >Then gradually cars became electronic appliances, locked down to the >extent where engine modifications became difficult and expensive to >implement. I fear that PCs and before that laptops may be heading the >same way. :-( this has the potential to go really bad. on the other hand tpm had too. maybe we should relax. it's not about being complicated though. you can't blame the industry for building more complicated engines that perform a lot better. that doesn't need to keep you from building your own engine (although it will probably be no competition). and i think cars are a lot more hackable today than they ever were. thats not the same as putting a lock on the front lid only the manufacturer can open. concerning computers, the lockout (if there will be any) is purely artifical. the complexity doesn't keep people from tinkering with it. ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 20:26 ` Jonas de Buhr 2011-09-26 21:48 ` Mick @ 2011-09-27 6:59 ` Joost Roeleveld 2011-09-27 12:11 ` Jonas de Buhr 1 sibling, 1 reply; 30+ messages in thread From: Joost Roeleveld @ 2011-09-27 6:59 UTC (permalink / raw To: gentoo-user On Monday, September 26, 2011 10:26:03 PM Jonas de Buhr wrote: > >I am assuming that unlike the old days when I used to boot Linux on > >PCs using a floppy with SmartBootManager, now we'll need to generate > >some key/hash for our freshly compiled kernel, then add it to the BIOS > >firmware and flash the BIOS with it before we are able to boot into it? > > > >Is it more complicated than that? > > how are you going to write to the bios if it doesn't let you? > > maybe you are determined enough to manually flash the chip every time > you update grub but i think thats a buzzkill for >90% of the users ;) Eerhm... If Grub is the bootloader, wouldn't we just need to have a "signed" version of Grub? -- Joost ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-27 6:59 ` Joost Roeleveld @ 2011-09-27 12:11 ` Jonas de Buhr 2011-09-27 21:18 ` Mick 0 siblings, 1 reply; 30+ messages in thread From: Jonas de Buhr @ 2011-09-27 12:11 UTC (permalink / raw To: gentoo-user >On Monday, September 26, 2011 10:26:03 PM Jonas de Buhr wrote: >> >I am assuming that unlike the old days when I used to boot Linux on >> >PCs using a floppy with SmartBootManager, now we'll need to generate >> >some key/hash for our freshly compiled kernel, then add it to the >> >BIOS firmware and flash the BIOS with it before we are able to boot >> >into it? >> > >> >Is it more complicated than that? >> >> how are you going to write to the bios if it doesn't let you? >> >> maybe you are determined enough to manually flash the chip every time >> you update grub but i think thats a buzzkill for >90% of the users ;) > >Eerhm... >If Grub is the bootloader, wouldn't we just need to have a "signed" >version of Grub? depends if we are talking about hashes being saved in the bios or signatures being checked by the bios. hashes would have to be written to the bios everytime the binary of the bootloader changes. signatures would have to be renewed everytime the binary changes. this is even worse because you will most likely need the some private key to do that which you will not get your hands on. if anyone can create the signature, it's pointless. so you would have to rely on your bios vendor to sign every possible binary of the bootloader. and then you're still locked out. ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-27 12:11 ` Jonas de Buhr @ 2011-09-27 21:18 ` Mick 0 siblings, 0 replies; 30+ messages in thread From: Mick @ 2011-09-27 21:18 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: Text/Plain, Size: 1713 bytes --] On Tuesday 27 Sep 2011 13:11:30 Jonas de Buhr wrote: > >On Monday, September 26, 2011 10:26:03 PM Jonas de Buhr wrote: > >> >I am assuming that unlike the old days when I used to boot Linux on > >> >PCs using a floppy with SmartBootManager, now we'll need to generate > >> >some key/hash for our freshly compiled kernel, then add it to the > >> >BIOS firmware and flash the BIOS with it before we are able to boot > >> >into it? > >> > > >> >Is it more complicated than that? > >> > >> how are you going to write to the bios if it doesn't let you? > >> > >> maybe you are determined enough to manually flash the chip every time > >> you update grub but i think thats a buzzkill for >90% of the users ;) > > > >Eerhm... > >If Grub is the bootloader, wouldn't we just need to have a "signed" > >version of Grub? > > depends if we are talking about hashes being saved in the bios or > signatures being checked by the bios. > > hashes would have to be written to the bios everytime the binary of the > bootloader changes. > > signatures would have to be renewed everytime the binary changes. this > is even worse because you will most likely need the some private key to > do that which you will not get your hands on. if anyone can create the > signature, it's pointless. > so you would have to rely on your bios vendor to sign every possible > binary of the bootloader. and then you're still locked out. Unless ... you could create or set up such signature upon your first boot up and secure it with a new passphrase/token/what have you. I'm thinking that it could become part of the first OS installation, just like you set up a root/user passwd. -- Regards, Mick [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 19:29 ` Jonas de Buhr 2011-09-26 19:42 ` Michael Mol 2011-09-26 19:49 ` Mick @ 2011-09-26 20:21 ` James Broadhead 2011-09-26 20:42 ` Jonas de Buhr 2 siblings, 1 reply; 30+ messages in thread From: James Broadhead @ 2011-09-26 20:21 UTC (permalink / raw To: gentoo-user On 26 September 2011 20:29, Jonas de Buhr <jonas.de.buhr@gmx.net> wrote: >>> between a fully-signed system (Windows 9 / OS XI or so) or a cracked >>> boot, with little in the way of switching between the two, at least >>> initially >> >>And you really need not worry about it, some geek (Torvalds?) will >>surely find out a way. > > yes, there will most likely be a technical way to circumvent it. the > problem is that involved companies might try (and likely succeed) to > make that illegal. Unfortunately, under the DMCA, breaking any encryption / copy-protection mechanism is illegal under US copyright law of all things (and by extension, globally :-/ ). I listened to a pretty interesting debate about this related to the "Right to Repair" act in the States, which relates to the right to access car firmware / software. The consensus seems to be that the pitifully easy-to-crack encryption is only there so that the software becomes covered by the DMCA. What a mess. ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? 2011-09-26 20:21 ` James Broadhead @ 2011-09-26 20:42 ` Jonas de Buhr 0 siblings, 0 replies; 30+ messages in thread From: Jonas de Buhr @ 2011-09-26 20:42 UTC (permalink / raw To: gentoo-user >On 26 September 2011 20:29, Jonas de Buhr <jonas.de.buhr@gmx.net> >wrote: >>>> between a fully-signed system (Windows 9 / OS XI or so) or a >>>> cracked boot, with little in the way of switching between the two, >>>> at least initially >>> >>>And you really need not worry about it, some geek (Torvalds?) will >>>surely find out a way. >> >> yes, there will most likely be a technical way to circumvent it. the >> problem is that involved companies might try (and likely succeed) to >> make that illegal. > >Unfortunately, under the DMCA, breaking any encryption / >copy-protection mechanism is illegal under US copyright law of all >things (and by extension, globally :-/ ). I listened to a pretty >interesting debate about this related to the "Right to Repair" act in >the States, which relates to the right to access car firmware / >software. The consensus seems to be that the pitifully easy-to-crack >encryption is only there so that the software becomes covered by the >DMCA. What a mess. > agreed. still there might be different ways. replacing the whole bios chip (or software) with something different for example. then you technically didn't break any encryption, so no dmca. but i still think that would sooner or later get you in trouble if you offer that service commercially. ^ permalink raw reply [flat|nested] 30+ messages in thread
end of thread, other threads:[~2011-09-27 21:20 UTC | newest] Thread overview: 30+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2011-09-26 15:01 [gentoo-user] [OT] Should I be worried that I won't be able to dual boot in Gentoo? Mick 2011-09-26 15:10 ` Nilesh Govindarajan 2011-09-26 15:17 ` Mark Knecht 2011-09-26 15:21 ` James Broadhead 2011-09-26 15:26 ` Nilesh Govindarajan 2011-09-26 15:37 ` James Broadhead 2011-09-26 15:42 ` Dale 2011-09-26 15:46 ` Michael Mol 2011-09-26 16:15 ` Dale 2011-09-26 22:46 ` Albert W. Hopkins 2011-09-26 23:03 ` Alan McKinnon 2011-09-26 23:24 ` Dale 2011-09-27 4:17 ` Indi 2011-09-26 15:54 ` Indi 2011-09-26 16:07 ` Michael Mol 2011-09-26 19:29 ` Jonas de Buhr 2011-09-26 19:42 ` Michael Mol 2011-09-26 20:20 ` Jonas de Buhr 2011-09-26 19:49 ` Mick 2011-09-26 19:56 ` Michael Mol 2011-09-26 21:00 ` Sebastian Beßler 2011-09-27 7:35 ` Sebastian Beßler 2011-09-26 20:26 ` Jonas de Buhr 2011-09-26 21:48 ` Mick 2011-09-26 22:17 ` Jonas de Buhr 2011-09-27 6:59 ` Joost Roeleveld 2011-09-27 12:11 ` Jonas de Buhr 2011-09-27 21:18 ` Mick 2011-09-26 20:21 ` James Broadhead 2011-09-26 20:42 ` Jonas de Buhr
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox