|
|
|
| Authored by: Anonymous on Sunday, March 31 2013 @ 02:45 PM EDT |
>> If the FSF set up a signing service to sign operating systems that
met all of their criteria for freeness, Microsoft's requirements would
permit an end user to configure their system such that it refused to
run non-free software. My system is configured to trust things shipped
by Fedora or built locally by me, a decision that I can make because
Microsoft require that OEMs support it. <<
Color me dumb, but why should I have to rely on MS to allow me to
run free software? Color me even dumber when I wonder why the FSF's
signing service appears subservient to MS? And the real stupid comes
out to ask would any OEM dare ship bare metal that a user or white
box vendor could flash their own key authority to? Nah, it'll never
happen 'cos they've always taken the medicine from Redmond, it
always worked and shifted stock. Why make work with an unknown?
Most people in this debate understand the difference between
Secure Boot and Restricted Boot. What the market is being offered
by OEMs with MS' blessings (threats?) is Restricted Boot. Red Hat,
Canonical, and anyone else lurking in the shadows with a shim,
or some other subterfuge to bootstrap off MS' Boot Restriction
is only fooling himself.
Besides, I don't want a system that refuses to run non-free software ...
[ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Sunday, March 31 2013 @ 03:51 PM EDT |
The hardware vendors and Microsoft define which software will run on
these systems. The
owner gets no say. And, unfortunately, Microsoft aren't
alone. Apple, the single biggest vendor in this
market, implement effectively
identical restrictions.
Aah, no. Apple has had it's own peculiar
bootrom for many years, and has vigorously prosecuted the
copyright on this
rom, from
Franklin Computers thru
Psystar.
The intent always was to dissuade theft of their OS. The notion of preventing
boot sector
malware is foreign to Apple. Their peculiar version of MBR could
always be modified, but Apple never sought
to prevent their hardware booting
"other OS". Finding another OS that would run on 68k or ppc hardware was
always
an exercise for the gentle reader.
Secure OS booting has been
theoretically possible in MacOS since
10.5 Leopard, 2008,
but has not been rigourously enforced until
10.8 Mountain Lion,
July 2012. Yet even now there is no restriction on booting other OS on
Macintosh
hardware as long as it runs on its own partition. Neither has Apple
made any overt effort to dissuade the
Hackintosh community. Some of their
efforts have been low cost security reasearch for Apple. But Garrett's
generalisations on Android devices are unfortunately true. Many Android devices
are as locked down as iOS.
If arm mobile devices are the future of computing
then that's where we should be looking, not at what a
fossilised MS is doing to
x86.
[ Reply to This | Parent | # ]
|
| |
| Authored by: Wol on Tuesday, April 02 2013 @ 01:33 PM EDT |
is NOT an independent signing authority. Do you think I want to have to pay £50
every time I recompile my kernel? And I run gentoo, so I do that quite
frequently...
Matthew Garrett is perfectly on the ball when he says that WE need to control
the keys on OUR motherboards. If I want MS's key, that should be my decision. If
I want MY key that should also be my decision.
Your solution will deny me the right to run MY software on MY machine, without
paying someone else for a signature.
Cheers,
Wol[ Reply to This | Parent | # ]
|
|
|
|
|
