Stand up for your freedom to install free software - Page 3

RupertPupkin · #31 13th July 2012, 06:29 PM

Quote:

Originally Posted by stevea

MS has prohibited ARM hardware vendors from ever booting anything but Win software

There are currently and will continue to be plenty of ARM devices on which you can install Linux. Sure, if you want to install Linux on a Microsoft Surface tablet then you'll be out of luck, but there will still be plenty of non-Windows RT ARM choices out there. Apparently that's why Red Hat decided not to follow the same $99 Verisign certificate plan for ARM as they are for x86*; for the limited number of devices that will run Windows RT (currently only the upcoming MS Surface, one being planned by Samsung, and a few others) it simply isn't worth the effort.

In fact, MS may have slit its own throat on ARM with their Surface tablet; by going into the hardware business they've reportedly ticked off some hardware vendors they've had close relationships with. For example, HP announced they will not be making any ARM tablets, probably in response to MS' Surface: http://www.informationweek.com/news/...held/240003061

So the number of different ARM devices certified for Windows RT could be pretty small, since other hardware vendors may not want to compete with MS. On the other hand, there will be some good ARM choices that will never worry about getting Windows certification, like the Nexus 7 (Google may lock that down in their own way, but that's a different beast).

Quote:

Originally Posted by stevea

Not quite, you have to be a Winqual member (requiring a license w/ MS) to get a signing key, you have to have a Verisign Class 3 Digital ID (Ka-Ching $$$). And the non-discount price isn't $99, it's $499 per year. http://www.symantec.com/verisign/cod...thenticode/buy

To be certifiable (see the reqs) you likely need a Dun&Bradstreet listing. If you think that's a reasonable approach for someone developing a small distro - then you may as well put an MS collar and and leash on and call yourself "Gate's poodle". This crushes competition. A Young Linus could never dream of writing his own OS if this was mandated.

No. This has been explained from day one. How many times does it have to be explained? The $99 fee is for access to Microsoft's sysdev portal. Once you have access to that portal, you can use MS' certificate signing tools to sign as many binaries as you want. Anyone -- even individuals -- can sign up to gain that access. Here are the instructions on how to do it: http://msdn.microsoft.com/en-us/libr.../hh801887.aspx
Notice the part that says "Microsoft has partnered with Symantec to sell, verify, and issue the Authenticode Certificate. Through this partnership, Microsoft and Symantec are able to provide the Authenticode Code Signing Certificate for USD 99." Also, in the Prerequisites section, notice that neither organizations nor individuals have to satisfy the requirements you came up with. You wasted your time finding out all that irrelevant information.

Quote:

Originally Posted by stevea

Ubuntu *seems* to have chosen a different approach of using SecureBoot with Ubuntu keys. So the user has to install a Ubuntu key beforehand. They don't use grub2 as they (rightly IMO) view the signature as violating GPLv3)

The FSF itself says it's not a GPLv3 violation: http://www.fsf.org/campaigns/secure-...whitepaper-web
In fact, as you can see from their article, they prefer Fedora's approach to the one Ubuntu is taking. Sorry, but I'll take the FSF's word on this versus yours.

Quote:

Originally Posted by stevea

Guess you missed the point.

Ah, irony.

stevea · #32 14th July 2012, 09:54 AM

Quote:

Originally Posted by RupertPupkin

There are currently and will continue to be plenty of ARM devices on which you can install Linux. Sure, if you want to install Linux on a Microsoft Surface tablet then you'll be out of luck, but there will still be plenty of non-Windows RT ARM choices out there. Apparently that's why Red Hat decided not to follow the same $99 Verisign certificate plan for ARM as they are for x86*; for the limited number of devices that will run Windows RT (currently only the upcoming MS Surface, one being planned by Samsung, and a few others) it simply isn't worth the effort.

Yes, there are currently many embedded ARM devices that cannot afford the Win license fee and will continue to be open. So what ? That's no argument. You are old enough to remember a day when only a few systems included a Microsoft license - how is that "it's just a few" argument working out ?

But you seem oblivious to what ARM is doing in the marketplace. ARM has just in he past few years conquering embedded (MIPS and PPC are fading fast) and making a strong entre into low end personal (e.g. tablets). There are multi-Ghz, multi-core ARMs on the market today that only consume a few watts ~2-3W/core. These already exceed the performance of some of the Intel Celerons/Laptops of a few years ago. There is a 64bit ARM architecture spec in development and a number of server vendors are selling ARM based multicore enterprise servers. So, the outcome of the architecture wars of the 1990s may have been called prematurely; ARM is a potential competitor. There is a reasonable probability that ARM could become the PC architecture of choice in time.

IF that were to come to pass, IF ARM PCs become the latest-greatest - then exactly how should we view you're attitude of blithely, blindly ceding exclusive boot control of ARM systems to MS approved OSes ?

Its evil, and the only thing necessary for it to succeed is that you MS apologists sit idly by.

I enjoy the opinion that MS is generally failing in the marketplace and perhaps Win8 will be a huge dud, and perhaps their absurd pricing model for RT will prevent adoption, but that doesn't excuse a lack of vigilance. The requirements for secureboot keys, installation etc should NOT be dictated by the near-monopoly power of a single competitor to the exclusion of other interests.

Quote:

In fact, MS may have slit its own throat on ARM with their Surface tablet; by going into the hardware business they've reportedly ticked off some hardware vendors they've had close relationships with. For example, HP announced they will not be making any ARM tablets, probably in response to MS' Surface: http://www.informationweek.com/news/...held/240003061

So the number of different ARM devices certified for Windows RT could be pretty small, since other hardware vendors may not want to compete with MS. On the other hand, there will be some good ARM choices that will never worry about getting Windows certification, like the Nexus 7 (Google may lock that down in their own way, but that's a different beast).

That's whistling past the graveyard - hoping/expecting MS to fail. I don't care if they go out- of biz tomorrow, they should not be controlling/driving secureboot in proprietary ways.

YOU clearly missed the point - ARM laptops, ARM servers ,growing ARM markets....
http://content.dell.com/us/en/corp/d...ions-solutions
http://www.orovillemr.com/business/c...from-defecting

So to clarify - on an MS targeted ARM system, you cant disable secure boot, and you cant install your own keys - and you, Rupert, have no problem with that sort of proprietary lock-out. Thanks for being such a limp-wristed FOSS,OSS supporter/MS-tool.

Quote:

No. This has been explained from day one. How many times does it have to be explained? The $99 fee is for access to Microsoft's sysdev portal. Once you have access to that portal, you can use MS' certificate signing tools to sign as many binaries as you want.

If by "No you mean "Yes", and by "explained from day one" you mean "clear as mud" then we agree.
Yes - its so day-1 obvious that there are loads of questions all over msdn.microsoft.com on the topic. Yeah - so obvious that all the MS developes are confused ....
http://www.osronline.com/showthread.cfm?link=218807

The sysdev website IS/requires the Winqual membership & license I mentioned. So signing in there you NEED to agree to the MS license terms, just as I said. With the $99 cert you can sign apps and drivers for download and installation as explained in their 'authenticode' page. Individuals can create these certs using government photoID , etc. But elsewhere Win claims you need a class 3 cert to sign kernel code. which is not $99, and not available to individuals.

We are just arguing about the height of the hoops that MS is making you jump thru to boot a binary. This is pointless - MS should have zero control of the process.

Quote:

Also, in the Prerequisites section, notice that neither organizations nor individuals have to satisfy the requirements you came up with. You wasted your time finding out all that irrelevant information.

Not for a class 3 cert - it's about as I claimed.

--
The important point is that without requiring the user to diddle the x86 uefi keys, and in no case for some ARMs, to produce a bootable you need ot sign a license agreements w/ MS where you have no alternative. Huge problem !

Quote:

The FSF itself says it's not a GPLv3 violation: http://www.fsf.org/campaigns/secure-...whitepaper-web
In fact, as you can see from their article, they prefer Fedora's approach to the one Ubuntu is taking. Sorry, but I'll take the FSF's word on this versus yours.

The page does claim it's not a GPLv3 violation, but let's look at that license,

Quote:

1. Source Code.[...]

The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities.
[...]
6. Conveying Non-Source Forms.

You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: [...]

So if Fedora distributes signed binaries that you cannot rebuilld ... how does this NOT violate the "all the source code needed to ... run" clause ? How is that different from Tivo-ization ? You can't RUN the shim w/o a MS signature that is not included, you can't RUN grub2 w/o a fedora signature, so then you cant RUN the kernel you build w/o a Fedora signature either. That seems to prevent any practical code modification. Yes you can change the the keys on x86. Fedora neatly avoids the trap of doing this on ARM platforms.

Heres a hypothetic - Someone produces an x86 PC with locked MS keys and no disable. Its not Win8 certified, but it doesn't need to be - right ? So Fedora gives you a binary that boots and runs on this - but the refuse to give you the info to build modified runnable object code. How is this not a license violation ? Are we going to quibble that the signature is not part of the source code - b/c I can therefore make all sorts of 'proprietary' GPL code easily, you get the source but you can never run it without the proper signature.

Yeah - they really love the Fedora approach ...

Quote:

Unfortunately, while it is compliant with the license of GRUB 2 and any other GPLv3-covered software, we see two serious problems with the Microsoft program approach.

1) Users wishing to run in a Secure Boot environment will have to trust Microsoft in order to boot official Fedora. The Secure Boot signing format currently allows only one signature on a binary -- so Fedora's shim bootloader can be signed only by the Microsoft-vouched key. If a user removes Microsoft's key, official Fedora will no longer boot, as long as Secure Boot is on.

2) We reject the recommendation that others join the Microsoft developer program. In addition to the $99 expense being a barrier for many people around the world, the process for joining this program is objectionable. A nonexhaustive list of the problems includes: restrictive terms in multiple of the half-dozen contracts that must be signed, a forced commitment "to receive targeted advertisements and periodic member email messages from Microsoft," and a requirement to provide notarized proof of government-issued identification and a credit card.

These are not acceptable conditions for modifying or using your operating system. For the time being, we should instead rely on the approach Fedora will support for unofficial distribution -- providing tools and materials for users who want to install and use their own keys.

But that doesn't apply to ARM systems for Win.

Yes they like Ubuntu even less.

---------- Post added at 04:54 AM ---------- Previous post was at 03:10 AM ----------

Hmm gplv3 seems clearer than that wrt keys and signatures ...

Quote:

“Installation Information” for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product ...

So fedora cant be used in user products.

mmix · #33 15th July 2012, 02:52 AM

https://www.fsf.org/campaigns/secure...whitepaper-web

Quote:

Conclusion and recommendations

What we've offered here is our position based on the details published by all parties involved so far -- we will continue to assess the situation as these plans are actually put into practice, or changes are announced.

Our focus is to evaluate proposed solutions to the issues posed by Secure Boot on the basis of how well they protect user freedom, to recommend the solutions that do the best job of that, and to stop attempts to turn Secure Boot into Restricted Boot.

The best solution currently available for operating system distributions includes:

1) fully supporting user-generated keys, including providing tools and full documentation for booting and installing both modified and official versions of the distribution using this method;

2) using a GPLv3-covered bootloader to help protect users against the dangers of Restricted Boot;

3) avoiding requiring or encouraging users to trust Microsoft or any company which makes proprietary software; and

4) joining the FSF and the broader free software movement in pressuring computer distributors to facilitate easy and independent installation of free software operating systems on any computer.

We will do what we can to help all free software operating system distributions follow this path, and we will work on a political level to reduce the practical difficulties that adhering to these principles might pose for expedient installation of free software. The FSF does want everyone to be able to easily install a free operating system -- our ultimate goal is for everyone to do so, and the experience of trying out free software is a powerful way to communicate the importance of free software ideals to new people. But we cannot in the name of expediency or simplicity accept systems that direct users to put their trust in entities whose goal it is to extinguish free software. If that's the tradeoff, we better just turn Secure Boot off.

mmix · #34 4th August 2012, 03:40 AM

http://kephra.de/blog/Stop_UEFI.html#en

Quote:

We will likely see a new kind of personal computers soon. A kind of computers that John Walker predicted in 2003, and that Cory Doctorow wants us to fight.

I'm talking about the new class of personal computers shipping with the requirement of UEFI Secure Boot. While Microsoft only requires the hardware vendor to lock the boot loader and to prevent installing any unsigned operating system on ARM right now, it will likely require the same for the next Windows sooner or later. This is why we need to stop UEFI at its beginning, even if its currently possible to turn off secure boot to install a free operating system.

It also won't help much if major distributions like Ubuntu or RedHat get a signed key into the boot loader, because UEFI will prevent any normal Linux system programmer from installing his own self compiled operating system. This will become the end of Linux and free software. Or to tell it in John Walkers words: UEFI will put the genie back into the bottle.

We don't have many ways to fight then, but our main weapon as consumer is to teach them an expensive lesson!

This is most easy from Germany, where we have a law that allows us to send back any mail order, internet order or things that had been sold at the door or on phone within 14 days, and charge our money back. So my suggesting is doing this at the moment the first computers ship that are locked to boot only Microsoft systems. Order them, unpack them, ruin the paper and cardboards, and send them back with a note: Can not install Linux.

The same can be done by people who have an American Express credit card, within 30 days worldwide, I think.

***Gareth Jones*** · #35 4th August 2012, 01:44 PM

While we should keep an eye on these things and make our opposition known, this is extremely unlikely to end FOSS or Linux. For starters, Microsoft would never get away with another such abuse of its attempted monopoly, particularly in the EU.

Personally I prefer to see the "secure" boot fiasco as the desperate death-throws of a mega-company facing inevitable obsolescence over the next decade...

R3v0lut10nary · #36 4th August 2012, 02:31 PM

Quote:

Originally Posted by Gareth Jones

Personally I prefer to see the "secure" boot fiasco as the desperate death-throws of a mega-company facing inevitable obsolescence over the next decade...

This.

It doesn't exactly ooze confidence in your product to strong-arm OEM's into denying consumer choice.

This wouldn't be so pathetic (in my capitalist opinion) if Microsoft played an exclusive role in every facet of the computer manufacturing process, from raw material extraction --> refinement --> etc. --> end product.

But selling an OS under conditions that force other companies to alter their products to actively exclude other OS's? Lame.

deanej · #37 4th August 2012, 09:39 PM

Quote:

Originally Posted by Gareth Jones

While we should keep an eye on these things and make our opposition known, this is extremely unlikely to end FOSS or Linux. For starters, Microsoft would never get away with another such abuse of its attempted monopoly, particularly in the EU.

You sure about that? If challenged, the Microsoft lawyers will just be able to point at Fedora and say "see, there's still competition working fine in this environment".

Also of note: MS removed the browser ballot screen the EU mandated in Windows 7 service pack 1 and nobody noticed for 18 MONTHS. I guess since Opera stopped complaining about their low market share nobody bothered to notice.

Quote:

Personally I prefer to see the "secure" boot fiasco as the desperate death-throws of a mega-company facing inevitable obsolescence over the next decade...

I'm not sure if they're facing inevitable obsolescence. If Windows 8 takes off on the tablets, MS will be in consumer computing for a long time. If not, they still will be (despite what Gartner says, I don't think tablets are going to kill off desktops and laptops).

mmix · #38 16th August 2012, 02:04 PM

Yes fscking restrict boot, hell no.

UEFI and Secure Boot: The Hell I Went Through
-- the post was deleted, so i added original post from google cache --

Quote:

I refuse to support UEFI until some real standards are put into place and enforced. I’ll take something like OpenBIOS, but NOT UEFI.

--

Quote:

I woke up on Aug 13th wanting to work on a story in my WIP queue. I booted my laptop (running Fedora Linux), only to be greeted with no image and no backlight. I thought maybe the brightness needed to be adjusted, but nothing worked. I tried rebooting, and even adjusting the screen, but no amount of work could get it running again. This laptop was my main workstation, so I was panicking a bit. Thankfully, hooking it up to the TV in my office got me a picture (albeit very off kilter) and bought me some time to get everything backed up to my server. (I forgot to mention that I did get it working… somewhat. The internal ribbon cable to the monitor is likely torn.)

Now, I have a Mac Mini, but I had no screen aside from the 42″ LCD TV in my office, so it really wasn’t an option. I decided to go out and get a new desktop and monitor. I got to Best Buy (mistake 1) and went to the desktop isle. I didn’t need anything for gaming, just a workstation, so I picked out a cheap HP pavilion slimline (mistake 2) and a $100 Acer monitor. When I got home, though… Well, that’s when the shat hit the fan.

I did a first boot, and had an error come up that it couldn’t boot to Windows. “Well… Recovery media time!” Nope! The recovery media partition required a WORKING Windows bootloader. (As I later found out, it didn’t, but the “F11″ option at boot didn’t work either, so I assumed that was the case.) “Well, I’ll just pop Fedora on there.” I put my Fedora 17 DVD in the drive and opened up the BIOS menu… “U-E-F-I… ****!” Yes, the new (and abused) Unified Extensible Firmware Interface was in use on the system. I’ve been through HELL in getting distros to even boot with UEFI, but this time would be the worst of the group. (Yes, I’ve tried to get Linux to work on a UEFI-enabled system before, with less-than-acceptable results. That system now sits in another room for my grandfather to use.)

I tried turning it off, and managed to get Fedora installed (As it turned out, I didn’t. The story is added below.). Rebooted, and got a “No boot disk found” error. “Oh, maybe it didn’t set GRUB right.” That wasn’t it… When I tried to install Fedora again, I found myself unable to even boot from the optical drive. So, I grabbed my Mac Mini and downloaded an Ubuntu CD. NOPE! That wouldn’t work either. So, I went to look for a serial number, and the truth hit me harder than a falling Pidgeot. “Feature Byte” The system was using Secure Boot (HP recently started using these, and I’ve ONLY seen them on systems with UEFI, causing me to mistake it for Secure Boot keys.), meaning that the OS had to be “signed” to even have a chance to boot (Sadly, this part WAS true.). There wasn’t an option to turn it off, either.

In the end, I figured out that neither the copy of Windows NOR the recovery partition were properly signed, so Secure Boot wouldn’t have let me run the thing. Seeing as Secure Boot will pretty much be required by OEMs moving to Windows 8, I can honestly say that I’ll NEVER buy an OEM PC again. Let this warning be a lesson to those wishing to try out Linux as well: build your own PC. I will be in the future.

(Yes, I’m aware that OEMs are supposed to give an option to turn it off, but when has this ever happened?)

Now, let me add something in that I discovered after talking to a friend online. I mentioned my story to him, and he asked me if I had any problems getting the initial install for Fedora to work. I told him “Yeah, it was slow as hell to install even the base packages. It even seemed to lock up sometimes.” Well, he told me why that happened.

He tired installing Linux on a similar system and had that same problem, though it didn’t lock him out of booting the thing like the machine I had. When it didn’t work, he made a second attempt, only to notice that the HDD activity light NEVER LIT UP during the install process. The system didn’t boot because there was nothing to boot from. He went ahead and made a guess as to why it happened, though.

I’m betting the thing tried to install everything to the drive, but the firmware redirected it somewhere else. Maybe to memory, maybe even to something like /dev/null. I dunno for sure.

All this said, I refuse to support UEFI until some real standards are put into place and enforced. I’ll take something like OpenBIOS, but NOT UEFI. Yes, I’m aware that I’m typing this from a Mac Mini, but it’s my only working system aside form my server at the moment.

glway · #39 16th August 2012, 03:16 PM

People really surprised with this? Really? Come on we are talking micro$$$$$$$oft here...

stevea · #40 17th August 2012, 01:11 AM

Quote:

Originally Posted by mmix

Yes fscking restrict boot, hell no.

UEFI and Secure Boot: The Hell I Went Through
https://prismdragon.wordpress.com/20...nd-secure-boot

UEFI is a great idea. Ive got zero problems with the basic concept.
Secure boot in concept is great too. We all want to make sure that we're not booting malware.

No - the main problem is that the secureboot scheme is entirely dependent on keys that reflect a private key, and then the UEFI organization itself did not take charge of key management. They left t for the biggest gorilla in th e market place to enforce it's keys be used (or else no Win8 and beyond).

The problem might be subverted if for example the UEFI organization insisted that each system have say 5 keys installed with varying degrees of security, and the admin using a trusted-path would be allowed to select which of the 5 to use/accept. Then if you want eal security FRH and MS and anyone else can pay the $99 to UEFI and get a key to sign. a shim and .... And if you want to write your own OS then you enable the least secure key and sign your own software at home. Anyway a few properties are needed - the signing should never involve consent from a competitor - that's coocoo, and there needs to be a means for end-users to roll their own shims & bootloaders etc - and boot these on a system configured to accept these insecure packages.

Anyway I have serious doubts that a key scheme in FLASH/ROM can ever be good enough. If some MS keyholder goes rogue there is no way to revoke their keys. If someone steals the MS private keys - the entire planet fails. It's just a bad model for security unless I miss something.

beaker_ · #41 17th August 2012, 01:28 AM

Just adding that I can think of more than one environment where anyone but "themselves/ourself" hold the key is unacceptable.

deanej · #42 17th August 2012, 04:44 PM

Secure Boot isn't intended to protect your PC from malware. It's intended to protect your PC from you. The big companies don't want you to actually own your PC and Secure Boot is meant to enforce this vision.

Also, UEFI is a fancypants GUI that is not needed; the only thing BIOS/UEFI does is load the boot loader, it doesn't need stuff like full networking capability, that just introduces security flaws. Stuff like secure boot would be 100% unnecessary for consumers if manufactures wouldn't introduce pointless security vulnerabilities (such as integrating a web browser with the OS), though it would also help if consumers weren't so stupid (I would NOT be opposed to requiring a licence to own anything more sophisticated than a tablet because most people are too dumb to handle a real computer properly).

stevea · #43 19th August 2012, 01:05 PM

Quote:

Originally Posted by deanej

Secure Boot isn't intended to protect your PC from malware. It's intended to protect your PC from you.

They have wonderful meds to treat paranoia these days.

Quote:

The big companies don't want you to actually own your PC and Secure Boot is meant to enforce this vision.

Overgeneralized thinking leads to nonsense conclusions. The problem has nothing to do with companies generally. It's almost exclusively due to one specific near-monopoly company that engages in market manipulations. FWIW Intel has an even greater market share in PCs and greater market manipulation potential yet they are not guilty of the 'proprietary lock-out' manipulations of M$.

Unreasoned business-hate is a terribly prevalent disease these days. Terminal symptoms include loony exaggerated claims of harm and expressions of whine-y victim-hood. Rational people want to distinguish this from legitimate claims.

Quote:

Also, UEFI is a fancypants GUI that is not needed; the only thing BIOS/UEFI does is load the boot loader, it doesn't need stuff like full networking capability, that just introduces security flaws.

That is a completely incompetent description of what UEFI is and what motivates it.
EFI and Unified EFI do replace the BIOS, and provide a large additional set of functionality. The two I've seen have no substantial GUI and can work over a serial port - so that claim is wrong.

Your description of BIOS is fundamentally wrong. It does a LOT more than "load the bootloader". How do you think grub or the winloader or even DOS does I/O to disk & screen before the drivers are loaded ... .it uses the BIOS Int interface calls. How do you think ACPI or BIOS level RAID work ? Your understanding of the BIOS is seriously flawed.

For many years we've had companies produce these BIOS fw sets and most are pretty bad. Terrible layout & organization, a smattering of different ideas implemented; for example the USB I/O is usually a hodge-podge. Their DHCP protocol for PXE/net boot is often flawed - even on mobos from very good manufacturers. Incorrect PCI bus enumerations used to be common. Perhaps worst of all - the ACPI features of the board are usually wrong, and I've never seen a non-Intel MOBO pass an ACPI standards compliance test. Face it - BIOS's stink like weeks old fish. The main reason I suspect is that these little monstrosities are usually written as one-off hacks of the previous one.

Among the strong argument for UEFI -
- It's a friggin' standard, not an "everyone roll your own" scheme.
- Ability to boot from >2TB disk (BIOS could only have 2^32 sectors), and variable sector size. (GUID partition tables).
- CPU independence. (x86, Itanium, ARM).
- Architecture independent drivers API.
- Flexible pre-OS than can allow serial port control for headless ops, and network boots w/o reliance on hardware specific BIOS and the in-PCI code scheme.
- It's extensible !

There certainly are legitimate criticisms of UEFI, but having read about half the standard it's far better than BIOS. The main question is whether it's good enough.

Quote:

Stuff like secure boot would be 100% unnecessary for consumers if manufactures wouldn't introduce pointless security vulnerabilities (such as integrating a web browser with the OS), though it would also help if consumers weren't so stupid (I would NOT be opposed to requiring a licence to own anything more sophisticated than a tablet because most people are too dumb to handle a real computer properly).

No that's completely false. The are BIOS and bootloader exploits today and there is a good chance we'll even see exploits against ASIC/EPROM loads. Your notion that all exploits can be stopped by a properly written OS or by a a sufficiently intelligent user are dead-wrong and you demonstrate a too-common head-in-the-sand attitude toward security. Anytime you apply uncontrolled data to a program than can potentially create an exploit - you have a potential for an exploit. So unless you want to outlaw web browsers or email readers that use X11 or can write files - you can't eliminate the possibility of exploit - even for the most vigilant user. Perhaps someday we'll have computer languages capable of being automatically analyzed and have strong mathematical proofs applied to their operation - we're far from that and even they doesn't prevent all exploits.

If anything tablets & smart phones are a worse problem; used a common mobile locations and often without sufficient processing power to implement good security; then connected and synced to more important systems.

The notions of 'trusted path' and 'chain of certification' and trusted execution (as with secure boot) and 'roots of trust' came out of NIST security models and has been around for at least a decade and perhaps two. It's great that these ideas are being implemented. It's sad that the UEFI.org (of which M$ is one of 11 board members) hasn't carefully prevented market exploitation of the important SecureBoot feature.

deanej · #44 21st August 2012, 01:58 AM

Quote:

Originally Posted by stevea

They have wonderful meds to treat paranoia these days.
For many years we've had companies produce these BIOS fw sets and most are pretty bad. Terrible layout & organization, a smattering of different ideas implemented; for example the USB I/O is usually a hodge-podge. Their DHCP protocol for PXE/net boot is often flawed - even on mobos from very good manufacturers. Incorrect PCI bus enumerations used to be common. Perhaps worst of all - the ACPI features of the board are usually wrong, and I've never seen a non-Intel MOBO pass an ACPI standards compliance test. Face it - BIOS's stink like weeks old fish.

The problem here is not BIOS. The problem is lazy manufacturers not coding it properly.

Quote:

- Ability to boot from >2TB disk (BIOS could only have 2^32 sectors), and variable sector size. (GUID partition tables).

They could fix that in BIOS if the lazy manufacturers could be bothered to update it.

Quote:

The are BIOS and bootloader exploits today

And they are so rare that nobody seriously discusses them.

Quote:

Your notion that all exploits can be stopped by a properly written OS or by a a sufficiently intelligent user are dead-wrong and you demonstrate a too-common head-in-the-sand attitude toward security.

You do realize that almost all malware these days is trojans, right?

Quote:

So unless you want to outlaw web browsers or email readers that use X11 or can write files - you can't eliminate the possibility of exploit - even for the most vigilant user.

Solution: mandatory application-level sandboxing and disallow server-style communication for client computers. Your computer should NOT respond to pings and the like - that is inherently insecure because it tells a hacker that a computer exists at that IP. In fact, for a consumer computer, there is not reason for it to not ignore all network traffic it doesn't initiate. Plus there's always some level of risk; no matter what you do, you always have to trust something without verifying it. Also, installing software written by someone you don't trust is a BAD IDEA.

Quote:

If anything tablets & smart phones are a worse problem; used a common mobile locations and often without sufficient processing power to implement good security; then connected and synced to more important systems.

Unless you jailbreak the device, all apps are also going to be coming from an app store and running in a restricted framework.

Quote:

It's great that these ideas are being implemented. It's sad that the UEFI.org (of which M$ is one of 11 board members) hasn't carefully prevented market exploitation of the important SecureBoot feature.

It's great that distros like Gentoo where you compile everything from source are no more because of this? It's great that you no longer have 100% ownership over your computer?

rclark · #45 24th August 2012, 10:04 PM

Quote:

EFI and Unified EFI do replace the BIOS

I think it is a bad idea. The BIOS (as named) should just initialize the hardware and boot from selected media end of story. Let the OS take over from there. That is that, no more no less. No back doors. The KISS principle. No need to gussy it up. Lock down the BIOS with a jumper that you have insert in the MB if you have to write the firmware. It is now fully secured. I don't see a problem with the 2TB limitation either. How many of you boot from your 'data' disks anyway? I don't . In fact, I just installed a 128G SSD drive for the OS and I am swimming in disk space. My 'large' data drives happen to be 1TB and 2TB drives (internal and USB).

I want 100% ownership of my computer (whether tablet/embedded/desktop) and I see UEFI as a threat to that now and eventually.... Another way of putting is, is if I removed the drive/chip/stick with Windoze installed, and replace it with another drive (like I did above), there should be nothing keeping from either installing my home-brew OS, or Linux or whatever on the new drive. I should have complete control of my hardware and software on my box with no fees or company to consult with or a download of a key or ... Nope notta.

Quote:

And they are so rare that nobody seriously discusses them.

My thought as well...

Now, if MS wants to lock up there OS with certificates and such ... have at it, it is the vendors prerogative.... Heck, even distribute special SSDs that your OS will only operate from if that is what you want to do to be secure... BUT don't do it at the motherboard firmware level that affects 'everyone'... Nope notta.