Software News – netfordownload.com

Windows 8 Secure Boot – or How Microsoft Is Riling Up the Linux Masses

“The trusting (ironic this is all about Trusted Computing) side of me wants to believe this is just a spec from Microsoft to ensure their OS runs correctly on hardware platforms,” said Slashdot blogger yagu. “But history, track record, and all evidence to Microsoft’s tactics since forever make me nervous… “I’m quite convinced (my opinion) Microsoft’s motives remain the same as always.”

What a difference a week makes.

It was just the other day that Linux bloggers were celebrating the news from researcher Net Applications that desktop Linux had surged in popularity in recent months.

Now, the mood in the blogosphere has plummeted once again as a result of the latest developments on the Windows 8 front. Secure Boot, that is — a topic astute readers may remember from last fall but that lately seems to have taken a turn for the worse.

Exhibit A: “Microsoft confirms UEFI fears, locks down ARM (Nasdaq: ARMHY) devices,” as the the Software Freedom Law Center (SFLC) recently summed it up.

Exhibit B: “Why UEFI secure boot is difficult for Linux,” in which Red Hat (NYSE: RHT) developer Matthew Garrett explains why things aren’t looking much better on Windows 8 PCs.

Bottom line? “The Controversy Continues,” as it was put at PCWorld.

‘The Exact Thing They Said They Wouldn’t Do’

“Controversy,” of course, is Linux Girl’s middle name, so she whipped out her Quick Quotes Quill and started taking notes.

“And there we have it,” began consultant and Slashdot blogger Gerhard Mack down at the Linux blogosphere’s rowdy Punchy Penguin Saloon last Friday. “Microsoft is doing the exact thing they said they wouldn’t do, and I still can’t imagine how they think this will actually make things more secure.

“I buy PCs based on my ability to do what I want with them, and the same goes for my mobile phone,” Mack added. “I don’t tolerate Android makers with locked boot loaders, and I already wouldn’t buy an iPhone or iPod. This is just one more set of products I will never spend money on.”

Barbara Hudson, a blogger on Slashdot who goes by “Tom” on the site, had even more choice words on the issue.

‘They Need Software Viagra’

“Nasty, short-sighted, and if you think about it for a moment, a blatant admission that Microsoft (Nasdaq: MSFT), despite having a golden opportunity to abandon all their previous deficient coding practices and cruft when moving to new hardware, still isn’t able to produce an OS that is more than semi-hardened,” Hudson told Linux Girl.

“They need to see a doctor to get some software Viagra,” Hudson added.

“This is not about security,” blogger Robert Pogson agreed. “The local user can always compromise a PC in hand one way or another.”

Rather, “this is about creating a rejuvenated monopoly on ARM,” Pogson asserted.

‘Good-Bye, M$’

Fortunately, “it won’t work, Pogson predicted. “The OEMs have seen FLOSS sell like hotcakes on ARM and they know it is profitable. They no longer need M$ to ensure profitability.”

Some will “produce ARMed units to please M$, but consumers won’t buy them because they know they no longer need M$ on small cheap computers,” he added. “Other initiatives of Wintel will fail similarly: ultrabooks and ’8′ on anything. ’7′ on x86/amd64 could not save M$ from a drop in revenue; ’8′ will not either on ARM or x86/amd64.”

With “an effective monopoly on retail shelves, M$ cannot get more than 60 million PCs per quarter to take their license,” Pogson pointed out. “30 million are installing something else — old copies of XP or GNU/Linux. The world is tired of their old monopoly and wary of a new one. Good-bye, M$.”

‘Microsoft Products Dominate Shelf Space’

Indeed, it’s the purchase decision that Hyperlogos blogger Martin Espinoza was focused on.

“I participated in some spirited conversation on this issue with some apparent astroturfers who insisted that if I don’t like hardware which denies my right to choose what software I’d like to run on it, my sole recourse is not to buy it,” Espinoza told Linux Girl.

“This, of course, ignores numerous issues, including the secondary market,” he pointed out.

“It is a valid point in that when we purchase this hardware we are funding our own abuse, but the simple truth is that the masses purchase that which is presented to them, and Microsoft products dominate shelf space,” Espinoza concluded. “When the choices presented are Windows on x86 and Windows on ARM, the user will end up with ‘secure’ boot either way.”

(more…)

Securely booting Linux a “difficult” proposition

Matthew Garrett, the Red Hat engineer who originally raised the issue of UEFI Secure Boot and Linux, points out in a new posting titled “Why UEFI secure boot is difficult for Linux” that, despite Microsoft’s recent changes to its UEFI Secure Boot requirements, there are some major challenges left if users want secure-booted Linux.

Microsoft recently published a Microsoft Hardware Certification Requirements document for Windows 8, which reworked an early “Logo Requirements” document from September. The new Microsoft document does address some of the initial fears about Linux being locked out on x86 systems. It now requires that it should be possible to physically disable secure boot on systems and that those systems should include a custom secure boot mode which allows keys to be added to and removed from the system’s firmware. This disabling option will allow un-signed operating systems to be installed, while the custom mode, potentially, opens the way for the creation of a Linux that could be securely booted using UEFI.

But, Garrett points out that creating a Linux that could make use of secure booting is a complex proposition. “The technical implementation details are fairly straightforward”, he says, “but they are not the difficult bit”. One important issue would be that all code that was loaded into a signed kernel would also have to be signed. This would mean no third-party modules, such as VirtualBox or NVIDIA drivers, no out-of-tree modules and no way to build an updated driver locally. “That’s going to make some people fairly unhappy” says Garrett. It would be possible to allow the kernel to load unsigned drivers but that would defeat the point of the signing process.

Garrett also returns to issues he has previously noted: that the GPLv3 requires any signed code to have its signing keys publicly published, that there is no central certifying authority for UEFI Secure Boot keys, and that it’s likely that, in order to be able to get a key, an organisation would have to be a legally registered company to fulfil identity verification.

He also complains that Microsoft’s new certification rules do not specify a particular user interface for the custom secure boot mode and have no description of how the key information would be distributed or any way to use custom mode for unintended installers. For users, “asking them to go into the firmware and reconfigure things adds an extra barrier” says Garrett, pointing out that Linux installations are currently as simple as putting a CD in a drive. Specifying elements in UEFI’s user interface would be more likely to be addressed by the Unified EFI Forum in a future UEFI specification, rather than be mandated by Microsoft, which is a member of the forum along with AMD, American Megatrends, Apple, Dell, HP, IBM, Insyde, Intel, Lenovo and Phoenix Technologies.

(more…)

Linux: A ‘strategic asset’ for cloud and virtualisation

The Linux Foundation’s annual report claims it is the ‘dominant platform’ to deal with cloud and the explosion of Big Data.
The Linux Foundation has recognised the importance of cloud and virtualisation for the coming year and thinks its platform is the answer to business woes.

In its annual report – which surveyed 428 IT professionals from organisations around the globe with revenues over $500 million or over 500 employees – the organisation claimed Linux had “proven to be a strategic asset” for delivering both the technologies, with increasing numbers of companies turning to Linux, rather than Windows, to help with implementation.

Of the 61 per cent of organisations using cloud applications, it found 66 per cent were using Linux as their primary platform – up by 4.7 per cent on last year’s figures.

It also claimed Linux was the best choice for the growing numbers in virtualisation. With 72 per cent planning on having a quarter or more of their servers virtualised by the end of 2012 and 46 per cent aiming for half, the Linux Foundation believes its ability to virtualise x86, mid-range and mainframe systems will put Linux in good stead.

As well as cloud computing and virtualisation, Big Data was the other key trend the report recognised and, again, it felt Linux was well placed to deal with the data deluge.

Over 75 per cent of respondents cited Big Data as an issue and 72 per cent said they planned on using Linux to address it, compared to just 35.9 per cent set to use Windows.

(more…)

Windows 8 Secure Boot Controversy Refuses To Die

A “secure boot” feature that Microsoft will require of computer makers with Windows 8 continues to draw controversy.

Initial fears by the Linux community — that Microsoft’s requirements for secure boot on future Windows 8-based machines would thwart Linux use — appear to be half-correct. The catch seems to be that Linux will have trouble dual booting on Windows 8 ARM-based hardware only. Unfortunately, Microsoft has added nothing new to clarify this confusing matter.

Secure boot is part of the Unified Extensible Firmware Interface (UEFI) specification. It’s an optional security procedure in the UEFI spec that promises to address a security hole in current BIOS boot-up procedures. With secure boot, initial system-checking software can talk with the operating system, and it can ensure that malware doesn’t get loaded when a computer starts by verifying a Certificate Authority. This process is seen as advance in security because antimalware software today typically does not check the BIOS firmware upon bootup. BIOS is considered old software technology, and it’s static enough that it’s like an open book for hackers to attach malware to systems in an undetected manner.

The Linux community has complained that Microsoft will make it difficult, or impossible, to dual-boot Linux on Windows machines by requiring secure boot. By requiring hardware makers to enable secure boot on Windows 8 machines, future use of Linux will be thwarted, they have argued. The Linux Foundation, along with Red Hat and Canonical, has described some alternative plans to Microsoft’s secure boot requirement to address this potential problem.

Microsoft denied in a September blog post that using secure boot on Windows 8 PCs would prohibit dual boot to Linux. However, the company did indicate that users would have to turn off secure boot first before booting to Linux. They also claimed that OEMs had complete control over the decision to enable secure boot when producing new PCs.

This argument seemed somewhat settled until Computerworld author Glyn Moody noticed something a little different from Microsoft’s line of argument on page 116 of Microsoft’s “Windows Hardware Certification Requirements” for client and server systems, which bears a publish date of December 2011. On that page, it appears that Microsoft is telling OEMs producing ARM-based machines that secure boot is mandatory, whereas it can be disabled on non-ARM (x86) machines.

“On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable [sic],” the document reads.

“21. MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems.”

(more…)