backtop


Print 59 comment(s) - last by alcalde.. on Jan 22 at 7:16 PM

Anti-Android crackdown would make Apple proud

Microsoft Corp.'s (MSFT) UEFI Secure Boot technology -- the long-awaited BIOS replacement -- has some people concerned due to its digital rights management features, which can be used by OEMs to prevent dual-booting to other operating systems like Linux.

Microsoft Windows President Steven Sinofsky sought to assuage disgruntled Windows users, writing:

There have been some comments about how Microsoft implemented secure boot and unfortunately these seemed to synthesize scenarios that are not the case so we are going to use this post as a chance to further describe how UEFI enables secure boot and the options available to PC manufacturers. The most important thing to understand is that we are introducing capabilities that provide a no-compromise approach to security to customers that seek this out while at the same time full and complete control over the PC continues to be available. Tony Mangefeste on our Ecosystem team authored this post. --Steven

Quick summary

UEFI allows firmware to implement a security policy

Secure boot is a UEFI protocol not a Windows 8 feature

UEFI secure boot is part of Windows 8 secured boot architecture

Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure

Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components

OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform

Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows.

In other words, Microsoft isn't forcing laptop and desktop makers to ban Linux, though it's giving them the tools to do so.

That statement rebuked previously claims of a Red Hat, Inc. (RHT) Linux engineer who posted:

Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.

A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.

...

Now, obviously, we could provide signed versions of Linux. This poses several problems. Firstly, we'd need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It's a grey area, and exploiting it would be a pretty good show of bad faith. Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it's still necessary to get our keys included by ever OEM.

Or does it?

Computer World's UK correspondent Glyn Moody dug up this interesting tidbit in Microsoft's ARM license.  Writes Microsoft in "Windows Hardware Certification Requirements" for client and server systems, a document that regulates licensing (certification) (pg. 116):

MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems.

In other words dual-booting Linux on a standard x86 desktop should be no issue.  But if you were hoping to load dual-booting Android and Windows kernels on a Windows 8 tablet (which will likely have an ARM) CPU or on certain notebooks with ARM chips, think again.  Microsoft could soften its stance and/or users could find a way to break its DRM protections -- but there's no guarantee of either outcome.

Windows with ARM
ARM on Windows 8 -- don't you dare dual boot. [© DailyTech/Jason Mick]

In this regard Microsoft is very much "following in Apple, Inc.'s (AAPL) line".  Apple has long prevented dual booting to Linux or the installation of OS X on non-Apple computers.  Apple does allow Windows installation via Boot Camp, but only via a special understanding with Microsoft who cross licenses patents with Apple.

Windows 8 was a star of the show at the 2012 Consumer Electronics Show and is expected to land in tablets and PCs this fall.

Sources: MSDN [1], [2], Red Hat, Computer World UK



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Not that big a loss.
By Denigrate on 1/16/2012 11:53:57 AM , Rating: 3
As an Android user, admittedly I haven't done ICS yet, it isn't much of a loss to not be able to implement Win8 in dual boot with Android.

Now, I would like that option, and think Microsoft needs to fix this error in judgement. One reason I refuse to purchase Apple products is their refusal to allow their customers to fully customize the user experience.

I'm hoping that I'll be able to eventually install Win8 on a Tegra2 based tablet.




RE: Not that big a loss.
By Denigrate on 1/16/2012 11:55:53 AM , Rating: 2
Sorry about the double post. Got an error on both attempts, and figured it didn't post.


RE: Not that big a loss.
By Tony Swash on 1/16/2012 12:01:21 PM , Rating: 2
quote:
Sorry about the double post. Got an error on both attempts, and figured it didn't post.


I seem to get

"502 Bad Gateway

The server returned an invalid or incomplete response."

Every time I post.

Looks like a glitch in the DT server maybe.


RE: Not that big a loss.
By Ramtech on 1/16/2012 1:34:24 PM , Rating: 3
You're holding it wrong


RE: Not that big a loss.
By pixelslave on 1/16/2012 1:56:06 PM , Rating: 2
I never expect the ARM version of Win 8 tablets would have an unlock bootloader. Just look around, how many unlocked SoC devices are out there?

I am putting my eyes on the x86 Win 8 tablets, however. The chances a x86 PC makers would lock their machines are next to zero. Given that Google made clear the x86 version of Android will be released this year and will be developed in parallel with the ARM version from now on, this is where we can find our heaven to install a stock Android OS onto.


RE: Not that big a loss.
By Labotomizer on 1/16/2012 2:30:57 PM , Rating: 2
Not only next to 0, but absolutely 0. The licensing terms for Windows 8 dictate that the option must be available to disable secure boot in an x86/64 in the BIOS/UEFI settings.


RE: Not that big a loss.
By AntiM on 1/16/12, Rating: 0
RE: Not that big a loss.
By Mitch101 on 1/16/12, Rating: 0
RE: Not that big a loss.
By Cheesew1z69 on 1/16/2012 4:47:19 PM , Rating: 2
/me rolls eyes


RE: Not that big a loss.
By Spuke on 1/16/2012 11:42:29 PM , Rating: 2
quote:
This is ok because it probably takes 256 cpu cores for Android to run smoothly without stuttering but wont prevent the Android OS from crashing and freezing.
Sounds like a short between the touch screen and the floor to me. Android runs as smooth as my sister-in-laws ass on my phone.


RE: Not that big a loss.
By Helbore on 1/17/2012 5:07:11 AM , Rating: 3
Why would you have your sister-in-law's ass on your phone?


RE: Not that big a loss.
By bupkus on 1/17/2012 9:56:30 AM , Rating: 4
Pics, please?


RE: Not that big a loss.
By TakinYourPoints on 1/17/2012 1:43:39 AM , Rating: 2
I don't know why you got downvoted, I agree, the more security options for enterprise the better. Android tablets aren't being deployed partly due to security issues. iOS has this nailed down and it's a major reason why it is being deployed, on top of guaranteed hardware/OS support from Apple and the superior developer ecosystem. Lord knows that security is a top priority for Microsoft in all of their products.

Allowing the ability to lock down the boot environment is one more big plus to getting wide deployment of Windows 8 tablets in enterprise.


RE: Not that big a loss.
By alcalde on 1/17/2012 4:58:51 PM , Rating: 2
>I don't know why you got downvoted,

Because he's being incredibly selfish to only care about himself and incredibly foolish to believe MS' claims.

>I agree, the more security options for enterprise the better.

This isn't a security "option". It's a mandate. Months prior to this policy, two groups presented MS with ways to achieve the security without interfering with the rest of us. They completely ignored both of them, put out smirking replies playing semantic games (including refusing to address linux by name), and now this drops, which they probably hoped no one would notice.

There's no security reason to not allow users to choose to either add their own keys or disable the secure boot option. When an OS vendor makes it a requirement that products that use its OS not be allowed to use any other OS, that's being anti-competitive. This is different from a hardware vendor locking their own device, which is anti-consumer but not impeding their competition.

>Android tablets aren't being deployed partly due to security
>issues.

This has nothing to do with Android deployments in the enterprise. This has to do with users being able to choose what software runs on their hardware. And if the solution to Android security issues is "let's run Windows", there's a clear lack of understanding of the # of threats available on each platform.

>Allowing the ability to lock down the boot environment is one more
>big plus to getting wide deployment of Windows 8 tablets in
>enterprise.

What you're talking about doesn't exist. There isn't "the ability to lock down the boot environment". There is a locked down boot environment and the inability to unlock it.

You never explained how not giving users the ability to install their own OS makes a device more secure (other than more secure for MS, because users can't decide they hate Win8 and install Android or WebOS, or better yet a full desktop Linux distro, instead).


RE: Not that big a loss.
By gilboa on 1/17/2012 5:07:40 AM , Rating: 2
... Secure boot has nothing to do with rootkits.
If someone gains access to your machine he doesn't really need to alter your boot environment in-order to infect it with a rootkit.
Secureboot may or may not reduce the chance of installing a hypervisor like rootkit on secured machines - but even this has yet to proven.

Lets be honest, secureboot is a lock-in tactic; nothing more, nothing less.

- Gilboa


Possibly illegal?
By Magnus909 on 1/16/2012 11:59:02 AM , Rating: 2
I know that apple does the same thing for their hardware.
The key word here is "hardware".
Microsoft doesn't produce tablets themselves, it is up to other manufacturers to do so.
Since Apple makes both the hardware and software it is a different thing.

And on the PC with ARM, it must be seen as directly anti-competitive locking out all other OS;es to be intalled.

By the way, what does ARM says about this? It surely must be a bad thing for them if less system builders choose their CPU;s over Intel due to less options?

This is a case where the only fair thing is that this thing gets cracked quickly, so that competition actually works!




RE: Possibly illegal?
By Labotomizer on 1/16/2012 12:16:22 PM , Rating: 3
The OEMs are free to install a key for an Android distro and supply it if they choose to do so. It's no different from a locked bootloader, only this one is capable of supporting multiple OSes if the vendor decides they want to do that. All MS is saying is that Windows 8 tablets MUST have it enabled and it cannot be disabled. Not that they can't support additional operating systems.


RE: Possibly illegal?
By alcalde on 1/17/2012 5:04:20 PM , Rating: 3
>The OEMs are free to install a key for an Android distro and supply
>it if they choose to do so.

We don't care what the OEMs decide to do. It's about what the owner decides to do. You do remember that long-ago era when you used to decide what software ran on your own system, right? The era before the term "sideload" ever existed?

>It's no different from a locked bootloader,

It is different because the vendor isn't choosing to do it, they're being ordered to do it.

>All MS is saying is that Windows 8 tablets MUST have it enabled and
>it cannot be disabled. Not that they can't support additional
>operating systems.

Is that all they're saying? I guess they're just eliminating the use of Linux, the only full desktop OS available for ARM, on ARM tablets and ARM laptops. They're also saying that if you try Windows 8 and don't like it, well, you're stuck using it and you can never even try out free OSes like Android, WebOS or Linux to see if you like them better. Well, if that's all then, I guess it's not a problem. :-( Sheesh.


RE: Possibly illegal?
By someguy123 on 1/17/2012 5:35:18 PM , Rating: 2
I don't see why you have no problem with vendors doing this. Vendors have been doing this for quite some time before this was even announced. If you didn't want precedent set you should've complained about the various bootloader locks on phones and tablets. You can't be a hypocrite or cherry pick what you complain about if you want to maintain certain consumer freedoms.

I don't understand why it's ok for one group of individuals to do something, but not for another. This also doesn't block you from any linux build, meanwhile there are many ARM devices (mainly phones) that block you from the bootloader entirely. There are plenty of builds that already support UEFI secure boot. It's up to the vendors whether or not to include them.


RE: Possibly illegal?
By alcalde on 1/17/2012 6:55:58 PM , Rating: 2
>I don't see why you have no problem with vendors doing this.

Who said I have no problem with it? There is a difference between anti-consumer and anti-competitive, though. One of them is illegal.

>Vendors have been doing this for quite some time before this was
>even announced.

Some vendors have locked their own devices. No OS vendors have ordered that no one be allowed to install any other OS on a device that runs their OS.

>If you didn't want precedent set you should've complained about the
>various bootloader locks on phones and tablets.

This is an order of magnitude above anything that's come before, so there is no precedent for it. That said, do you imagine that the Linux community, for instance, applauds locked bootloaders? Who made HTC decide to unlock their phones? Motorola? Just a few weeks ago it was discovered that ASUS' Transformer and Transformer Prime Android convertible tablets had locked bootloaders. Who greeted that discovery with massive outcry? Android users and Linux users - so much so that within a few days ASUS announced they would provide a tool to unlock the bootloader. So where do you see a lack of effort?

> You can't be a hypocrite or cherry pick what you complain about if
>you want to maintain certain consumer freedoms.

Of course. On the other hand, you can't cry "Company X does it too!" as so many have to either defend Microsoft or shift the conversation to Apple. No matter how many other companies do it doesn't make it right. When a monopoly does it that makes it even worse. It presents the possibility of leveraging that monopoly (and existing relationships with vendors) to artificially dominate a new emerging market (high-powered ARM laptops and tablets).

>I don't understand why it's ok for one group of individuals to do
>something, but not for another.

You're creating a strawman and knocking it down. I don't understand how "X does it too!" is some sort of a defense. You've yet to spend one word actually addressing what Microsoft is doing and whether it's anti-consumer or anti-competitive. Meanwhile you're suggesting those who are upset about this are hypocrites, when meanwhile the head of one of the groups who spoke out against this, Richard Stallman, uses a little Chinese laptop because it has an open source BIOS and won't use the WiFi on it because there isn't an open source driver for it (!). Sorry, there's zero hypocrisy going on here. There is someone attempting to make those who complain about something wrong into the villain and the monopoly mandating vendors not allow its competition to run on the same device into the hero.

>This also doesn't block you from any linux build,

Yes. Yes it does. Any OS attempting to boot will need to be signed with a key, and the only key in these devices will be Microsoft's. So no, you're not going to be able to boot any other OS on this device because the files attempting to boot won't have the appropriate signature. This is identical to what you can achieve on x86 desktops today through the use of a TPM (trusted platform module).

>There are plenty of builds that already support UEFI secure boot.
>It's up to the vendors whether or not to include them.

Argh!!!! No it is NOT UP TO THE VENDOR. It is UP TO THE OWNER OF THE DEVICE. Once I pay for the device IT IS MINE. I should not be dependent on the vendor to happen to include the software I want to to use. Do you know what the "P" stands for in PC? PERSONAL. Your argument is like saying that the vendor chose to include 75 pieces of crapware on your smartphone, but that was the vendor's choice to include them, and there's no reason you should be allowed to remove them. Not one poster here would agree that the vendor should be able to control your phone like that, and no one would feel that they should have to hunt around or be limited to one or two models of phone to avoid uninstallable crapware. Why can't you see that's the same situation here? Um, not that I'm equating Windows 8 with crapware :-), but I should certainly be able to remove anything the vendor has installed on a device I've paid for which I don't want... that includes Windows 8.


RE: Possibly illegal?
By someguy123 on 1/17/2012 8:34:32 PM , Rating: 2
It seems all of your rage stems from poor reading comprehension. This does not block vendors from signed linux builds (actually, what linux build doesn't support this?). All this requires is that the secureboot feature remains intact and is not disabled. They even have a clause in there saying that they do not maintain responsibility if the vendor wishes to sign different means of firmware control.

And I did not say that it was alright for this to happen due to precedent. What I meant was that secure booting has been used for quite some time, yet this one particular instance where secure booting is enforced seems to be getting the blame for setting precedence. I don't know why google isn't getting blame for allowing vendors to bootlock, and also bootlocking their very own nexus.

basically, microsoft did not create this feature, microsoft did not promote this feature, microsoft did not set precedence and microsoft is not forcing people to only use windows. this is just digging for dirt that doesn't exist.


RE: Possibly illegal?
By alcalde on 1/17/2012 9:21:02 PM , Rating: 2
>It seems all of your rage stems from poor reading comprehension.

Sadly, no. Now you're going to proceed to inform me that not only myself but Computer World, top engineers at Red Hat, etc. are all reading it wrong. Steve Jobs would be proud. But please continue.

>This does not block vendors from signed linux builds (actually,
>what linux build doesn't support this?).

There is no such thing as a signed Linux build today, and it's a very gray area whether any such key would need to be made public per the GPL licensing requirements, rendering secure boot null and void.

From an end-user standpoint, I don't even know where you're going with this. Are you suggesting vendors are going to want to ship ARM tablets and laptops with desktop Linux pre-installed along with Windows 8? If that's not happening with x86, it's not going to happen with ARM.

>All this requires is that the secureboot feature remains intact and
>is not disabled.

Again: that's all? That trivial little thing means that the end user can't install another OS on their device. In practicality, that means that Linux users won't be able to buy/use any high-end tablet or any future ARM laptop, period.

Let me quote from Mr. William of the Software Freedom Law Center:

“The Certification Requirements define … a ‘custom’ secure boot mode, in which a physically present user can add signatures for alternative operating systems to the system’s signature database, allowing the system to boot those operating systems. But for ARM devices, Custom Mode is prohibited: ‘On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable.” [sic] Nor will users have the choice to simply disable secure boot, as they will on non-ARM systems: “Disabling Secure [Boot] MUST NOT be possible on ARM systems.’ [sic] Between these two requirements, any ARM device that ships with Windows 8 will never run another operating system, unless it is signed with a preloaded key or a security exploit is found that enables users to circumvent secure boot.”

I hope that's clear... end users will not be able to disable secure boot and they will not be able to add their own keys . This kills Linux on ARM (even though it's more advanced than Win8 for ARM at this point as it is a full desktop implementation). Microsoft is using its OEM clout to prevent end users from installing Linux on their own paid-for devices which is anti-competitive, especially as Linux has no advertising or marketing or shelf space and relies on end users being able to try it for themselves for free (and pioneered the live CD for that reason).

>They even have a clause in there saying that they do not maintain
>responsibility if the vendor wishes to sign different means of
>firmware control.

The vendor also loses Windows 8 certification, which is suicide for them and is never going to happen.

>And I did not say that it was alright for this to happen due to
>precedent.

Then I wish posters would spend even 1/8 the time addressing the badness of this action and raising a fuss about it that they spend attacking those who are upset about it or changing the subject to other companies and products.

>What I meant was that secure booting has been used for quite some
>time, yet this one particular instance where secure booting is
>enforced seems to be getting the blame for setting precedence.

Again, there's a difference between secure boot (which no one has any problem with) and implementing it in such a way that the user can't choose to boot the operating system of their choice.

MS is exceeding precedence as they are an OS vendor. They are not a manufacturer locking down their own item. Their policy will require other OEMs to lock their products (who might not have otherwise done so) and will affect perhaps dozens of products over the next several years. Google, HP (webOS), the Linux community, Samsung & Intel (Bada and Tizen) have not required anyone using their OS to lock their boot loaders, so yes, this is precedent. Apple doesn't sell or license its OS to third parties.

> I don't know why google isn't getting blame for allowing vendors
> to bootlock, and also bootlocking their very own nexus.

Given that Android is open source, Google doesn't have a lot of say in the matter. All it can do is deny access to its proprietary apps and app store. As we saw with Amazon, that didn't keep Amazon from forking it and creating their own App Store (and Amazon would probably welcome any other product vendors who wanted to tie their device to Amazon's app store in the future). Honestly, Google has already lost control of Android. I don't know enough about the Nexus to know whose decision that was, but one phone is not close to being an entire new class of products.

>basically, microsoft did not create this feature, microsoft did not
>promote this feature, microsoft did not set precedence and
>microsoft is not forcing people to only use windows. this is just
>digging for dirt that doesn't exist.

1. "This feature" is not the issue. It's MS' decision to require OEMs to not allow the custom mode that exists in the feature set specifically to allow users to change their OS that's the issue. If I beat someone over the head with a toaster, the manufacturer of the toaster is not morally blameworthy. I love secure bootloading. I've got full-disk encryption and a BIOS with flashing disabled now and would like to get a TPM (trusted platform module) to do secure boot in the future. It's not being able to change the OS that's the issue and that's not a problem with the standard.

2. MS is demanding OEMs prevent custom mode. That isn't promoting it, no; it's demanding it .

3. As already covered, MS did set precedence unless you tell me which OS vendor mandated OEMs to disallow other OSes on devices it's installed on (without going back to the original IBM PC).

4. Microsoft is forcing users who get Windows to stick with Windows. Also, if the ARM laptop market emerges like the x86 laptop market (Windows pre-installed on anything) then they will will indeed be forcing those who want ARM laptops to use Windows.

5. Dirt that doesn't exist? When I can pick up the first ARM laptop that comes out and install my desktop OS of choice, OpenSUSE Linux, on it, then the dirt won't exist. Until then, you lose all credibility with that claim. It's getting positively Orwellian when MS has specifically stated that Linux won't be able to run on these devices and MS defenders tell Linux users with a big smirk on their face, "No it doesn't. I don't know what you're talking about. You're just making stuff up."


RE: Possibly illegal?
By someguy123 on 1/18/2012 12:19:32 AM , Rating: 2
Like I said, poor reading comprehension. Secureboot is what is being used here. Secureboot is what stops the enduser from signing their own builds. You do not lose windows 8 licensing for signing various other builds. Secureboot is also not required for w8 x86, only ARM, likely due to the inconsistency of ARM designs on the market, which increases likelihood of bricking a device via booting an unsigned OS. GPL/GNU/MIT openness does not stop linux builds from being signed as secure.

The only thing being asked is for secureboot to remain enabled. The end user is being stifled, but your beef is with the industry at large for supporting secureboot.


RE: Possibly illegal?
By alcalde on 1/18/2012 2:32:52 AM , Rating: 2
>Like I said, poor reading comprehension.

No, poor reading comprehension is refusing to address the refutation of your arguments which include many items that simply aren't true or are directly misleading to the less informed (all the stuff about signed Linux when MS is disallowing users to add their own keys, etc.) You've shown yourself to be a fanboy on a mission and no one's going to buy your spin.

>Secureboot is what is being used here. Secureboot is what stops the
>enduser from signing their own builds.

For the 100th time, oh master of reading comprehension, ARM vendors are specifically prohibited by Microsoft from allowing users to enter their own keys. Secure boot works just fine and preserves user choice when users can enter their own keys. Why don't you e-mail the engineer Matthew Garrett at Red Hat (Red Hat being part of the company that created the UEFI spec including secure boot) and tell him that he's wrong about the spec his company helped create and that it's his "poor reading comprehension" and that of his co-workers that made the document they put out explaining how to preserve the safety of secure boot while still allowing users to install their own OS is wrong. Then you can address their claim that Microsoft is using the spec in a way it wasn't intended to be used and explain to them that it's their poor reading comprehension there too.

>You do not lose windows 8 licensing for signing various other
>builds.

I don't know what argument you're making, but you're completely off track. Who the $#%# is talking about what the vendor can sign? What we're talking about is that devices shipped with Win8 ARM will not allow users to enter their own keys or disable secure boot so they cannot load any other OS onto the product. You seem to think this isn't a problem because in theory a vendor could ship an ARM device with what, all thousand or so Linux distros and Android keys built-in? Seriously? In what universe would that happen?

>Secureboot is also not required for w8 x86, only ARM,

You'll discuss everything except why an ARM device owner with Win8 can't install their own operating system, won't you?

> likely due to the inconsistency of ARM designs on the market,
>which increases likelihood of bricking a device via booting an
>unsigned OS.

Ok, so your new theory is that this is being done out of love by Microsoft to save Linux and Android users from themselves? Wow... just wow. It's not even the OEMs themselves who are concerned about this... just the OS vendor who will already have their money. Yes, I can see Steve Ballmer lying awake at night worrying about Android users who've bricked their Win8 devices.

>GPL/GNU/MIT openness does not stop linux builds from being signed
>as secure.

Next you'll be listing the capital of Kansas and the average lifespan of the water buffalo... are you one of those lawyers who attempt to deliberately confuse a jury to get a mistrial? Please stop talking about signing, you're making a fool of yourself. All the signing in the world doesn't matter if the key can't be entered into the device, and no vendor is going to pre-load the device with the key of any operating system that anyone might want to install someday.

>The only thing being asked is for secureboot to remain enabled. The
>end user is being stifled, but your beef is with the industry at
>large for supporting secureboot.

Secure boot is wonderful. I love secure boot. I want secure boot on my PC. The problem isn't with secure boot. It's with not being able to enter keys or disable it when needed. It's like your my neighbor blasting rock music at 3AM and keep telling me over and over that I must hate rock music and I should take up my issues with the maker of the electric guitar. I don't have a problem with rock music; I have a problem that it's 3AM. See the difference?

As Mr. William of the Software Freedom Law Center said (and I don't expect you to address) “Before this week, this policy might have concerned only Windows Phone customers. But just yesterday, Qualcomm announced plans to produce Windows 8 tablets and ultrabook-style laptops built around its ARM-based Snapdragon processors. Unless Microsoft changes its policy, these may be the first PCs ever produced that can never run anything but Windows, no matter how Qualcomm feels about limiting its customers’ choices. SFLC predicted in our comments to the Copyright Office that misuse of UEFI secure boot would bring such restrictions, already common on smartphones, to PCs. Between Microsoft’s new ARM secure boot policy and Qualcomm’s announcement, this worst-case scenario is beginning to look inevitable.”

Note the word "misuse". Secure boot was intended to prevent malicious code from running at boot, not other operating systems. Both Red Hat (again, who helped CREATE UEFI) and the Linux Foundation put out papers addressing how to use secure boot CORRECTLY - in a way that still let users install the OS of their choice. Microsoft ignored their papers for three months and then produced this policy anyway. Until you address this fact and stop going off on tangents about signing Linux, I'm done with you and I'm sure any reader who's followed your non-responses is too.


RE: Possibly illegal?
By NellyFromMA on 1/16/2012 2:31:04 PM , Rating: 2
Are these companies selling you devices meant to install whatever OS you want on it, or are they selling you hardware only intended to run specific software on it? I guess that's what it ultimtaely ends up boiling down to. I suppose the market will sort itself out, don't buy these devices if that policy offends you. Personally, I don't think many will care. x86 remains untouched anyways


RE: Possibly illegal?
By alcalde on 1/17/2012 5:11:47 PM , Rating: 2
>I suppose the market will sort itself out,

That's the problem though: in markets where monopolies exist, they DON'T sort themselves out if anti-competitive behavior is present. This is anti-competitive behavior.

>don't buy these devices if that policy offends you.

Again, Windows monopoly. It's like telling users not to buy laptops with Windows pre-installed. Other than a few people selling generic devices out of their garages, that's an almost impossible thing to find. If Win8 ARM takes off, it'll be the same way. The reality is, if you're a Linux user, this move threatens to significantly shrink the number of ARM devices you'll be able to run Linux on in the future. It's also hurting the consumer since Linux can offer the full desktop experience on ARM right now, vs. the widgets of Android and Win8 Metro. At least ASUS caved in to pressure to unlock the Transformer Prime bootloader. The problem is high-spec devices in the future will probably be the ones using Win8, which also means they'll be the best ones to use to run a full desktop on but will be locked down.

>Personally, I don't think many will care.

It's completely irrelevant how many people care. They SHOULD care, though.

>x86 remains untouched anyways

For now. If they get away with locking down ARM, they might try x86 later, just as locking Metro UI apps to their app store now could lead to locking all app installs later. If ARM continues its rise in the mobile space (and an ARM Windows will certainly help that), it'll matter more and more.


RE: Possibly illegal?
By Daemyion on 1/16/2012 5:27:18 PM , Rating: 2
quote:
By the way, what does ARM says about this? It surely must be a bad thing for them if less system builders choose their CPU;s over Intel due to less options?


ARM can't say anything - they only design the chip. They don't build the chip, and they don't build the hardware platform either.

I suppose at the end of the day it will all come down to the carriers, and they probably love people buying a new device to switch/upgrade operating systems.


By Labotomizer on 1/16/2012 12:00:09 PM , Rating: 2
And not all existing tablet and ARM device footsteps? Can I load iOS on my Android tablet? Can I install whatever I wish on my Android tablet? Nope. It has a locked bootloader. The secure boot technology is effectively a locked bootloader. I don't see why we want to vilanize Microsoft for doing what every other device maker is currently doing.

And yes, there are devices with unlocked bootloaders and others where you can hack them. Do you really expect Windows 8 tablets to be that much different? Android doesn't use a Grub bootloader so the GPL issue goes away. There will almost certainly be OEMs that offer tablets that are signed with multiple OS keys. Therefore you could have a single tablet OEM sign a tablet with both Windows 8 and their own Android distro and offer the choice to the user. Will all the devices do that? Of course not, not all devices have unlocked boot loaders either. It will be a way devices will distinguish themselves.

You also have to keep in mind that Windows 8 on an ARM tablet will be designed to compete with existing tablet markets. It won't have the full Windows desktop and it won't support x86 programs. It will only support Metro Apps. Which also means MS will be charging very, very little to OEMs for their Windows licenses on these devices.




By pixelslave on 1/16/2012 2:01:43 PM , Rating: 2
Also, judging from how MS chose to implement this, we may be able to install future Windows onto these so-called "locked" tablet by ourselves, assuming that MS sells a signed retail version of its ARM OS. If that is true, it's already better than how most Android tablet makers handle upgrade -- you couldn't even install a new Android OS yourself without hacking.


By someguy123 on 1/16/2012 4:47:02 PM , Rating: 2
I've seen this news posted on a few other sites and reacted the same way. How is this any different from something like the nexus having its bootloader locked? What about the various other phones, and devices like the asus transformer?

windows 8 isn't even out yet and it's getting flak for adopting a security standard that it did not create and was not the first to adopt. makes no sense to me.


By someguy123 on 1/16/2012 6:45:06 PM , Rating: 2
The most confusing thing is this line:

quote:
In other words, Microsoft isn't forcing laptop and desktop makers to ban Linux, though it's giving them the tools to do so.


Microsoft did not give these people UEFI secureboot. Secureboot is a global standard. The line in microsoft's agreement is stating that vendors are free to sign anything they like, and that microsoft do not exert control nor take responsibility for other means of firmware control. Basically they're saying they don't care what you put on there as long as the vendor takes responsibility. How this ended up being misconstrued as microsoft giving vendors the ability to lockout other OSs is just baffling.


By alcalde on 1/17/2012 10:52:50 PM , Rating: 2
You manage to get almost every single sentence wrong. :-(

>Microsoft did not give these people UEFI secureboot. Secureboot is
>a global standard.

It's a shame we're not talking about secure boot then, are we? What we're talking about is Microsoft requiring OEMs to disable the custom feature of secure boot that allows users to enter their own keys to run their own OSes and to not allow secure boot itself to be disabled. The difference is akin to that between the TCP/IP standard and using the standard to implement a DDoS attack! Either you're not getting that or you're being intentionally deceptive. And I'll say it yet again: Timothy McVeigh didn't invent explosives either.

>The line in microsoft's agreement is stating that vendors are free
>to sign anything they like,

This relates to the Windows 8 ARM certification agreement. The vendors are putting Windows 8 on it by definition. Are you suggesting vendors will ship with multiple OSes? Even if you are, it's again completely irrelevant when the issue is end users being able to install the OS of their choice. The Wizard of Oz had less straw men than your post here,,, ;-)

>and that microsoft do not exert control nor take responsibility for
>other means of firmware control.

This is a sentence you seem to be the only source of and conflicts with the actual published information. They are mandating UEFI, mandating secure boot, mandating custom mode not be usable and secure boot not be disabled. So they won't be responsible for anything the OEM does over and above this? You're trying to trick the reader with this unsourced claim into thinking MS is saying they don't have to use secure boot. They do, and I've already quoted the specific lines that say so.

>Basically they're saying they don't care what you put on there as
>long as the vendor takes responsibility.

They do care... they're mandating it . How you read you must use secure boot, it can't be turned off and users can't add other keys as not caring is the only baffling thing. Also, again with the vendors. Please forget about vendors and talk about users, since the issue is how the end result of this will affect consumers, not how it affects vendors. We're consumers, not OEM vendors.

> How this ended up being misconstrued as microsoft giving vendors
>the ability to lockout other OSs is just baffling.

What is wrong with... argh. It's the Ed Bott strategy: just keep smirking, saying I don't know what you're talking about, you're just crazy. I buy some new Lenovo ARM laptop. Can I take the Microsoft 8 ARM off of there and install OpenSUSE Linux ARM? No, I can't? I'm stuck with Windows 8 even if I don't like it? Now, follow the dots... Microsoft... vendor... lock out... OS. I have an OS I want to use that can run on the device... I can't install it because a security feature is present that prevents it... the vendor was threatened with being denied Win8 certification unless it added that security feature... and the party that did this strong-arming was Microsoft. <Shatner>What... in... the...world... are... you... baffled... by?</Shatner>


By alcalde on 1/17/2012 8:44:11 PM , Rating: 2
>How is this any different from something like the nexus having its
>bootloader locked?

There is a difference between a hardware vendor locking their own device and an OS vendor mandating locked devices. Both are anti-consumer, but the latter is anti-competitive. It's also different because we're not talking about phones, we're talking about general-purpose computing devices (we will probably be seeing ARM laptops in the near future as we already have ARM convertible tablets). We're talking about killing off Linux on ARM, for instance. It boggles my mind that the same people who are against Apple's lawsuit frenzy and SOPA are perfectly cool with general-purpose computing devices mandating what you can run on them.

>What about the various other phones, and devices like the asus
>transformer?

Ok, the first thing here is stop thinking phones. This isn't about toys and widgets. This is about future laptops and convertible tablets. The locking of the Transformer was anti-consumer, and the Linux and Android community raised so much fuss that within days ASUS agreed to unlock it. Meanwhile, MS had policy papers from two groups (including Red Hat) suggesting ways to implement secure boot without limiting user choice. They didn't acknowledge them, played word games, and then implemented this OEM policy anyway (as monopolies are wont to do). All of these things combined make this a heck of a lot more serious than one phone maker locking down a phone.

>windows 8 isn't even out yet and it's getting flak for adopting a
>security standard that it did not create

This statement is problematic on several fronts. First, those defending MS when the news first came out about secure boot advised waiting. Now that we've waited and ARM is locked down you're suggesting waiting again? If we sit down and shut up, it's too late. If Win8 ARM devices ship, the vendors will have already agreed to these OEM terms so the only hope to have MS reconsider them is long before Win 8 ARM ships.
Second, don't blame this on secure boot. It's INCREDIBLE how people are blaming everyone except Microsoft. My reply to you is the same I gave to someone else who told me "Microsoft didn't invent this" : Timothy McVeigh didn't invent explosives either. On top of that, Red Hat, like MS, is part of the UEFI steering committee . Red Hat told MS not to do this. In the article that announced the ARM restrictions, it was made clear that secure boot is being used in a way it was never intended to be used. It was not designed to prohibit end users from installing their own operating systems. Microsoft is abusing secure boot to block its competition (free OSes Android, WebOS and Linux) and prevent end users from trying them.

> and was not the first to adopt. makes no sense to me.

I'm sorry it doesn't make sense to you, but perhaps that's because you haven't read the relevant articles on the subject or are viewing this through partisan lenses. Microsoft is the first and only company to mandate to OEMs that end users not be able to disable secure boot. That is not part of the secure boot standard. There is nothing wrong with secure boot; there is something wrong with using it to keep consumers from installing their OS of choice.


By alcalde on 1/17/2012 6:31:36 PM , Rating: 2
>And not all existing tablet and ARM device footsteps? Can I load
>iOS on my Android tablet?

Did you think about that statement? You can't install iOS on your Android tablet because of Apple, not because of Android tablet makers. You get Apple to sell a copy of iOS separately, and I guarantee you we'll get it running on a similarly-speced Android tablet, just as Hackintoshes exist.

>Can I install whatever I wish on my Android tablet? Nope. It has a
>locked bootloader.

What device are you using? There are entire communities dedicated to producing custom Android ROMs, and a few days ago the CyanogenMod folks announced they'd surpassed ONE MILLION unique downloads. If all Android devices had a locked bootloader, who are these one million people downloading these ROMs?

ASUS locked the Transformer and Transformer Prime tablet/laptops, and there was a huge outcry from the user community, so much so that within a few days ASUS agreed to unlock the devices. Three months before MS implemented this OEM policy two different groups (including Red Hat, who also has a position on the UEFI board with Microsoft) detailed ways MS could gain the security of secure boot without infringing on people's right to install their own OS. Secure boot was never intended to lock people out of installing a new OS. MS ignored all of this input and produced this policy anyway.

>The secure boot technology is effectively a locked bootloader. I
>don't see why we want to vilanize Microsoft for doing what every
>other device maker is currently doing.

MICROSOFT IS NOT A DEVICE MAKER. Microsoft is an OS vendor. When Apple locks down its own iPad, that's anti-comsumer, but it doesn't hurt its competitors (e.g. Samsung). When Microsoft orders OEMs to not allow other OSes to be installed on any product they put Win8 ARM on, that is anti-competitive, as it locks out their direct OS competitors (Android, WebOS, Linux). There is NO valid security reason for not allowing the user to disable the secure boot. If there were, wouldn't they be doing it on the much more vulnerable x86 platform? This is about not wanting users to give Android, Linux or WebOS a try. Taking away user control makes Microsoft more secure, not the end user.

>And yes, there are devices with unlocked bootloaders and others
>where you can hack them.

You just negated your first paragraph.

>Do you really expect Windows 8 tablets to be that much different?

Yes. Secure boot is... well, quite secure. If you can hack it, you've either gotten quite lucky with a vendor who failed to implement the practice properly, you've cracked the encryption, in which case the NSA has a job for you and the government's own encryption is at risk, or... well, there is no clear alternative. This is a very secure method created by a consortium of companies and it's not something that one can make a simple end-round.

All of which is besides the point: I shouldn't have to be a hacker to install software on the hardware which I paid for. This isn't even like mobile phones where the device is using a carrier's network and certain restrictions make sense.

>Android doesn't use a Grub bootloader so the GPL issue goes away.
>There will almost certainly be OEMs that offer tablets that are
>signed with multiple OS keys.

You still fail to see the point. It's OUR device. We shouldn't need the OEM's permission to choose what we do with it once we've paid them for it. It's ours.

I use OpenSUSE Linux on my desktop. OpenSUSE is hard at work and making great progress on an ARM port, and I expect it'll be done before Win8 ARM releases. There will never be an OEM pre-installing OpenSUSE on a tablet. What this means is MS is shutting me out of running a full desktop OS on any device that comes with their OS, which will probably be all of the higher-powered ones (the best choice to run a full desktop OS on). If we start seeing ARM laptops appear (and we will) they'll almost certainly all being running Win8 and thus again that'll be a whole class of device I simply won't be allowed to run OpenSUSE or any other Linux on. That's incorrigible and I am simply gobsmacked how many people are shrugging this off just because it doesn't affect them personally. This is MS impeding other OSes and it's anti-competitive.

>You also have to keep in mind that Windows 8 on an ARM tablet will
>be designed to compete with existing tablet markets. It won't have
>the full Windows desktop and it won't support x86 programs.

This is somewhat in the air as they originally showed the full desktop running on ARM but it does seem that they've backed away from that so this will probably be the case. That's all the more reason this is infuriating. A full desktop OS is available now in the form of Linux but this lock-out won't let users use something demonstrably superior on the device. What more do you need to qualify as anti-competitive?


By Lugaidster on 1/17/2012 11:34:09 PM , Rating: 2
You've written an immense amount of lines in this article trying to say something completely wrong. You seem to confuse anticompetitive with undesirable. Microsoft is not mandating that anyone that wants to install Windows 8 on an ARM device conforms with this, it's mandating that anyone that wants a "Designed for Windows 8" (or something along those lines) certification on their device conform with this.

It is not anticompetitive to demand that companies that bundle your software with their devices and want your certification, conform to your guidelines. Maybe it's not what you want, but it certainly isn't anticompetitive (do you even know what that concept legally means?). Remember, this is a requirement for the certification, not for running Windows per se.

If the device isn't what you want, don't buy it. That crap about "We shouldn't need the OEM's permission to choose what we do with it once we've paid them for it. It's ours." is incredibly misguiding. It's certainly wrong to penalize people for doing what they want with their devices (A.K.A. hacking or modding), like what happened with Sony and the PS3. But this is a free market after all, companies and manufacturers aren't required to leave the device open so that a very vocal minority is happy.

I'll just write this again in case it isn't already clear, this are the requirements for the Windows Logo Program, not the System Requirements. If at any point this become the latter, then I'll gladly change my stance.


By alcalde on 1/18/2012 3:05:38 AM , Rating: 2
>You've written an immense amount of lines in this article trying to
>say something completely wrong.

I'd wager there's no one posting here who understands the issue better than myself.

>You seem to confuse anticompetitive with undesirable. Microsoft is
>not mandating that anyone that wants to install Windows 8 on an ARM
>device conforms with this, it's mandating that anyone that wants a
>"Designed for Windows 8" (or something along those lines)
>certification on their device conform with this.

And any vendor that shipped a Windows product without being certified would be eaten alive by its competitors for just that reason and it would be product suicide. Can you name any significant vendor who has ever shipped products that weren't certified? Microsoft is a monopoly and the devices need to have that certification. That's why MS needs to be extra careful to avoid stifling competition and why this move is quite clearly anti-competitive.

>It is not anticompetitive to demand that companies that bundle your
>software with their devices and want your certification, conform to
>your guidelines.

Sigh. Are you a trial lawyer by any chance? First of all, since we're talking about a monopoly, there's an entirely different set of measurements that come into play when gauging anti-competitiveness and you neglect to mention. But we'll set that aside for the moment. Of course there's nothing inherently anti-competitive about asking vendors to "conform to your guidelines". There is something anti-competitive when those "guidelines" include locking the customer in to your product and not allowing them to try or switch to a competitor's product. I see what you did there. Nice try. Would you say that if Microsoft decided to pull the same thing with x86 Win8 the Justice Department wouldn't be on them in an instant? No? If a "guideline" was that the device not be allowed to replace the browser with Firefox or Chrome, would that be just peachy too and not draw the attention of regulators? No? Then there goes your argument. I commend you for keeping a straight face while making it.

>Maybe it's not what you want, but it certainly isn't
>anticompetitive (do you even know what that concept legally
>means?).

You got me. I'm clueless about the concept and you've demonstrated here your superior grasp of the matter. You can do anything you want so long as you call it a "guideline". The fact that you're a monopoly and vendors need that certification to sell products doesn't even factor into it.

>If the device isn't what you want, don't buy it.

And when every eventual ARM laptop ships with Windows 8 just like every x86 laptop does, is that the same answer? Where were you during MS' anti-trust trial...

>That crap about "We shouldn't need the OEM's permission to choose
>what we do with it once we've paid them for it. It's ours." is
>incredibly misguiding.

Yeah, just crazy talk, right?

>It's certainly wrong to penalize people for doing what they want
>with their devices (A.K.A. hacking or modding), like what happened
>with Sony and the PS3.

I haven't seen an argument so boldly wrong since the 90s when Rush Limbaugh said that when we choose which color shirt to wear or which hamburger to order we're "discriminating" so therefore that proves that there's nothing wrong with discrimination. Yes, because we can't do things with our devices that are illegal, that negates the concept of being able to do whatever we want that is legal with our own property.

>But this is a free market after all,

Thank you for the perfect straight line... "Not if a monopoly like Microsoft can get away with things like this."

>companies and manufacturers
>aren't required to leave the device open so that a very vocal
>minority is happy.

Funny it's not the companies that are locking it then, huh? And are you guys all using the same talking points? The argument always goes from attempts to confuse to misusing terms to you're all crazy there's nothing to see here to you're just a minority so your opinion doesn't count.

Companies very likely will be required to leave devices unlocked for the good of consumers and to prevent MS from stifling competition. We'll see how long it takes the EFF to file a lawsuit, although I bet MS will change the policy before anything ever sees a court.

>I'll just write this again in case it isn't already clear, this are
>the requirements for the Windows Logo Program, not the System
>Requirements. If at any point this become the latter, then I'll
>gladly change my stance.

You've made it clear that you don't understand anything about monopoly power in a marketplace or may have been in a cave since the 90s to understand that in a monopoly market OEMs don't have a realistic option to not be certified and thus the monopoly has extra requirements placed on it to avoid using its position to eliminate competition (you know, the same reason the EU made MS put a browser choice screen on start-up to let users choose what browser they want to use).


By Lugaidster on 1/18/2012 4:46:46 PM , Rating: 2
> You've made it clear that you don't understand anything about monopoly power in a marketplace

You've made it clear as well.


By alcalde on 1/22/2012 5:56:25 PM , Rating: 2
I bow to that amazing refutation. Bowled over by the slew of facts you used to back up what would otherwise have been a groundless claim and an acknowledgment that my arguments couldn't be rebutted, I humbly yield.


Why do you say they follow in Apple's footsteps
By Labotomizer on 1/16/2012 12:01:02 PM , Rating: 2
And not all existing tablet and ARM device footsteps? Can I load iOS on my Android tablet? Can I install whatever I wish on my Android tablet? Nope. It has a locked bootloader. The secure boot technology is effectively a locked bootloader. I don't see why we want to vilanize Microsoft for doing what every other device maker is currently doing.

And yes, there are devices with unlocked bootloaders and others where you can hack them. Do you really expect Windows 8 tablets to be that much different? Android doesn't use a Grub bootloader so the GPL issue goes away. There will almost certainly be OEMs that offer tablets that are signed with multiple OS keys. Therefore you could have a single tablet OEM sign a tablet with both Windows 8 and their own Android distro and offer the choice to the user. Will all the devices do that? Of course not, not all devices have unlocked boot loaders either. It will be a way devices will distinguish themselves.

You also have to keep in mind that Windows 8 on an ARM tablet will be designed to compete with existing tablet markets. It won't have the full Windows desktop and it won't support x86 programs. It will only support Metro Apps. Which also means MS will be charging very, very little to OEMs for their Windows licenses on these devices




RE: Why do you say they follow in Apple's footsteps
By Ilfirin on 1/16/2012 2:32:31 PM , Rating: 2
This guy's pretty much got it.

This doesn't lock out Android. It locks out custom made, unofficial, distributions of android by parties unable to get it signed by a CA (generally meaning homebrew developers and virus developers) and anything using a bootloader based off of GPL3 - and even then, you should still be able to perform similar hardware tricks as you can with the chrome Cr-48 beta laptop to enable the flashing of the ROM to install one that does allow you to install insecure operating systems (used this to install Windows8 on mine). I expect any home-brew developer will be more than capable of handling this task in a matter of a few minutes. Any OEM/Carrier can get a CA to sign their version of Android. The only party left out in the cold is the malicious party.

The real enemy here towards linux and the open source community is GPL3. By mandating that every encryption key must be made publicly available they are simultaneously mandating that everything licensed through GPL3 is inherently insecure and can never be secure. As such, no consumer facing product should ever use anything licensed under GPL3 if they care anything at all of their users' privacy - at least not in areas involving sensitive information.

So, yes, GRUB blocks itself by choosing to use this policy, which includes all the linux distros that use GRUB. It's GRUB that needs to change, not the sane part of the world.


RE: Why do you say they follow in Apple's footsteps
By alcalde on 1/17/2012 11:09:34 PM , Rating: 2
Sadly, you're wrong. MS specifically forbids users being able to enter their own keys (something many articles haven't made clear but the Software Freedom Law Center has). It doesn't matter if what I have is signed or not if I can't enter my own key into the device.

This is not a "sane" policy, if by sane you mean genuinely interested in security. It's sane if you want to prevent users from trying competing OSes.

Finally this isn't all about Android either. If we're talking real ARM laptops, the elephant in the room is Linux. If Microsoft indeed backs down on running the full desktop on at least the first ARM devices, and Android is still phone/tablet oriented, that leaves Linux with a significant advantage because full desktop ARM versions of Linux exist, and many of the remaining major distros that don't have one are already hard at work on them and should be completed before Win8's ship date. Linux would be both head and shoulders above the available ARM OSes intended for devices with the most powerful ARM chips, and locked out of being run on most of those devices. That's anti-competitive and not good for the consumer.


By Labotomizer on 1/19/2012 1:50:11 PM , Rating: 2
Dude, get off your high horse. The only difference between this and what Apple and Google do with their tablets is it has the Microsoft name on it. Period. What about ChromeBooks? Google, the OS vendor, mandates that secure boot be enabled and cannot be tampered with on a ChromeBook. Where's your outrage?

Oh, MS doesn't have a monopoly on ARM. They were found to have a monopoly on x86 desktops and laptops. So you're wrong there too. And they have mandated that the option to disable secure boot MUST be availabe on the x86 platform.

So if you want your Lenovo tablet that you can load Linux on, go buy an x86 tablet. What's the big deal? Because the "cheap" platform doesn't give you the options the more expensive one does?

You're a self righteous idiot and that's about all I gathered from your numerous posts here. And about as arrogant as they possibly come. I don't suppose your initials are SJVN are they?


By alcalde on 1/22/2012 6:59:29 PM , Rating: 2
>The only difference between this and what Apple and Google do with
>their tablets is it has the Microsoft name on it.

Two hundred thousand times you're asked to stick to Microsoft and two hundred thousand times it's explained to you the difference between a device vendor and an OS vendor (and Google doesn't even make tablets) and two hundred thousand times you're asked to address the impact of users not being able to install their OS of choice and two hundred thousand times people like you just repeat the same claim without addressing the refutation that's had to be written ad nauseum.

>Period.

Don't you realize that when you can only offer "uh-uh" or "is too" that you've already lost the argument, and never really belonged in it in the first place?

>What about ChromeBooks? Google, the OS vendor, mandates that secure
>boot be enabled and cannot be tampered with on a ChromeBook.
>Where's your outrage?

This is something that's patently false and invented, but first... this isn't about CHROMEBOOKS. This is about MICROSOFT. Secondly, Google has A PHYSICAL SWITCH ON THE DEVICE ALONG WITH A SOFTWARE COMMAND THAT LETS YOU OVERRIDE THE SECURE BOOT. IT ALSO HAS ANOTHER PHYSICAL SWITCH THAT RESETS THE DEVICE TO FACTORY SETTINGS. But this nonsense keeps getting repeated over and over. To return the ZDNet reference you make later on, are you Will Farell or Cylon Centurion or Loverock Davidson, all of which repeat this endlessly despite apparently never having seen, touched, or used a Chromebook?

>Oh, MS doesn't have a monopoly on ARM. They were found to have a
>monopoly on x86 desktops and laptops. So you're wrong there too.

The chipset is irrelevant. They have a monopoly in desktop operating systems. This is like claiming that when the finding was made PCs were mostly running Intel chips, so they don't have a monopoly on AMD.

>And they have mandated that the option to disable secure boot MUST
>be availabe on the x86 platform.

Again, you folks must be working from a script. That's irrelevant to the issue at hand, which is forthcoming ARM laptops and tablets, particularly a new product class of ARM-based ultrabooks.

>So if you want your Lenovo tablet that you can load Linux on, go
>buy an x86 tablet.
>What's the big deal?

I'm reminded of the response the writer of the Dragon Age game to a gamer who complained that the secondary characters in Dragon Age 2 no longer seemed all designed to appeal to straight male characters like Dragon Age 1, and asked for a "no homosexuality option" to get rid of the gay characters and strong female characters he didn't want to see:

quote:
If there is any doubt why [catering to a broad audience] might be met with hostility, it has to do with privilege. You can write it off as 'political correctness' if you wish, but the truth is that privilege always lies with the majority. They're so used to being catered to that they see the lack of catering as an imbalance. They don't see anything wrong with having things set up to suit them; what's everyone's fuss all about? That's the way it should be, and everyone else should be used to not getting what they want.... the person who says that the only way to please them is to restrict options for others is, if you ask me, the one who deserves it least."


Sorry, but I'm not going to roll over and declare that since I don't use the monopoly operating system I just can't have an ARM ultrabook because the monopoly operating system, rather than the hardware vendor, won't let me. You wouldn't settle for that for a moment and you should be ashamed demanding other people do so.

>Because the "cheap" platform doesn't give you the options the more
>expensive one does?

Because ARM platforms have an advantage in battery life and by extension weight,size,heat and noise.

>You're a self righteous idiot and that's about all I gathered from
>your numerous posts here.

I'll agree with the second part of that. You're experiencing cognitive dissonance and frustration because it would seem from your final line you're a ZDNet reader and suddenly you're encountering serious posters who are well-informed and actually challenge arguments rather than hurling insults like pro wrestlers. You try to repeat the same straw men and false information over and over but you finally lash out with insults when it doesn't work and your discomfort grows.

>And about as arrogant as they possibly come.

They say in Texas, "It ain't braggin' if you can really do it." The moment someone actually addresses the issue at hand without turning it into "But Sally ran with scissors too!" or otherwise engaging in strawmen and actually address the issue of the first laptops in history shipping that will be mandated by Microsoft to only be allowed to run Windows, I guess I'll be confident that I actually understand the issue more than other posters. Heck, many of those replying don't even appear to have read this article, much less the original ones and the source documents and the Red Hat and Linux Foundation white papers, before replying.

>I don't suppose your
>initials are SJVN are they?

Ah, the old ZDNet canard. I've asked ZDNet posters to demonstrate to me one instance where Mr. Vaugn-Nichols has "lied" or "schilled", and I've yet to hear one. That is of course opposed to merely being wrong, which certainly happens, especially with his periodically crowning browsers speed kings based on two outdated benchmarks. But I guess if you label someone "biased" you don't have to address any of their arguments.


Did I get it right?
By Aries1470 on 1/20/2012 9:22:08 AM , Rating: 2
So lets see if I got it right:
This is about LAPTOPS (Netbooks & Net-tops) NOT Phones or 'Tablets' per se.

What is happening:

* MS allows x86 platform machines for the end user to be able to install ANY OS ON THEM., as is the norm today with your desktop, laptop what ever you have, even Mac Intels.

* MS will NOT ALLOW YOU - THE END USER TO PUT WHAT EVER OS YOU LIKE on an ARM based ecosystem!

This is what it is all about.

Do NOT MIX UP PHONES ETC!
Do NOT MIX UP EcoSystems!

Example:
I can buy today a LAPTOP, or Net-Top, and I can install the OS of MY OWN CHOICE (except legally (cr)APPLE OSX) on a x86 device. This includes all AMD, Intel & VIA CPU's.

I will have this choice taken AWAY FROM ME if I want to buy an ARM LAPTOP/NETBOOK/NET-TOP/ULTRABOOK or any other similar (enter future name here)device or even a MOTHERBOARD with an ARM processor, and the OEM will be FORCED to do this if they want it to work with WIN8!

So, where is my freedom of choice again?
Is it NOT a STRONG-ARM tactic by M$?
M$ is FORCING the OEM to lock the system, and NOT ALLOW ANY OTHER KEY FOR THE DEVICE THAT WILL BE SHIPPED WITH THEIR SYSTEM! THE END USER WILL NOT BE ABLE TO ENTER A KEY TO ADD ANOTHER OS ON THE SYSTEM.

AGAIN, we are NOT TALKING ABOUT SmartPHONES!or even Tablets.

Ok, I hope this has cleared up, in a concise manner this subject!

Also note, that the x86 will be going through battery juice much more quickly than an equivalant specc'd ARM device.

So in short, on an x86 machine, I can put what OS I want, on an ARM, I will not be allowed to put an OS of MY CHOICE, or even dual boot. On ARM, there is a full desktop OS, that is Linux based, and can also use Android or WebOS but I will not be able to dual or triple or even format and install what I want, if I so desire.




RE: Did I get it right?
By Aries1470 on 1/20/2012 9:40:14 AM , Rating: 2
quote:
...and the OEM will be FORCED to do this if they want it to work with WIN8!


That should read:
...and the OEM will be FORCED to do this if they want it to sell their product with WIN8 installed!

Nearly all PC's come pre-installed today with MS, but they are all x86. So if you want an alternative, in this case an ARM CPU (SoC), the option of installing an alternate OS is taken away.


RE: Did I get it right?
By Labotomizer on 1/20/2012 12:47:07 PM , Rating: 2
So you don't have a choice to buy ARM or x86? Is someone forcing you to buy an ARM tablet? No? Then what the F is your problem?

And again, since you're reading comprehension is clearly flawed, this is for Windows 8 certification. So this would affect Tier 1 OEMs. I know there are many places you can buy systems that aren't certified for Windows 7 but it runs just fine.

No one is taking away choice because you always have the choice if buying something else. If you CHOOSE to buy an ARM device then you go into knowing these restrictions. So make another choice. But that's probably difficult for you to grasp.


RE: Did I get it right?
By alcalde on 1/22/2012 7:16:24 PM , Rating: 2
>So you don't have a choice to buy ARM or x86? Is someone forcing
>you to buy an ARM tablet? No? Then what the F is your problem?

He does have a choice to buy ARM or x86... and he made it . ARM. But he's not going to be allowed to. What the F is your problem with people being able to run what they want on their own laptops?

>And again, since you're reading comprehension is clearly flawed,
>this is for Windows 8 certification. So this would affect Tier 1
>OEMs.

You love insulting people like that, don't you? Is your own personal identity tied up in the existence of Windows 8 on laptops or what?

> I know there are many places you can buy systems that aren't
>certified for Windows 7 but it runs just fine.

Kindly name any legitimate vendor that is able to survive selling machines that aren't certified to run Windows. Are you talking about some cheap Chinese no-names being sold on eBay?

Those are not the companies working on ARM Ultrabooks. Qualcomm has named Toshiba and Lenovo as the companies that are seeking to introduce these.

>No one is taking away choice because you always have the choice if
>buying something else.

This is like the claim, "gay people have the same right as straight people to marry someone of the opposite gender, so what's the problem"? He doesn't have the choice of buying whatever ARM device he chooses and being able to run his OS of choice on it.

>If you CHOOSE to buy an ARM device then you go into knowing these
>restrictions. So make another choice.

Um... no. How about YOU buy a laptop with a locked bootloader with Linux on it and have to figure out how to crack the encryption to run Windows on it. No? Then kindly stop telling other people they have to put up with it.

"So make another choice" is the same as "we don't serve your color in here". In a capitalist system, a monopoly doesn't get to tell people they can't use the competition's devices. With that line you've just proven the anti-competitive nature of the action. Linux isn't welcome on ARM laptops courtesy of Microsoft (not the OEMs, who wouldn't care what you did with it so long as you bought one).

>But that's probably difficult for you to grasp.

Ignorant, self-possessed with privilege, and rude. You've hit the unholy trifecta.


"If Implemented for Server systems"
By hellokeith on 1/16/2012 7:26:04 PM , Rating: 2
Jason,

What is your take on the Note?

System.Fundamentals.Firmware.UEFISecureBoot
Target Feature: System.Fundamentals.Firmware
Title: All client systems must support UEFI Secure boot
Applicable OS Versions:
* Windows 8 Client x86
* Windows 8 Client x64
* Windows 8 Client ARM
* Windows 8 Server x64
* Windows Server 2008 Release 2 x64
Description:
Note: These requirements are If Implemented for Server systems and applies only if a Server system is UEFI capable.




RE: "If Implemented for Server systems"
By Nyceis on 1/16/2012 8:50:15 PM , Rating: 2
Testing....


By Nyceis on 1/16/2012 8:54:36 PM , Rating: 2
Testing 2


Dual booting Linux on Mac
By TakinYourPoints on 1/16/2012 5:45:55 PM , Rating: 3
quote:
Apple has long prevented dual booting to Linux


Completely and absolutely false, dual-booting Linux or any other hardware compatible OS has been permitted for as long as I've had any experience with Macs (almost ten years). Back in the day all you needed was a PowerPC compiled version of Debian or whatever other OS you wanted to install.

quote:
Apple does allow Windows installation via Boot Camp, but only via a special understanding with Microsoft who cross licenses patents with Apple.


And this is a false assumption. You can install whatever software you would like on Apple desktop and laptop hardware, the only restrictions are hardware compatibility. The only reason something like Boot Camp didn't happen sooner is because Macs used PowerPC hardware until 2006. Before the move to x86, there was nothing to keep you from installing any flavor of Unix. There's even a PPC version of BeOS if you were so inclined.

The only restriction that exists is installing OS X on non-Apple hardware. There are no restrictions as far as installing other operating systems on Apple desktops or laptops.




Not that big a loss.
By Denigrate on 1/16/2012 11:54:31 AM , Rating: 2
As an Android user, admittedly I haven't done ICS yet, it isn't much of a loss to not be able to implement Win8 in dual boot with Android.

Now, I would like that option, and think Microsoft needs to fix this error in judgement. One reason I refuse to purchase Apple products is their refusal to allow their customers to fully customize the user experience.

I'm hoping that I'll be able to eventually install Win8 on a Tegra2 based tablet.




RE: Not that big a loss.
By TakinYourPoints on 1/17/12, Rating: 0
By Labotomizer on 1/16/2012 12:00:22 PM , Rating: 2
And not all existing tablet and ARM device footsteps? Can I load iOS on my Android tablet? Can I install whatever I wish on my Android tablet? Nope. It has a locked bootloader. The secure boot technology is effectively a locked bootloader. I don't see why we want to vilanize Microsoft for doing what every other device maker is currently doing.

And yes, there are devices with unlocked bootloaders and others where you can hack them. Do you really expect Windows 8 tablets to be that much different? Android doesn't use a Grub bootloader so the GPL issue goes away. There will almost certainly be OEMs that offer tablets that are signed with multiple OS keys. Therefore you could have a single tablet OEM sign a tablet with both Windows 8 and their own Android distro and offer the choice to the user. Will all the devices do that? Of course not, not all devices have unlocked boot loaders either. It will be a way devices will distinguish themselves.

You also have to keep in mind that Windows 8 on an ARM tablet will be designed to compete with existing tablet markets. It won't have the full Windows desktop and it won't support x86 programs. It will only support Metro Apps. Which also means MS will be charging very, very little to OEMs for their Windows licenses on these devices.




Article Error
By kingmotley on 1/16/2012 12:10:33 PM , Rating: 2
quote:
In other words, Microsoft isn't forcing laptop and desktop makers to ban Linux, though it's giving them the tools to do so.


No, the tools to do so are in UEFI, *IF* that UEFI implementation only supports one set of keys and doesn't allow a second set of keys to be added.

In other words, Microsoft is digitally signing their executable so those people with UEFI BIOSs that support the secure boot feature can take advantage of it and be secure from root kits.




No suprise there...
By Adam M on 1/17/2012 5:59:56 PM , Rating: 2
I was waiting for something along these lines from Microsoft and I expect more in the future. Microsoft seems all to happy to take licensing fees from Android manufactures, LG being the latest to agree but when it comes to dual booting or putting Android on a Windows machine they call for a lock down. They aren't following in Apples footsteps. That would require endless frivolous lawsuits. Instead Microsoft locks manufactures into agreements and then makes up their own rules of engagement as they go along. Next they will require some form of Explorer to be preloaded and permanently installed on any Android they hold an agreement over.




So?
By schmandel on 1/16/2012 9:54:17 PM , Rating: 1
Why would I ever want to use a device that boots Windows? It has been unnecessary for years, why regress?




Correction
By Tony Swash on 1/16/12, Rating: 0
"If you mod me down, I will become more insightful than you can possibly imagine." -- Slashdot














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki