FYI: get your non-UEFI hardware while you can.

On 06/02/2012 01:23 PM, Bit Twister wrote:

Get your non-UEFI hardware while you can.

Mandriva/Mageia have their work cut out for them.

http://www.itworld.com/open-source/...e?page=0,0
Fedora Linux capitulates to Microsoft boot certificate

Implementing UEFI Secure Boot in Fedora
http://mjg59.dreamwidth.org/12368.html

There will have to be a way to disable secure boot, regardless of
hardware. Otherwise, M$ is going to get hit with the mother of
all lawsuits, from within and without the U.S.

Those that need secure boot are going to have a problem. If you
really want secure boot anywhere anytime, there will have to be a
single standard and method, controlled by a single entity, with
power to crash anything that evades the secure boot controls.
Whether that is M$, the Defense Department, the UN, or the
dictatorship of the proletariat, someone somewhere will have to
be the control point for everything under its purview.

Multiple control points will be problematic, as getting large
numers of hardware/software providers under a control points' big
tent and cooperating on everything pertinent to that control
points' purview will be difficult if not impossible.

No cheers.

jim b.

UNIX is not user unfriendly; it merely
expects users to be computer-friendly.

On Sat, 02 Jun 2012 20:39:02 -0400, Jim Beard wrote:

On 06/02/2012 01:23 PM, Bit Twister wrote:

Get your non-UEFI hardware while you can.

Mandriva/Mageia have their work cut out for them.

http://www.itworld.com/open-source/...e?page=0,0
Fedora Linux capitulates to Microsoft boot certificate

Implementing UEFI Secure Boot in Fedora
http://mjg59.dreamwidth.org/12368.html

There will have to be a way to disable secure boot, regardless of
hardware. Otherwise, M$ is going to get hit with the mother of
all lawsuits, from within and without the U.S.

Heheheh, I watched several UEFI conversations. That would not be M$'s fault.

You can bet M$ have/has covered their derriere.

It's the OEM who controls the boot firmware not M$.

It's not M$ that holds the signed key, that can be anyone the OEM
vendor wants to hold the key for other OSs. :-D

I saw an article about M$'s next release EUL which indicates you
agree that you can not enter into a class action suit against M$.

On 06/02/2012 09:36 PM, Bit Twister wrote:

On Sat, 02 Jun 2012 20:39:02 -0400, Jim Beard wrote:

On 06/02/2012 01:23 PM, Bit Twister wrote:

Get your non-UEFI hardware while you can.

Mandriva/Mageia have their work cut out for them.

http://www.itworld.com/open-source/...e?page=0,0
Fedora Linux capitulates to Microsoft boot certificate

Implementing UEFI Secure Boot in Fedora
http://mjg59.dreamwidth.org/12368.html

There will have to be a way to disable secure boot, regardless of
hardware. Otherwise, M$ is going to get hit with the mother of
all lawsuits, from within and without the U.S.

Heheheh, I watched several UEFI conversations. That would not be M$'s fault.

You can bet M$ have/has covered their derriere.

It's the OEM who controls the boot firmware not M$.

It's not M$ that holds the signed key, that can be anyone the OEM
vendor wants to hold the key for other OSs. :-D

I saw an article about M$'s next release EUL which indicates you
agree that you can not enter into a class action suit against M$.

You are missing the anti-trust/anti-monopoly aspect of this
thing. If M$ is de facto the dominant controller of the key(s),
which control fundamental common function across OSs, it can and
will be torn a new one by anti-trust regulators if it makes
obvious use of its dominant postion. M$ licensing terms will
make not one whit of difference in this regard. The agreement
not to enter into a class action suit itself can be challenged in
the U.S. on anti-trust grounds (coercive use of a dominant market
position, which is illegal), and that can be taken up as a
class-action suit. :) Circumstances in other countries are even
less favorable to M$.

The Europeans will be the lead element on anti-trust, with U.S.
activity in this area dependent to an extent on which party is in
power but mostly dependent on international reprecussions. The
U.S. likes it that our companies are dominant in the intangibles
of computing machinery (architecture, design, standards de facto
and de jure, etc), and will not willingly see that jeopardized.
That also fits nicely with U.S. private interests, though it
precludes the now-and-then "gotcha" that the back room boys who
play with billions really like to score.

If M$ does not play nice, China will protest, file suit, and
quietly destroy any benefits M$ is getting in China and preclude
any future benefits. That is a big market for M$ to lose in
total, though how much it is actually worth (value reduced by
copyright piracy) may make the loss smaller than one would
expect. And the Russians can be counted on to do something
nasty, constrained only by their imaginations and willingness to
create knock-on flaps, neither of which should be underestimated.

The kicker, of course, is that the hardware OEMs (actual
manufacturers) are mostly outside the United States. If an
above-board agreement with M$ is matched with a sub-rosa
agreement with others, M$ will have a tough time controlling the
impact.

Hence, while I personally do not like the way things are shaking
out, I concur with Fedora that its solution is practical, but
note that there will have to be a means of completely disabling
secure boot on UEFI hardware. That will simply leave things
where they are pre-UEFI. The boot vulnerability will continue to
exist (of real concern to some) but those willing to accept that
will do what they wish, irrespective of UEFI or M$.

Note that pre-UEFI hardware will have to be allowed to access the
'Net for its service life, or the outcry will be overwhelming.
That will provide a few years breathing room for those who choose
to disable secure boot. Eventually, securing the 'Net against
malware will provide a rationale for blacklisting access by any
machine that is not up to par in security measures, and secure
boot will be one of those measures for websites and possibly even
for home computers.

Cheers!

jim b.

UNIX is not user unfriendly; it merely
expects users to be computer-friendly.

Bit Twister wrote:

Get your non-UEFI hardware while you can.

Mandriva/Mageia have their work cut out for them.

Recently Bobbie posted a link here:

http://community.linuxmint.com/tutorial/view/858

It looks like it should apply to all distros where the HD has Windows 7.

As usual for me, I have a few wordy general questions:

How can I tell whether any particular off-the-shelf system has UEFI? (I
gather most machines now shipping with Windows 7 already do.) Is there
any way to tell just from an online description of the machine (e.g.
NewEgg's website)? Or would I have to wait for some other Linux user to
buy that particular model and post a comment on it?

If I end up with a UEFI machine and can't find any better alternatives,
would wiping the entire HD and using my distro's install disc to
repartition work? Or would that depend on the BIOS?

I'm planning on buying an off-the-shelf desktop system later this year,
because I don't feel comfortable building one myself.

Adam
Registered Linux User #536473

On Sun, 03 Jun 2012 19:16:01 -0400, Adam wrote:

It looks like it should apply to all distros where the HD has Windows 7.

Sounds right to me.

How can I tell whether any particular off-the-shelf system has UEFI? (I
gather most machines now shipping with Windows 7 already do.) Is there
any way to tell just from an online description of the machine (e.g.
NewEgg's website)? Or would I have to wait for some other Linux user to
buy that particular model and post a comment on it?

I've been looking for a DLNA tv to work with my mythtv linux box.

What I do is plug the model number and specification into google to
find the manual.

If I end up with a UEFI machine and can't find any better alternatives,
would wiping the entire HD and using my distro's install disc to
repartition work? Or would that depend on the BIOS?

That is where the rub is. You are going to have to take the
model number and find the user guide and look in the instructions to
see what configuration settings are available.