Windows 10 to Lock Out Linux with Secure Boot That Can’t Be Disabled

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
Microsoft is not part of a plot to prevent Linux loading as an alternative OS, it just looks that way. :D Secure Boot has been around since it was introduced with Windows 8 to insure malware wasn’t being installed at boot up. The difference with Windows 10 is that the OEMs will have the deciding vote to let users have the option to turn off the Secure Boot feature.

Secure Boot is well intentioned, aiming to prevent malware being injected into the operating system at low levels, but the downside is that when the feature is enabled versions of Linux and other alternative operating systems will not boot because Secure Boot fails to recognize the validity of their codes.
Click to expand...
 
Sad for Linux, they failed to make a decent impact on normal users in the last 20 years. Now we are going to get to a point where curious people won't even be able to install it.
 
Interesting.

I wonder how this will impact folks like me that use HyperOS and run multiple MS Operating Systems?

I currently run 2 Vista 64 installs and 4 Win 7 installs.
 
I doubt that's going to prevent Linux from being installed. If anything Linux will just have to change how it boots. If not then expect Secure Boot to be hacked and taken apart.
 
ocellaris said:
Sad for Linux, they failed to make a decent impact on normal users in the last 20 years. Now we are going to get to a point where curious people won't even be able to install it.
Click to expand...

I would think that in general, the people who would want to try Linux out would be using part build PCs and not OEM PC anyways. At least a good number of them.
 
Very interesting approach. Wonder how many percent of the malware actually installs at boot up.
 
Gotta love clickbait headlines.

Windows 10 is not going to magically reach into a PC you own now and make it unable to boot Linux.

Neither is Microsoft mandating that new OEM PCs be unable to boot Linux.

Before, they forced OEMs to provide an option to disable secure boot. Now they're not requiring that the option to be provided. So, at worst, Microsoft is giving OEMs the choice as to whether they want to 'lock out Linux'.

Except, that's not really the case either. Many major Linux distributions support SecureBoot. Here's a write-up on the Ubuntu implementation. It even outlines a method for getting SecureBoot to work with kernels you sign yourself, so even the crowd that likes to recompile kernels for themselves should be happy.

Someone saw a slide, didn't know what it was talking about, decided to try and generate controversy and clicks.
 
Flogger23m said:
I would think that in general, the people who would want to try Linux out would be using part build PCs and not OEM PC anyways. At least a good number of them.
Click to expand...

To increase wide spread adoption linux needs to be able to install on ANY PC. Especially laptops.
 
I've always wanted a CMOS option to automatically go to the boot menu after the POST so I can select what drive to boot from. This would eliminate the need for a multiple OS bootloader and things like this wouldn't be an issue in the first place.
 
jbltecnicspro said:
I wonder if this is in response to Steam machines and Vulcan?
Click to expand...

Or Android and Chromebooks. Now that that everyone has seen how much better Android Linux is than Windows, Microsoft is scared. Chromebooks are becoming very popular in the education sector.
 
I don't get it, isn't this the norm now with UEFI enabled desktops? seen a lot of desktops without the option to change secure boot (business machines).
 
dyzophoria said:
I don't get it, isn't this the norm now with UEFI enabled desktops? seen a lot of desktops without the option to change secure boot (business machines).
Click to expand...
Yes, it's the norm. The three major Linux distros (Suse, Fedora and Ubuntu) are all compatible with secure boot. As another poster pointed out, the headline is the product of a Neowin author who has no idea what he's talking about, or he's being intentionally disingenuous in order to get clicks.

No one's being locked out of anything.
 
I would expect most people using Linux are probably building their own systems. Non-OEM boards are not going to block disabling secure boot.

Also, you know, using a Linux distro with Secure Boot compatibility is always an option as well.
 
Still won't stop the NSA from installing its malware... it will still flash your BIOS and hard drive firmware just fine
 
LstOfTheBrunnenG said:
Gotta love clickbait headlines.

Windows 10 is not going to magically reach into a PC you own now and make it unable to boot Linux.

Neither is Microsoft mandating that new OEM PCs be unable to boot Linux.

Before, they forced OEMs to provide an option to disable secure boot. Now they're not requiring that the option to be provided. So, at worst, Microsoft is giving OEMs the choice as to whether they want to 'lock out Linux'.

Except, that's not really the case either. Many major Linux distributions support SecureBoot. Here's a write-up on the Ubuntu implementation. It even outlines a method for getting SecureBoot to work with kernels you sign yourself, so even the crowd that likes to recompile kernels for themselves should be happy.

Someone saw a slide, didn't know what it was talking about, decided to try and generate controversy and clicks.
Click to expand...
That's one way to spin it.

The other way to spin it is back at Windows 8 they more or less force manufacturers to implement a 'security' feature that also happened to lock out competing OS's. They made it a soft barrier by allowing a way to deactivate it. Still making it not the default and a hurdle to most users to clear.

Now they remove that burdensome requirement (such sweet guys) that makes it a hard barrier to their competition. IF they went straight to this state it would have been obvious they were killing two birds with one stone.
 
God...embarrassingly awful clickbait.
I feel bad for anyone who comes here for "news".
 
Flogger23m said:
I would think that in general, the people who would want to try Linux out would be using part build PCs and not OEM PC anyways. At least a good number of them.
Click to expand...

Most people use laptops and not desktops these days. Chances are that spare PC worth giving linux a try with would be an older laptop.
 
ocellaris said:
Sad for Linux, they failed to make a decent impact on normal users in the last 20 years. Now we are going to get to a point where curious people won't even be able to install it.
Click to expand...

Because VMs aren't a thing, right?
 
Terpfen said:
Because VMs aren't a thing, right?
Click to expand...

yeah no shit. I dont even know why someone would dual boot these days. You are obviously going to be doing your gaming in Windows. If you are interested in using Linux part time, there are very few, if any, things that cant be run from within a VM these days with the beasts of rigs we are able to build.
Multiple monitors, unity, one/two full desktops your Linux VM. There, you are good to go.
 
jpm100 said:
Most people use laptops and not desktops these days. Chances are that spare PC worth giving linux a try with would be an older laptop.
Click to expand...

That is true, but my point is the people who even know what Linux is are probably geeks like people at [H] with lots of hardware lying around. :p I don't think the average person is going to mess with their old HP/Dell and try Linux on it. True, there are some people, but Linux certainly is an OS for enthusiasts. I would hope that most manufactures do not go this route personally. Dual booting with Linux can certainly be helpful in some instances.
 
jpm100 said:
That's one way to spin it.

The other way to spin it is back at Windows 8 they more or less force manufacturers to implement a 'security' feature that also happened to lock out competing OS's.
Click to expand...
There is no lockout. The most popular Linux distros are fully compatible with secure boot.

The argument that secure boot locks out the competition is completely without merit. Not to mention the fact that Linux does not compete with Windows in the OEM space to begin with.
 
Wait, Many Linux Distros support secure boot?!?! They are trying to lock out Windows and other Linux distros!!!!
 
personally I'm happy they are going a more secure path by default since most OEM don't bother with security. Plus the OEM cd's are the ones that home builder ie the people using dual boot should be using so that you would have the choice unless you don't know what you are doing in which case you should not turn it off.
 
crusty_juggler said:
There is no lockout. The most popular Linux distros are fully compatible with secure boot.

The argument that secure boot locks out the competition is completely without merit. Not to mention the fact that Linux does not compete with Windows in the OEM space to begin with.
Click to expand...
Of course there is lock out. As you said, you need a popular Linux distro, but not everyone uses one of those. You lose your ability to build your own. Sorry, that is unacceptable. Mandatory ability to disable it should be built into every bios. Honestly, every buyer should have their own certificate for every machine they own. It's the buyer's machine not the OEM that built it. I should be able to sign whatever bios or OS I want to install, NO ONE ELSE.
 
LurkerLito said:
Of course there is lock out. As you said, you need a popular Linux distro, but not everyone uses one of those. You lose your ability to build your own. Sorry, that is unacceptable.
Click to expand...
You can in fact, compile your own kernel and retain secure boot compatibility. Another poster pointed this out.

The issue of smaller, obscure distros not supporting it is on those developers' plate. The onus is on them to get with the times as the firmware needed to implement secure boot compatibility is freely available.

I suspect the refusal of certain distros to officially adopt secure boot compatibility is due to politics.

Again, there is no lockout. You are free to install Linux 'till your heart's content, even roll your own kernels.
 
LurkerLito said:
Of course there is lock out. As you said, you need a popular Linux distro, but not everyone uses one of those. You lose your ability to build your own. Sorry, that is unacceptable. Mandatory ability to disable it should be built into every bios. Honestly, every buyer should have their own certificate for every machine they own. It's the buyer's machine not the OEM that built it. I should be able to sign whatever bios or OS I want to install, NO ONE ELSE.
Click to expand...

You have the choice to not buy hardware that uses secure boot. There is no reason for the industry to hold back on a technology that clearly helps block malware to keep a tiny user base happy. There will still be non secure boot hardware available. It makes far more sense to encourage these smaller more obscure distros to support secure boot.

Of the current Linux install base, 90+% are using distros that support secure boot and the whole Linux install base represents just over 1% of the total computer install base.

I'm sorry if an OS can't support secure boot it is simply out of date.
 
LstOfTheBrunnenG said:
Gotta love clickbait headlines.

Windows 10 is not going to magically reach into a PC you own now and make it unable to boot Linux.

Neither is Microsoft mandating that new OEM PCs be unable to boot Linux.

Before, they forced OEMs to provide an option to disable secure boot. Now they're not requiring that the option to be provided. So, at worst, Microsoft is giving OEMs the choice as to whether they want to 'lock out Linux'.

Except, that's not really the case either. Many major Linux distributions support SecureBoot. Here's a write-up on the Ubuntu implementation. It even outlines a method for getting SecureBoot to work with kernels you sign yourself, so even the crowd that likes to recompile kernels for themselves should be happy.

Someone saw a slide, didn't know what it was talking about, decided to try and generate controversy and clicks.
Click to expand...

Good post!
 
B00nie said:
Just don't buy OEM crap and there will be no problem.
Click to expand...

Well, secure boot is already not a problem (in addition to already being broken and not secure from what came out of DEFCON this past year), but avoiding OEMs is only a desktop thing and hardly anyone besides a few gamer dinosaur holdouts uses a desktop at this point. Computing is mobile and highly integrated which means buyers can pick from a variety of OEMs, but can't DIY their stuff.
 
CreepyUncleGoogle said:
Well, secure boot is already not a problem (in addition to already being broken and not secure from what came out of DEFCON this past year), but avoiding OEMs is only a desktop thing and hardly anyone besides a few gamer dinosaur holdouts uses a desktop at this point. Computing is mobile and highly integrated which means buyers can pick from a variety of OEMs, but can't DIY their stuff.
Click to expand...

Only mobile computing is mobile. You're confusing the two things.

Perhaps when my mobile device will create a hologram or tap into my brain for a perfect interface I'll consider switching. But no sooner.
 
ocellaris said:
Because people want to use OSes in a VM for primary desktop use, right? And because average computer users are certainly pros at VirtualBox as well, right?
Click to expand...

VMWare is much easier for a beginner to get Ubuntu going then trying to deal with re-partitioning a Windows boot disk and dealing with a true dual booting system. But hey lets just get mad for no reason because it's so cool to be anti-MS in 2015.
 
If Microsoft can be successfully sued for BS like including IE with Windows when users could still download another browser just fine, they should also be sued successfully for this REAL anti-trust BS.
 
B00nie said:
Only mobile computing is mobile. You're confusing the two things.

Perhaps when my mobile device will create a hologram or tap into my brain for a perfect interface I'll consider switching. But no sooner.
Click to expand...

I'm not even sure what you're saying, but no one is demanding that you do anything a certain way. I'm just pointing out that most computers sold are laptops, tablets, or phones (if you count those....since they have the same basic hardware - CPU, RAM, storage and perform the same roles - communications and entertainment it seems reasonable to count them) there are a lot more computing devices that can move with a person than without and none of those are a build-it-yourself thing-y which means you get OEM stuff, like it or not. You might be one of the few, dying breed that use a desktop and among the even fewer of those that puts one together from parts, but that's not at all commonplace. It never really was anyway since the totality of sales has always favored OEMs versus DIY types, but the scale has tipped even further toward OEM dominance over time. It's the world we live in.

Anyhow, I'll get off your lawn now. :D
 
You must log in or register to reply here.
Back
Top