Main Area and Open Discussion > Living Room

Fedora/Microsoft - Embrace, Extend, Assimiliate

(1/5) > >>

40hz:
One more reason I continue to look forward to the day when I'll never have to look at a PC (any PC) again.

Red Hat users pay up to run Fedora on Windows 8 machines
To bypass Windows 8 Secure Boot, Fedora users would need to go through Microsoft signing service and pay $99
By Ted Samson | InfoWorld

Red Hat users face service fee to run Fedora on Windows 8 machines

Users seeking to run Red Hat Fedora on a Windows 8-certified computer may be forced to shell out $99 to bypass Microsoft's new UEFI Secure Boot feature, according to Red Hat Linux developer Matthew Garrett. That, he said, is the best compromise the company could devise to ensure users could easily load Fedora on new PCs without giving itself an unfair edge over less-influential Linux vendors.

Red Hat's plans, as outlined in Garrett's personal blog, have generated considerable ire from members of the Linux community. In response to Garrett's post, critics have accused Red Hat of "selling out" to Microsoft in forcing users to pay to access the company's signing service if they want to run Fedora.

Article link here.


--- End quote ---

What Matt Garrett over at RedHat had to say (link):

Getting the machine booted

Most hardware you'll be able to buy towards the end of the year will be Windows 8 certified. That means that it'll be carrying a set of secure boot keys, and if it comes with Windows 8 pre-installed then secure boot will be enabled by default. This set of keys isn't absolutely fixed and will probably vary between manufacturers, but anything with a Windows logo will carry the Microsoft key[1].

We explored the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it, but turned it down for a couple of reasons. First, while we had a surprisingly positive response from the vendors, there was no realistic chance that we could get all of them to carry it. That would mean going back to the bad old days of scouring compatibility lists before buying hardware, and that's fundamentally user-hostile. Secondly, it would put Fedora in a privileged position. As one of the larger distributions, we have more opportunity to talk to hardware manufacturers than most distributions do. Systems with a Fedora key would boot Fedora fine, but would they boot Mandriva? Arch? Mint? Mepis? Adopting a distribution-specific key and encouraging hardware companies to adopt it would have been hostile to other distributions. We want to compete on merit, not because we have better links to OEMs.

An alternative was producing some sort of overall Linux key. It turns out that this is also difficult, since it would mean finding an entity who was willing to take responsibility for managing signing or key distribution. That means having the ability to keep the root key absolutely secure and perform adequate validation of people asking for signing. That's expensive. Like millions of dollars expensive. It would also take a lot of time to set up, and that's not really time we had. And, finally, nobody was jumping at the opportunity to volunteer. So no generic Linux key.

The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access edit: The $99 goes to Verisign, not Microsoft - further edit: once paid you can sign as many binaries as you want), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key...


--- End quote ---


 >:(

mahesh2k:
Bootkeys are surely going to create problem over time. It is similar to apple boxes but in more indirect fashion. On the other hand apple is opening up for dual boot possibilities. hmm..

Stoic Joker:
I'm guessing this will end up being one of those "inspired" (pissed off) too many of the wrong people stories that ends up with the TPM chips/boot keys being cracked. Granted it might require a soldering iron ... But it'll happen.

mahesh2k:
Soldering? lol.

wraith808:
I'm going to regret this, I'm sure...

It's a payment to Verisign for the vendor to be able to sign the binaries, right?  Sort of like with SSL?  Or am I misunderstanding something?

If I'm not, so Fedora pays Verisign, and signs their binaries- where does the user come into this?

I understand from the point that people compile their own kernels and such so this is problematic in terms of running your own compiled version of Linux on your own machine which seems bad- but the article says something about "Red Hat users face service fee to run Fedora on Windows 8 machines", but that doesn't seem it at all... or am I misunderstanding?

Navigation

[0] Message Index

[#] Next page