Main Area and Open Discussion > Living Room

No way out? SecureBoot's latest wrinkle for non-Windows users.

(1/3) > >>

40hz:
Matthew Garrett's blog recently posed an interesting new concern (emphasis added) regarding Secure Boot (Link here.):

Secure Boot isn't the only problem facing Linux on Windows 8 hardware
May. 28th, 2013 05:20 pm
mjg59

There's now no shortage of Linux distributions that support Secure Boot out of the box, so that's a mostly solved problem. But even if your distribution supports it entirely you still need to boot your install media in the first place.

Hardware initialisation is a slightly odd thing. There's no specification that describes the state ancillary hardware has to be in after firmware→OS handover, so the OS effectively has to reinitialise it again. This means that certain bits of hardware end up being initialised twice, and that's slow in some cases. The most obvious is probably USB, which has various timeouts as you wait for hardware to settle. Full USB support in the firmware probably adds a couple of seconds to boot time, and it's arguably wasted because the OS then has to do the same thing (but, thankfully, can at least do other things at the same time). So, looking for USB boot media takes time, and since the overwhelmingly common case is that users don't want to boot off USB, it's time that's almost always wasted.

One of the requirements for Windows 8 certified hardware is that it must complete firmware initialisation within a specific amount of time, something that Microsoft refer to as "Fast Boot". Meeting these requirements effectively makes it impossible to initialise USB, and it's likely that certain other things will also be skipped. If you've got a USB keyboard then this obviously means that your keyboard won't work until the OS starts, but even i8042 setup takes time and so some laptops with traditional PS/2-style keyboards may not set it up. That means the system will ignore the keyboard no matter how much you hammer it at boot, and the firmware will boot whichever OS it finds.

For a newly purchased device, that's going to be Windows 8. It's not too much of a problem with a fully installed Windows 8, since you can hold down shift while clicking the reboot icon and get a menu that lets you reboot into the firmware menu. Windows sets a flag in a UEFI variable and reboots the system, the firmware sees that flag and does full hardware initialisation and then drops you into the setup environment. It takes slightly longer to get into the firmware, but that's countered by the time you save every time you don't want to get into the firmware on boot.

So what's the problem? Well, the Windows 8 setup environment doesn't offer that reboot icon. Turn on a brand new Windows 8 system and you have two choices - agree to the Windows 8 license, or power the machine off. The only way to get into the firmware menu is to either agree to the Windows 8 license or to disassemble the machine enough that you can unplug the hard drive[1] and force the system to fall back to offering the boot menu.

I understand the commercial considerations that result in it ranging from being difficult to impossible to buy new hardware without Windows pre-installed, but up until now it was still straightforward to install an alternative OS without agreeing to the Windows license. Now, installing alternative operating systems on many new systems will require you to give up certain rights even if you want nothing other than to reach the system firmware menu.

I'm firmly of the opinion that there are benefits to Secure Boot. I'm also in favour of setups like Fast Boot. But I don't believe that anyone should be forced to agree to a EULA purely in order to be able to boot their own choice of OS on a system that they've already purchased.

[1] Which is a significant and probably warranty-voiding exercise on many systems, and that's assuming that it's not an SSD soldered to the motherboard…


--- End quote ---

Apparently this will also eliminate the right to request a refund for any unused and unwanted copies of Windows that come pre-installed on most PCs. Because the catch always used to be you couldn't agree to the EULA or start the setup if you were going to ask for a credit. You had to  install an alternate OS before you ever booted into Windows at all to qualify.

UEFI/Secure Boot apologists can rationalize this to their heart's content. This is still Microsoft we're talking about. Which means the nonsense is never going to stop until Redmond, like the petulant child it is, gets its own way.
 :-\

TaoPhoenix:
Yeah, that's the strange thing about MS these days - they flip flop between their new baffling decisions (like much of what went into Windows 8 and the Metro meme at all), and stuff like this which harks back to their old style sneakiness.

Tinman57:
  And one of the biggest reasons why I'm going to Penguin-land.  I've had it with MS's BS.  I will keep XP as a secondary boot just for all my software and games.....

40hz:
And one of the biggest reasons why I'm going to Penguin-land.  I've had it with MS's BS.
-Tinman57 (May 29, 2013, 08:13 PM)
--- End quote ---

Which Microsoft has anticipated and is now trying to proactively make as difficult as possible going forward.
 :-\

f0dder:
Which Microsoft has anticipated and is now trying to proactively make as difficult as possible going forward.
 :-\-40hz (May 29, 2013, 08:38 PM)
--- End quote ---
Hm, "fast boot" being done deliberately to foil entering the firmware? That sounds a bit too tinfoil-hatty.

i8042 setup takes very, very, very, very, very, very, very little time. But if the built-in mouse/keyboard is really USB HID devices emulating i8042, the story is different.

Navigation

[0] Message Index

[#] Next page