Secure Boot (was Sparrow OS)
Secure Boot (was Sparrow OS)
What do you guys know about Win8 and secure boot? Are we all going to be running out of virtual machines?
Re: Secure Boot (was Sparrow OS)
I don't see why it couldn't be possible to just install Linux in a partition, then Windows in another, and leave the boot of that disk unaltered.
Then use GRUB from a CD/DVD or flash drive to boot up that Linux.
In fact it would seem more comfortable to me in most situations because that means that I would not need to alter the machine that much (and I would learn to boot Linux, or another system, from another media).
And it looks like there is Ubuntu (and the "older" Topologilinux 7) running under Windows itself, using (if I understand correctly) the paravirtualization of coLinux:
Wubi (Ubuntu installer)
There are several others too.
I personally still use DOS and Win9x, and in my main machine Windows XP SP3, 32-bit (to run and learn from 16-bit demos like those in Programmer's Heaven).
I would like to see what the secure boot is exactly about, but I don't see myself using Windows 7/8 (specially 64-bit versions) formally, but instead bare-metal machines, Linux, Windows XP, coLinux distros under Windows and emulators (even very simple ones written by myself eventually, so I can do and learn whatever I want and can afford to understand, including OS development projects).
See also this:
http://www.colinux.org/
http://en.wikipedia.org/wiki/Colinux
http://en.wikipedia.org/wiki/Paravirtualization
Then use GRUB from a CD/DVD or flash drive to boot up that Linux.
In fact it would seem more comfortable to me in most situations because that means that I would not need to alter the machine that much (and I would learn to boot Linux, or another system, from another media).
And it looks like there is Ubuntu (and the "older" Topologilinux 7) running under Windows itself, using (if I understand correctly) the paravirtualization of coLinux:
Wubi (Ubuntu installer)
There are several others too.
I personally still use DOS and Win9x, and in my main machine Windows XP SP3, 32-bit (to run and learn from 16-bit demos like those in Programmer's Heaven).
I would like to see what the secure boot is exactly about, but I don't see myself using Windows 7/8 (specially 64-bit versions) formally, but instead bare-metal machines, Linux, Windows XP, coLinux distros under Windows and emulators (even very simple ones written by myself eventually, so I can do and learn whatever I want and can afford to understand, including OS development projects).
See also this:
http://www.colinux.org/
http://en.wikipedia.org/wiki/Colinux
http://en.wikipedia.org/wiki/Paravirtualization
YouTube:
http://youtube.com/@AltComp126
My x86 emulator/kernel project and software tools/documentation:
http://master.dl.sourceforge.net/projec ... ip?viasf=1
http://youtube.com/@AltComp126
My x86 emulator/kernel project and software tools/documentation:
http://master.dl.sourceforge.net/projec ... ip?viasf=1
Re: Secure Boot (was Sparrow OS)
Hi,
The end result is that to install a different OSs the user will simply need to disable secure boot; which makes it a little more complicated for people that don't know what they're doing to install a different OS (unless that alternative OS also supports secure boot).
Of course this only applies to 80x86, where the hardware and the software are designed as separate products.
For ARM systems (smartphones, tablets, etc) where the computer and the software are typically designed and sold as a single product, I don't think you'll be able to disable secure boot on ARM systems designed for Windows, and I don't think UEFI or secure boot will exist on ARM systems that aren't designed for Windows.
If an alternative OS supports secure boot (either with it's own support, or by relying on some sort of common boot loader that supports secure boot) then; if the alternative OS uses Microsoft's key (which is what Debain and probably Ubuntu are doing) then the OS can be installed without disabling secure boot or finding a way to add a new key; and if the alternative OS uses a different key then it's likely that the hardware won't recognise the key and that end users will need to use some sort of utility to add the key before installing the OS. Of course this also only applies to 80x86. For ARM systems designed for Windows, I doubt there will be any way to install an alternative OS regardless of whether the alternative OS supports secure boot (and uses Microsoft's key) or not.
Cheers,
Brendan
As far as I know; Windows 8 is capable of using UEFI secure boot and capable of booting on systems without secure boot; and Microsoft's "Windows 8 compatibility" logo program requires hardware to support it and ship with secure boot enabled. Microsoft has also asked hardware manufacturers to provide a way to disable secure boot (for alternative OSs like ours, and older OSs like Windows 7). Firmware tends to be "cut and pasted" from one machine to the next with minimal changes, so it's very likely that "secure boot that can be disabled" will become a de-facto standard in future.SparrowOS wrote:What do you guys know about Win8 and secure boot? Are we all going to be running out of virtual machines?
The end result is that to install a different OSs the user will simply need to disable secure boot; which makes it a little more complicated for people that don't know what they're doing to install a different OS (unless that alternative OS also supports secure boot).
Of course this only applies to 80x86, where the hardware and the software are designed as separate products.
For ARM systems (smartphones, tablets, etc) where the computer and the software are typically designed and sold as a single product, I don't think you'll be able to disable secure boot on ARM systems designed for Windows, and I don't think UEFI or secure boot will exist on ARM systems that aren't designed for Windows.
If an alternative OS supports secure boot (either with it's own support, or by relying on some sort of common boot loader that supports secure boot) then; if the alternative OS uses Microsoft's key (which is what Debain and probably Ubuntu are doing) then the OS can be installed without disabling secure boot or finding a way to add a new key; and if the alternative OS uses a different key then it's likely that the hardware won't recognise the key and that end users will need to use some sort of utility to add the key before installing the OS. Of course this also only applies to 80x86. For ARM systems designed for Windows, I doubt there will be any way to install an alternative OS regardless of whether the alternative OS supports secure boot (and uses Microsoft's key) or not.
Cheers,
Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Re: Secure Boot (was Sparrow OS)
Intel and Microsoft have conspired so Win8 only works on machines which ban other operating systems. They issue codes. All of you guys will need to get a code from Microsoft and with a nondisclosure agreement put that code in code.
http://arstechnica.com/information-tech ... conundrum/
Brendan loves secure boot, isn't that right stoolie?
http://arstechnica.com/information-tech ... conundrum/
Brendan loves secure boot, isn't that right stoolie?
Re: Secure Boot (was Sparrow OS)
Hi,
Cheers,
Brendan
For UEFI systems with secure boot; the version of GRUB on the CD will need to be signed with a key that is recognised by the firmware or the CD won't boot.~ wrote:I don't see why it couldn't be possible to just install Linux in a partition, then Windows in another, and leave the boot of that disk unaltered.
Then use GRUB from a CD/DVD or flash drive to boot up that Linux.
The basic idea of secure boot is to prevent malicious code (e.g. a virus) from tampering with an OS's boot code (and UEFI applications, UEFI drivers, etc). For an example, without secure boot, a virus could replace an OS's boot loader with a root kit that starts the real OS's boot loader (and for modern 80x86 machines, the root kit could use virtualisation and run the OS inside the virtual machine, which can make the root kit impossible to detect or remove).~ wrote:I would like to see what the secure boot is exactly about, but I don't see myself using Windows 7/8 (specially 64-bit versions) formally, but instead bare-metal machines, Linux, Windows XP, coLinux distros under Windows and emulators (even very simple ones written by myself eventually, so I can do and learn whatever I want and can afford to understand, including OS development projects).
Cheers,
Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
- Griwes
- Member
- Posts: 374
- Joined: Sat Jul 30, 2011 10:07 am
- Libera.chat IRC: Griwes
- Location: Wrocław/Racibórz, Poland
- Contact:
Re: Secure Boot (was Sparrow OS)
The way I see it is that when you install Windows when Secure Boot (SB) enabled (and that's the case with preinstalled Win8), then it will refuse to boot with SB disabled; but, if you install it with SB disabled, it will have no problems with booting with SB disabled.
I emphasize the part "the way I see it" - I have no SB machine, so I'm not capable of testing that assumption, but if I'm right, then SB is nothing more than little, not really important obstacle when installing other OSes, as I tend to purge the preinstalled version of Windows on every new computer I get anyway, to get rid of manufacturer's crap preinstalled with it.
I emphasize the part "the way I see it" - I have no SB machine, so I'm not capable of testing that assumption, but if I'm right, then SB is nothing more than little, not really important obstacle when installing other OSes, as I tend to purge the preinstalled version of Windows on every new computer I get anyway, to get rid of manufacturer's crap preinstalled with it.
Last edited by Griwes on Thu Nov 15, 2012 7:23 am, edited 1 time in total.
Reaver Project :: Repository :: Ohloh project page
<klange> This is a horror story about what happens when you need a hammer and all you have is the skulls of the damned.
<drake1> as long as the lock is read and modified by atomic operations
<klange> This is a horror story about what happens when you need a hammer and all you have is the skulls of the damned.
<drake1> as long as the lock is read and modified by atomic operations
Re: Secure Boot (was Sparrow OS)
http://mjg59.dreamwidth.org/20187.html
Secure boot has one purpose -- kill other operating systems. You are with the enemy.
Secure boot has one purpose -- kill other operating systems. You are with the enemy.
Re: Secure Boot (was Sparrow OS)
Hi,
The problem with secure boot isn't secure boot itself. The problem with secure boot is how hardware/firmware manufacturers decide to implement it. For example, if the firmware sees a boot loader that has a key it doesn't recognise, then firmware could ask the user if they want to add the new key to the firmware's list and continue booting if the user gives permission (or cancel booting if the user suspects something is wrong).
Cheers,
Brendan
I expect that it'll just be a simple enable/disable option in the firmware configuration screen.Griwes wrote:The way I see it is that when you install Windows when Secure Boot (SB) enabled (and that's the case with preinstalled Win8), then it will refuse to boot with SB disabled; but, if you install it with SB disabled, it will have no problems with booting with SB disabled.
I emphasize the part "the way I see it" - I have no SB machine, so I'm not capable of testing that assumption, but if I'm right, then SB is nothing more than little, not really important obstacle when installing other OSes, as I tend to purge the preinstalled version of Windows on every new computer I get anyway, to get rid of manufacturer's crap preinstalled with it.
Thanks for that link - it's a good example of "relying on some sort of common boot loader that supports secure boot".SparrowOS wrote:http://arstechnica.com/information-tech ... conundrum/
Without secure boot (or something like it), UEFI is as secure as a wet paper bag - anyone can do anything to anything without any restriction. This is bad for obvious reasons. Secure boot fixes that.SparrowOS wrote:Brendan loves secure boot, isn't that right stoolie?
The problem with secure boot isn't secure boot itself. The problem with secure boot is how hardware/firmware manufacturers decide to implement it. For example, if the firmware sees a boot loader that has a key it doesn't recognise, then firmware could ask the user if they want to add the new key to the firmware's list and continue booting if the user gives permission (or cancel booting if the user suspects something is wrong).
Cheers,
Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Re: Secure Boot (was Sparrow OS)
Get used to this. I bought my last PC a few days ago, while Win7 is still available.
http://www.lemon64.com/
This website will be just as pathetic. Why are you so happy about Win8 Brendan?
I wrote a CD-ROM boot-loader and a HD boot-loader. UEFI has elf. I made my own compiler with my own binary format.
http://www.lemon64.com/
This website will be just as pathetic. Why are you so happy about Win8 Brendan?
I wrote a CD-ROM boot-loader and a HD boot-loader. UEFI has elf. I made my own compiler with my own binary format.
Last edited by SparrowOS on Thu Nov 15, 2012 7:53 am, edited 1 time in total.
- Griwes
- Member
- Posts: 374
- Joined: Sat Jul 30, 2011 10:07 am
- Libera.chat IRC: Griwes
- Location: Wrocław/Racibórz, Poland
- Contact:
Re: Secure Boot (was Sparrow OS)
Well, I just remember that either someone told me so, or I read that somewhere, that "Windows 8 will fail to boot with SB disabled, as long as it was installed with it *enabled*", but I cannot remember who/where that was.Brendan wrote:I expect that it'll just be a simple enable/disable option in the firmware configuration screen.Griwes wrote:The way I see it is that when you install Windows when Secure Boot (SB) enabled (and that's the case with preinstalled Win8), then it will refuse to boot with SB disabled; but, if you install it with SB disabled, it will have no problems with booting with SB disabled.
I emphasize the part "the way I see it" - I have no SB machine, so I'm not capable of testing that assumption, but if I'm right, then SB is nothing more than little, not really important obstacle when installing other OSes, as I tend to purge the preinstalled version of Windows on every new computer I get anyway, to get rid of manufacturer's crap preinstalled with it.
Reaver Project :: Repository :: Ohloh project page
<klange> This is a horror story about what happens when you need a hammer and all you have is the skulls of the damned.
<drake1> as long as the lock is read and modified by atomic operations
<klange> This is a horror story about what happens when you need a hammer and all you have is the skulls of the damned.
<drake1> as long as the lock is read and modified by atomic operations
Re: Secure Boot (was Sparrow OS)
Hi,
You're probably right. E.g. if Windows was installed with SB enabled, then the user can disable SB and install/boot another OS, but would have to enable SB again before booting Windows again.
Cheers,
Brendan
I think I misread your previous post - "when you install Windows when Secure Boot (SB) enabled, then it (UEFI) will refuse to boot with SB disabled" rather than "when you install Windows when Secure Boot (SB) enabled, then it (Windows) will refuse to boot with SB disabled".Griwes wrote:Well, I just remember that either someone told me so, or I read that somewhere, that "Windows 8 will fail to boot with SB disabled, as long as it was installed with it *enabled*", but I cannot remember who/where that was.Brendan wrote:I expect that it'll just be a simple enable/disable option in the firmware configuration screen.Griwes wrote:The way I see it is that when you install Windows when Secure Boot (SB) enabled (and that's the case with preinstalled Win8), then it will refuse to boot with SB disabled; but, if you install it with SB disabled, it will have no problems with booting with SB disabled.
I emphasize the part "the way I see it" - I have no SB machine, so I'm not capable of testing that assumption, but if I'm right, then SB is nothing more than little, not really important obstacle when installing other OSes, as I tend to purge the preinstalled version of Windows on every new computer I get anyway, to get rid of manufacturer's crap preinstalled with it.
You're probably right. E.g. if Windows was installed with SB enabled, then the user can disable SB and install/boot another OS, but would have to enable SB again before booting Windows again.
Cheers,
Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Re: Secure Boot (was Sparrow OS)
Do you guys want to file a class action anti-monopoly suit?
Re: Secure Boot (was Sparrow OS)
Hi,
For 80x86, you'd have to show that Microsoft themselves have used their monopoly to prevent competition. Please note that Microsoft can show that they have helped other OSs support secure boot (e.g. by providing a service that allows Linux/Debain/Redhat to use Microsoft's digital signature) and have requested that hardware manufacturers make sure secure boot can be disabled (so that other OSs that don't support secure boot aren't locked out).
Basically; you'd have to prove that Microsoft (who don't make 80x86 hardware or firmware themselves) have coerced 80x86 hardware manufacturer/s into preventing competing OSs from working. This would include proving that any hardware manufacturers that have prevented other competing OSs from working didn't do it voluntarily.
Cheers,
Brendan
For ARM systems, Microsoft doesn't have a monopoly and can therefore do anything.SparrowOS wrote:Do you guys want to file a class action anti-monopoly suit?
For 80x86, you'd have to show that Microsoft themselves have used their monopoly to prevent competition. Please note that Microsoft can show that they have helped other OSs support secure boot (e.g. by providing a service that allows Linux/Debain/Redhat to use Microsoft's digital signature) and have requested that hardware manufacturers make sure secure boot can be disabled (so that other OSs that don't support secure boot aren't locked out).
Basically; you'd have to prove that Microsoft (who don't make 80x86 hardware or firmware themselves) have coerced 80x86 hardware manufacturer/s into preventing competing OSs from working. This would include proving that any hardware manufacturers that have prevented other competing OSs from working didn't do it voluntarily.
Cheers,
Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Re: Secure Boot (was Sparrow OS)
Hi,
For secure boot, I'm justifiably sceptical. I would like to use it to ensure that my own OS is secure, partly because I don't trust Windows (for example, without secure boot a virus running on Windows could infect my OS's boot code). Unfortunately I don't know how hardware/firmware manufacturers will implement secure boot and therefore don't know if supporting it will be easy or if it'll be a massive nightmare. I suspect it will be a pain in the neck, but if OS development was easy it would bore me and I'd probably start writing OpenGL games instead.
Cheers,
Brendan
I'm happy about the new "Metro" user interface in Windows8, because I don't think desktop/laptop users will like it and these people will be more likely to try alternative OSs. I'm also happy about the new "Windows Store" because some people won't like that either. In addition, I'm happy about the confusion that "Windows RT" (Windows 8 for ARM) is going to cause, because when people realise they can't run normal/existing (80x86) Windows software on ARM they're going to start wondering why they chose (a version of) Windows in the first place.SparrowOS wrote:Why are you so happy about Win8 Brendan?
For secure boot, I'm justifiably sceptical. I would like to use it to ensure that my own OS is secure, partly because I don't trust Windows (for example, without secure boot a virus running on Windows could infect my OS's boot code). Unfortunately I don't know how hardware/firmware manufacturers will implement secure boot and therefore don't know if supporting it will be easy or if it'll be a massive nightmare. I suspect it will be a pain in the neck, but if OS development was easy it would bore me and I'd probably start writing OpenGL games instead.
Cheers,
Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Re: Secure Boot (was Sparrow OS)
Sue Microsoft? come on, that's crazy talk. Law is their core business.