Linux’s worst-case scenario: Windows 10 makes Secure Boot mandatory, locking out other operating sys



  • I believe with this move by Microsoft, the Linux Foundation has to provide incentives to make new/used native Linux hardware-Laptops/Desktops easily available. Setup an incentive program with System Builders with zero-cost Linux operating systems upgrades. I might be wrong but since GNU/Linux is 30 years and most computer users have never even heard of Linux. This is an identity marketing crisis in my opinion. Linux home-use should have increased in popularity over the years. Please provide your opinions & comments Linux’s worst-case scenario: Windows 10 makes Secure Boot mandatory, locks out other operating systems | ExtremeTech http://www.extremetech.com/extreme/201722-linuxs-worst-case-scenario-microsoft-makes-secure-boot-mandatory-locks-out-other-operating-systems Thanks Rocky-IV


  • Moderator

    "This is an identity marketing crisis in my opinion. Linux home-use should have increased in popularity over the years."

    It absolutely would have if the OS were more user-friendly and the Linux community were less insular and snobbish. Then there's that whole forking and fragmentation thing, where there are approximately one thousand, two hundred and eighty-six flavors of Linux. And Console? Don't get me started. Console-style operation has not been a common skill set since the days of DOS.

    That said, new machines pre-loaded with Linux have been and are being offered. But without a single, coordinated, large-scale effort behind a single, VERY user-friendly, idiot-proof flavor of linux to offer, how is an effort like this going to gain traction? Users want to just be able to turn on a machine, have it work, and have it look and act the same at the other machine they used at work, and the one they used yesterday, and the one they borrow occasionally when visiting Joe down the street.



  • @Ayespy:

    Users want to just be able to turn on a machine, have it work, and have it look and act the same at the other machine they used at work, and the one they used yesterday, and the one they borrow occasionally when visiting Joe down the street.

    Well, Linux Mint does just that. It probably looks and acts more like the machine at work than Windows 8 does.


  • Moderator

    @Terryphi:

    @Ayespy:

    Users want to just be able to turn on a machine, have it work, and have it look and act the same at the other machine they used at work, and the one they used yesterday, and the one they borrow occasionally when visiting Joe down the street.

    Well, Linux Mint does just that. It probably looks and acts more like the machine at work than Windows 8 does.

    Prolly not quite. If anyone sat at my Win8.1 machine, they'd swear it was Win7. A single app did this - but let's assume for the sake of argument that any windows users would be at home in Mint. I'm fairly at home in Lubuntu, which not a far cry from Mint (tho a ton lighter), but then again I'm a bit of a geek. But it's not out of the question.

    If all of the horsepower which is dispersed around the globe forking, and branching, and fragmenting Linux were to unite behind Mint, and if there were some sort of leader for this community that they all looked up to and were willing to support, then this leader could create a team who could span the globe offering free OSes to manufacturers, and promising to stand behind, support, and develop said OSes apace, and you'd put MS out of business. (It wouldn't be that hard to draw customers. One time I ALMOST bought a tower-only machine with very powerful hardware and Linux from Red Hat on it from COSTCO, but then I remembered all the software I owned that would only run on Windoze, and all the law offices I had to deal with whose files and documents were in Windoze formats, and I picked up this Win8 tower at a staggering discount from WOOT instead.)

    But as long as the Linux community is so fragmented and insular, then as it is, so shall it always be.



  • The OEM (original equipment manufacturers) by agreeing to such a thing would render all their products Micorsoft only appliances so, it will be interesting to see what happens. Assembling a desktop computer from a bare-bones kit and installing a chosen operating system is not extremely difficult , but trying to find a laptop or other device with no installed operating system is . Fortunately there is some choice when it comes phones and other hand held devices.



  • Maybe I am missing something but it doesn't appear to be a big issue. My linux setup runs just fine on my laptop with UEFI and secure boot enabled. It requires some more fiddling while setting it up, but it's not a big issue.



  • "Linux home-use should have increased in popularity over the years." - Android…

    "a single, coordinated, large-scale effort behind a single, VERY user-friendly, idiot-proof flavor of linux" - Android...

    "if there were some sort of leader for this community that they all looked up to and were willing to support, then this leader could create a team who could span the globe offering free OSes to manufacturers" - well (apart from Google and Android, of course ;) ) Ubuntu has been close to this position for some years now as far as "normal" users are concerned. The problem is possibly the commercial flavours of Linux, ironically, since RedHat, SuSE etc. could really make an impact by bringing a lot of business users to the table - but they would also make themselves defunct if they got behind another distribution.



  • Now if someone could just move this to the right forum - it isn't about Vivaldi.

    Oh, and Distrowatch.com says they only know of 796 distros, though over half of those have been discontinued. (Well, technically they know of another 281 that have yet to release a stable version which they don't count.)


  • Moderator

    Android. Well, if you're gonna go there, don't forget the linux-kernal-based Chrome OS which, by way of Chrome Books, is making real inroads in consumer markets. Of course Google's obsession with running everything in the cloud and using their hardware as a thin client rather than an actual personal computer denies users many of the benefits of being on a Linux-based platform, but what the hey - here's Linux being "widely adopted."



  • I can't stand chrome - it seem that every time I log onto a chrome based program, the password has to be reset, or something else does not work. I have , had occasions where I had to get a new password, copied it to a file, and then used paste (avoided my typing errors) but still got a " bad password or user name" error. I researched the problem one time rather than go through the change password drill, and found that the password 3 versions back was expected. Problem happens on both my tablet and computers.



  • I think the more likely scenario is that some computer manufacturers will stop providing the option to disable secure boot, and it'll be a pain to find out which models from which brands allow disabling. Or, disabling it will become something only available on high-end models (e.g. Dell's $1000+ XPS developer edition laptop). I still have several Win 7/Linux dual boot computers, but when they stop working, if dual booting and alt operating systems are impossible on new Win 10 computers (esp. laptops), I may try Zareason (don't care for Ubuntu, so no System76), have Linux Mint installed (my favorite of the mainstream distros), and put Windows 10 in a VM for work stuff.



  • How will it lock out other operating systems if you have the other system on a different drive which you can boot into? Although I am triple booting in software right now, I have also done it manually by merely unplugging the power from the whichever drive(s) i don't need. I am using ESata boot drives sitting next to the monitors, so that is very simple.



  • @whturner:

    How will it lock out other operating systems if you have the other system on a different drive which you can boot into? Although I am triple booting in software right now, I have also done it manually by merely unplugging the power from the whichever drive(s) i don't need. I am using ESata boot drives sitting next to the monitors, so that is very simple.

    See the linked article.

    If I understand (and can paraphrase) it correctly, the system firmware will be configured with a list of signed, acceptable keys and only verified OS loaders will be allowed to boot. The necessary keys may or may not be available for your alternative OS.

    If the manufacturer opts to ship a machine without the (previously, but no longer mandated) option to disable Secure Boot and your alternative OS bootloader isn’t signed with an appropriate key, UEFI will refuse to boot the OS.



  • Please check Softpedia for the REAL NUMBER of LINUX DISTROS. >> Softpedia > Linux > Linux Distributions(2,170 items) <<
    http://linux.softpedia.com/get/Linux-Distributions/

    With over 2,000 Linux Distributions theres a slight bit of bloat!



  • On the topic … UEFI is generally a good idea, as it would prevent viruses from loading at boot. The problem being, your version of Linux would require a signed loader - and guess who gets to issue the signing keys? Microsoft.



  • Wow - what a power grab!
    However, from your understanding and the link you furnished (thank you), It looks like if you stay within the MS family you should not encounter any issues (unless MS decides to abandon one of its operating systems by use of the key rather than removal of support). So such setups as my dual boot WinXP\Win2k (and maybe DOS) so setup would not be affected, unless I tried to install on a new computer. The UEFI more or less replaces the "activation" process.
    I do not grasp exactly how that helps security once on-line since clever hackers still have access to the computer. It looks more directed at piracy than viruses.
    Anyway, You have upgraded my understanding from vague to puzzled!
    Thank you.



  • There is a general rule that is true in the IT world, but also outside.

    Every time the security is mentioned, there is a real need, but there is also someone who has HIGH interest to get more control in his hands.

    No matter if is "somenone" is a SW house, a nation, one intelligence service or whatever.

    I believe the post 11/9 enforced security and the recent A320 accident are perfect examples of why (officially) the security is increased, and about HOW a stupid security enforcement can be dangerous like the danger it supposed to prevent.

    Locked bootloaders can be good things only if coupled with a norm that enforces a way to disable them.



  • It is universal. There can be a plan, policy, intention or whatever, but execution is all that eventually counts.
    Ross Perot made " the devil is in the details" his mantra while running for president.
    Well Said!



  • With Windows 8 being such a monstrosity I have had some success getting relatives moved onto Mint. For my relatives they, with the exception of gaming and MS Office, do not really buy any software. If they can get email, internet and documents* working they're happy - and with repositories installing software is much easier on Mint than on Windows 8. Despite being Linux luddites, they consider Mint to be easier to use than Windows 8.

    As encouraging as a story like this sounds, the truth is that none of my relatives had a hope in hell of ever succeeding in installing Mint themselves. You could possibly make the argument that pre-UEFI systems have gotten to stage where it is possible for a luddite to set up a dual boot, but post-UEFI and post-secure-boot such an easy install procedure is pipe-dream.

    I don't find it surprising that MS would try to strong-arm manufacturers into making the install more difficult, because right now distros like Mint, Elementary, etc., are arguably easier-to-use than Windows 8.

    *Abiword + Gnumeric + WPS Office does the job nicely



  • @whturner:

    So such setups as my dual boot WinXP\Win2k (and maybe DOS) so setup would not be affected, unless I tried to install on a new computer.

    As I understand it, nothing will (or even can) change on existing hardware that you already own.

    As for similar flexibility with future hardware that has yet to be manufactured, maybe/maybe not, as those older MS Windows OS-loaders probably won't be issued one of the necessary signed, acceptable keys. So if the manufacturer elects to not provide an option to disable Secure Boot, you would only be able to use OSs with acceptable keys on that newer hardware. (I don't know enough about UEFI and OS-loaders to know if hackers will be able to patch an older or non-MS OS-loader to include one of the necessary keys, but if so, I'm guessing it won't be a trivial task.)

    The UEFI more or less replaces the "activation" process.

    I'm not sure that Secure Boot would replace or have anything to do with "activation", as that seems to have more to do with establishing that you in fact own the license being used to install Windows, and are installing it only on a licensed number of machines.

    I do not grasp exactly how that helps security once on-line since clever hackers still have access to the computer. It looks more directed at piracy than viruses.

    Again, beyond my expertise, but whether it makes piracy more difficult or not, Secure Boot with a "verified" OS-loader, by definition, is intended to protect from types of malware typically loaded before the OS boot process has begun. Obviously such malware could be (and most likely would be) designed to compromise online security once the boot process is complete (i.e., it may be the very way clever hackers gain access to the computer).

    Another way it might help online security (assuming "verified" OS-loader also implies "genuine" Windows, which I suppose could be a faulty assumption) is that "genuine" Windows, fully patched with current updates, provides a "known" current maximum level of online security (most of the worst online exploits, after all, exploit vulnerabilities in the OS or installed applications), in contrast with the unknown and potentially more vulnerable level of online security of an unverified OS.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.