This whole UEFI secure boot thing is a deliberate attempt to lock out competing third party OSs. I'm surprised there haven't been antitrust inquiries in the US or EU about it.
UEFI Secure Boot. Not UEFI. Two very different things; it's a shame they're conflated so frequently. One is a sane way to bootstrap a system, the other is a lockdown mechanism.
Microsoft currently requires non-ARM PCs supporting Secure Boot to have a user-accessible option to disable Secure Boot in order to obtain logo certification. Even if you leave it enabled, there are several options to boot a non-Windows OS: http://www.rodsbooks.com/efi-bootloaders/secureboot.html
UEFI secure boot is not required to run Windows 8.
It is required to slap a Windows 8 logo on a new machine.
That is a decision made by hardware vendors, not Microsoft. Since it is hard to imagine a serious advertising campaign based around a competitor's lack of such logos, such decisions reflect the desktop Linux market.
I suspect that hardware vendors are happy to make desktop Linux harder to install because I vividly imagine indignant support calls from novice Linux installers adopting FOSS as an ideology.
" such decisions reflect the desktop Linux market."
Agreed. Such decisions reflect Microsoft's unrivaled power to strongarm cash-strapped and desperate vendors into whatever schemes they choose. I hope the EU is watching.
To be precise, having an optional secure boot is required for the Windows logo certification. If it cannot be disabled, no logo certification.
See "Windows Hardware Certification Requirements for Client and Server Systems" [1], requirement "System.Fundamentals.Firmware.UEFISecureBoot", items 17 and 18.
> On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup.
To be more precise, this is only true for non-ARM systems. This is evil, since it's entirely possible to have an ARM desktop/laptop, and I really hope there's some kind of anti-trust legislation here. At least Apple offers a way to boot into an alternative OS, even though it is still a bit locked down.
It seems like what MS may be getting (or trying to get), at least in part, from this is a return to (or continuation of, I suppose) GNU/Linux as strictly an "enthusiast" OS. A BIOS tweak won't stop me, but it would definitely stop my mom.
I'm currently in school and I see a surprising number of students using Ubuntu, even outside the CS department. Not a lot, by any means, but more than I would have guessed. I wonder how many of them would be using it if it required a weird workaround or really anything more than "put the disc in and reboot".
> I wonder how many of them would be using it if it required a weird workaround or really anything more than "put the disc in and reboot".
Well, "put the disc in and reboot" doesn't work right now on most PCs, does it? You have to go into the BIOS and change the boot order, or pull up the boot menu to make a custom selection.
It worked on the Thinkpad I bought a few weeks ago... I think most machines are configured to boot from the optical drive first. Even if there is a boot menu, that is still much less scary than having to hunt through a series of menus to find and change an obscure setting.
As we in this community are probably all aware, even small obstacles like having to enter a name or type a credit card number can drastically reduce conversion rates on the web. I think this is a reasonable analogue. Even objectively small obstacles can be important.
> Even if there is a boot menu, that is still much less scary than having to hunt through a series of menus to find and change an obscure setting.
My mom heard
> Even if there is a scary series of menus to find and change an obscure setting, that is still much less scary than having to hunt through a series of menus to find and change an obscure setting.
> It seems like what MS may be getting (or trying to get), at least in part, from this is a return to (or continuation of, I suppose) GNU/Linux as strictly an "enthusiast" OS. A BIOS tweak won't stop me, but it would definitely stop my mom.
Microsoft is so very far from caring about any of this. They and their hardware partners can conceivably do a lot of damage to the Linux desktop experience through indifference, but that's what it is. Indifference.
Completely different. Azure is for servers. Consumers don't use Azure for day-to-day computing. MS is hemorrhaging consumers, most to Apple and Android, but some to desktop GNU/Linux.
That last category might grow as people stop needing MS Office (reminder, we're talking about consumers here, not businesses) and other Windows-only products.
A secure BIOS that is unfriendly to alternative operating systems throws up a low, but possibly significant, barrier that could keep people from moving to Ubuntu and similar.
Aren't the only systems that are "required" to have UEFI Secure Boot--and to prevent end user disabling of this setting--based on ARM? I was under the impression that nothing had changed for the x86 architecture.
x86 vendors that want to qualify for the "Designed for Windows 8" logo program have to include UEFI secure boot and enable it by default, though they can allow users to disable it or install their own keys. That creates an extra hoop to jump through to install anything other than Windows 8.
ARM systems designed for Windows 8 have the same requirement, and additionally must not allow users to disable it or install their own keys.
Other way around: the original spec did not require vendors to support disabling UEFI secure boot or using "custom mode" (meaning installing your own key). See http://mjg59.livejournal.com/139232.html for one reference to that: "Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option."
Microsoft changed the spec in the wake of the controversy around UEFI secure boot. The current version of the spec (available from http://msdn.microsoft.com/en-us/library/windows/hardware/hh7...) does mandate the ability to use custom mode or disable UEFI secure boot, for non-ARM systems only.
My motherboard (a Gigabyte Z77X-D3H) has had Secure Boot added through a firmware update. It allows me to disable Secure Boot, and lets me import custom keys.
"Despite the best efforts of Fedora, openSUSE, Ubuntu, and the Linux Foundation, booting Linux on UEFI Secure Boot Windows 8 PCs continues to be a problem . The easiest way to avoid Windows 8 lock-in is to disable UEFI Secure Boot from your system before it starts to boot. However, this option may not be available on all motherboard; isn't available at all on Windows RT devices, such as the Surface; "
There are also more hoops the Linux vendors have to jump that are explained in the article:
Also, what I didn't understand myself - is the $99 Fedora has to pay for the key just something they have to pay once? Or do they have to pay $99 for every single machine? Because that would be pretty ridiculous if Microsoft managed to make Linux as expensive as Windows licenses, through UEFI.
The $99 is a one time fee.. but frankly even that is absurd. Why should fedora pay microsoft so that I can use my presumably IBM compatible dell PC? It is madness.
They could also sue all manufacturers for anti-competitiveness for not allowing Linux to be run
But I think the $99 is cheaper and better (given what some idiot bios developers do - remember (IIRC) one link here on HN where the bios would look for 'Microsoft Windows' or 'Red Hat Linux' on boot entries?)
This is not only occasional but common. ACPI tables are notoriously broken in many bioses and Linux in fact has to do a bunch of horrible workarounds in order to get working tables regularly.
I wonder if this will have an implication for running Linux on Surfaces, I hope it does because they're a very neat (and affordable - inb4 Asus Transformer) piece of hardware but I have little use for another Windows machine.
The Surface doesn't carry the third-party signing key, so in the absence of a flaw in the firmware implementation you're not going to be able to run anything other than Windows.
Reminds me of when apple switched to intel hardware and it was believed that you couldn't boot windows. Throw some money after it and people will find a way.
Booting Windows on x86 Macs (pre-Boot Camp) was mainly a problem of hardware support; Windows simply didn't support booting via UEFI in 2006, and Macs didn't ship with BIOS emulation.
Linux can boot on UEFI systems; the problem here is Secure Boot as configured on Win8 systems simply won't let you boot anything else without the proper signatures (or disabling it).
"Installing Linux on most Windows 8 computers is still no easy task."
Windows 8 Professional includes the Hyper-V hypervisor. Many PC's recent enough to have UEFI will have a compatible processor (i3 and later).
For many tasks a virtualized installation probably has adequate performance - contemporary hardware and Hyper-V are pretty powerful relative to the machines of a few tears ago.
Of course, for some, not booting directly to Linux might create a performance concern. For others it is an ideological issue. However, one which is created by the decisions of hardware vendors and market realities, not Microsoft.
It's more of an unnecessarily substandard user experience than anything else. The virtualised system is necessarily more complex than the bare system (it is the bare system + another OS + the virtual machine) so when something goes wrong there is that much more of a problem surface. If you intend to use the linux desktop, you are booting into one operating system purely to get through to the next one. That means additional waiting, keypress captures, device sharing, and things you don't really need to worry about.
These things aren't killer issues, sure, but if there exists a product that doesn't involve doing things the hard way then I'm going to avoid doing things the hard way.
At the point one insists on Linux the desktop for an average user, the complexity argument has left the barn. This isn't meant as snark.
Linux lacks a grandmother friendly user support interface. When something goes wrong, a person of average familiarity with Linux is fucked. Arguments about how often operating systems present such problems are for another debate.
The issue of hardware, is just that, an issue of hardware. A lack of systems upon which it is easy to boot Linux is due to the fit between hardware manufacturer's and the market. At least the situation is better than Android on an iPhone.
> At the point one insists on Linux the desktop for an average user, the complexity argument has left the barn. This isn't meant as snark.
Agree, but I'm not sure what you're driving at. I was talking about existing users that want to run Linux as their primary desktop, as they're going to be the market that is affected by this.
I'm saying that people who want to run Linux as their primary desktop are not a market of interest to hardware manufacturer's.
Indeed, I am going so far as to suggest that it may be a market in which hardware manufacturer's are explicitly disinterested due to the potential support costs.
Furthermore, the wide spread expectation that a Linux machine should be less expensive than one with Windows due to the elimination of license fees might make the market even more unattractive to manufacturers.
Supporting Linux is expensive to the point that Red Hat has made a business out of it.
While "virtualization of everything" seemed like a real future few years ago, at my experience of having Ubuntu installed as virtual machine for coworkers that use windows (but have to do python on linux) -- it completely suck. We ended out either having separate machines or just finding alternatives to windows-apps for those people.
I had a similar experience, but working the other way round - I was using Ubuntu as the base system, and a Windows VM for MS Office stuff. It was a real pain, TBH: navigating in and out of the VM was clunky, moving files around, etc.
In case anyone's wondering, I did try using Wine, but that was even worse, I'd get weird screen update problems, things would go black, etc. Libre/Open Office wasn't an option either, the client was 100% MS including Project, and compatibility was (and is) a serious issue.
I tried this at my office in August. When hosting the VM on my (somewhat old) laptop, raw performance was the issue -- there wasn't enough RAM and CPU to run both Win7 and the VM concurrently, and as an intern I couldn't justify the laptop upgrade.
When moving the VM to a server, the raw performance issues went away, but network lag became a pretty serious obstacle when using the GUI. In the end, I ended up just SSHing into the VM, and mounting part of its filesystem using Samba.
(And assuming that I had been able to get a working graphical environment, it's still a very low standard of "working." There are dozens of little annoyances when you're nesting a completely separate window manager inside your current window manager.)
I've gone the other way, running Windows 7 as a virtual machine on Ubuntu since performance is really needed for Linux, Windows is just for Office, VS and lower performance databases, etc. Plus I can shut the VM down and use the entire CPU/DRAM/IO for pytables, or whatever.
You need decent hardware, I've got a beefy i7 laptop with lots of DRAM and will be adding an additional SSD. You can do better with tower or remoting elsewhere, but it's nice to have the whole environment along sometimes.
Many people use laptops that don't have enough power to handle two OSes. I just switched from an i5+SSD Thinkpad to a Xeon-based workstation and the difference while running the same VMs as before is huge.
Hyper-V doesn't support modern resolutions (not even 1080p). I've been using Virtualbox, which has its own issues (the client machines can't always see the virtual monitor's resolution), but has been adequate.
For a Hyper-V Windows client, you should be using Remote Desktop. The Hyper-V desktop client is really designed for simple installtion & management. For other OSs, I'd imagine installing a native client (ssh/X) on the host would be a better experience.
I haven't tried it, but I would be very surprised if playing 1080p video over ssh/X was watchable. My initial plan was just to use Windows 8 for games and do all my other computing inside an Ubuntu VM, but the Windows 8 environment (other than for command line stuff) is really growing on me. Currently I only use the VM for banking and shopping, which I'm still (perhaps unjustly) afraid to use a Windows machine for.
One more pubkey/privkey layer I assume. Some people think that several locked doors are more secure.
I shall say that several locked doors would be more secure if the time is limited for the intruder. We, from the hacking world, have a good amount of time to unlock this one more layer. Well well well, one more layer that does nothing but prevents computers from computing.
UEFI Secure Boot on ARM machines (Windows RT) cannot be disabled but this is to protect revenue, not the machine. This allows subsidized hardware, hoping that Windows Store app sales will make up for the loss. This is the same business model as the Xbox.
Secure Boot on x86/x64 machines is required to have an option to disable, or the machine will not get Windows 8 certified.
