C'est magnifique, mais ce n'est pa la guerre
|
|
|
Microsoft explains its use of UEFI to 'secure' boot process
SOFTWARE DEVELOPER Microsoft has explained how it intends to protect pre-OS boot environments through the use of the unified extensible firmware interface (UEFI).
Microsoft demonstrated fast and 'secure' Windows 8 booting at its Build conference, however questions lingered over how Microsoft intends to protect the pre-OS environment. Now the company has provided a little more detail on how it uses UEFI to make sure malware doesn't sit between the BIOS and the operating system.
Microsoft's Windows 8 secure boot effectively checks the OS loader code against a list of known malware hashes to try to ensure that only legitimate code gets executed. There is a hierarchy of signatures that needs to be matched, with the top tier being a platform key that is installed by the original equipment manufacturer (OEM).
The most obvious issue with Microsoft's system is ensuring the database of malware hashes is kept up to date. It is not clear whether Microsoft or OEMs will be expected to keep the hash table populated in the future.
Microsoft pointed out that UEFI systems will work with operating systems that don't support secure booting. The firm was keen to mention that the user is the person in control over whether Windows 8 secure boot is used, with Microsoft's Tony Mangefeste saying, "The security that UEFI has to offer with secure boot means that most customers will have their systems protected against boot loader attacks. For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision."
The upshot of Microsoft's support of UEFI should, at long last, signal the end of BIOS. Some motherboard manufacturers have been shipping motherboards with UEFI, however the biggest advantage they have been promoting is a slightly prettier presentation layer. In effect, Microsoft has shown that there is far more to UEFI than pretty pictures. µ
Tags: Microsoft
Share this:
Share
It is about time the hardware OEMs get a method to lock out the INNOVATION thieves that are trying to infringe on the technology that Micr0$uck$ has developed. Since they invented the PC and the internet everyone needs to use their products and pay them handsomely.
ok, you seem to miss the point.
firstly, average joe blogs who wants a PC wants it to work, if they are not able to build a PC then its unlikely they will be able to install and get full functionality out of a linux system. This was and still is the main problem with Linux or any other non MS/Apple os, i like it, it just doesnt always work without considerable tweaking.
the other part is that Non MS / apple users form the minority of users. If you are able to install and get Linux working on a PC then the chances are you will be just fine, and if you cant then thats not our problem, you are a minority so deal with it,
i personally believe, and i think its safe to say most Windows Techs would agree also, that id be much happier knowing that through time the vast majority of users are using systems that are significantly more secure.
You guys all get up in arms with anything to do with MS is mentioned and it instantly becomes their fault, im sorry to say, but in this case your wrong, IF an OEM system lacks the ability to turn this off then its the OEMs for not adding it.
you buy a BMW car from a dealership, is it BMWs fault for it not having any petrol in it? no its not, its the dealership, and yours for not checking in the first place.
"In effect, Microsoft has shown that there is far more to UEFI than pretty pictures."
Yeah, meaning it is about DRM and can disable boot loaders to protect against unlicensed usage of their OS. I wonder how fast some Countries will make the switch?
"3.Bas, yes i have, it's called buying the parts and assembling it your self. If you read the inq, you should be able do that (laptops excepted)"
Ok, but what if somebody can't build their own machine?
Have you ever tried to get a Dell, HP, Acer, Packard Bell...etc without the M$ crap tax???
You can't!!
A choice should be there for everybody, not just the smart ones.
Windows IS FORCED on everybody, it's that simple.
So this means that I can't use anything other than what is given on the list. I think there is much more still there besides MS and various Linuxae. I even have a computer with a DOS partition on it that I sometimes boot. Legal, as I still own the original diskes. Don't ask why. But this would be prevented by this crap. What does the EU watchdogs have to say about this? Lots I hope
How do you remove a virus or malware if you can't boot a CD/DVD with the tools.
Malware my ass, it's DRM against piracy.
EFI was invented to DRM OS's, that's why it was initially so badly received, then it became UEFI, but I guess you can't shake a bad character.
UEFI BIOS sucks if it doesn't match the speed and function of the legacy BIOS it wants to replace. BIOS vendors like the idea of UEFI because legacy BIOS development has been mastered be many engineers in Chin and Taiwan, causing a decline in selling price. UEFI poor design and implementation causes it to drive up the cost of computers, increases time to market, and decrease reliability. Otherwise it is OK I guess.
1st of all, apple already uses UEFI and it does not prevent dual booting. In fact apple had a policy of explicitly banning dual boot until hackers showed everyone how and they had to relent.
2. If MS did NOT do this, every one of you guys would be harping on them for letting in pre-boot malware. Calling them an incompetent bunch of losers for missing something so obvious.
3.Bas, yes i have, it's called buying the parts and assembling it your self. If you read the inq, you should be able do that (laptops excepted).
To buy a PC in Europe WITHOUT paying the Microsoft tax??
Did you?
Well try it, then tell me to grow up.
As soon as you try you will find how evil M$ really is.
I do not care that people want to run Windows, however I DO CARE M$ is trying to keep people from running anything else.
That Sir is the major issue with Microsoft and their evil ways.
They keep people from having a choice.
That Sir is the problem, and has always been the issue with M$.
If this prevents people with OEMed machines from booting pre-OS malware, more power to them. It's not a big deal for me though, since I won't be buying OEMed machines anyway, and doubt most people who are concerned about this UEFI will either or will have means to get around it (probably a simple setting in the BIOS). For all the rest, good for them.
Does anyone who actually knows about the boot process think this is aimed at Apple?
It sounds like a typical MS manoeuvre. "Be nice (to us) and we'll share the code.. when we are ready."
Pt. II "Oh we changed the code. Didn't we tell you? Tch.. Tch."
I use grub2 to dual boot between Linux and Windows 7. This sounds like a ploy by MS to make dual booting more difficult if not impossible. I would be open to using a Windows booter if:
a) It loaded all proper drivers for software raid drives that other OS's might be stored on.
b) It did not affect the other OS's (no bs MS code between Linux and the machine).
c) Ease of use, background images, and all of the other things that Grub2 allows me to do.
From the Microsoft article you linked to:
ensuring that only signed, certified “known good” code and boot loaders can execute before the operating system itself loads.
So there is no database of "bad" boot loaders. The firmware will only load "known good" ones ... defined as ones signed by a key that the BIOS knows about.
While every OEM could in theory provide each customer with a signing key so that they can mark their own boot loader as "good" we all know that simply isn't going to happen. They don't even provide re-install disks now, so why would anyone think that they'd go to the lengths required to generate per-machine keys and make sure that the purchaser of the machine gets them?
Im sorry, but all this anti MS hate is getting boring.
Lets get a few things straight, I use Windows, on a lot of systems, as do the vast majority of users on this planet, if there is even the slightest degree of increased security for these systems then i couldnt give a damn about what minority OS group of users says about it, how about this, rather than penalise everyone who could benifit, why dont you harrase the people who can make a difference on this, the OEMs, its there lackluster support that has created issues for users since the beginning of time.
But no, that wouldnt fit the bill would it, MS wants the option for added security on its systems, the key word being OPTION if the OEMs give you no option then thats not MSs fault.
Grow up kids and think of the big picture.
Did you read it? M$ wants to lock out anything between the BIOS and Windows.
Ergo kill any other OS.
Never ever trust M$ to do something right when it comes to booting, they have proven to be crooks time and time again.
You trust a crook? Good Luck :-)
From that history, I've no doubt of M$'s intent to pull whatever tricks they can. If this hampers Linux operation at all, M$ will implement it solely for that.
I suppose you think that M$ answered the question that Bas raises, but M$ answering a question not yet asked means they knew what they'd be accused of because do have a plan to shut Linux and "older" (cute put down the M$ clown tosses there) OSs out.
However, this'll probably flop and just screw up a bunch of boards. Again, that's predictable from M$'s long history of incompetence.
Did you actually read the article?
Anybody remembering DOS or Windows95? Where Microsoft simply deleted all partitions and OS'ses that where installed without asking??
Trust M$ with this is the same as trusting a pickpocket with your Wallet!!
There should be a law to ban M$ from altering bootloaders and destroy them without asking anything.
The Windows ONLY game has to stop here and now! Enough of them killing Grub without asking!! Linux and other OS never kill Windows, but M$ kills everything!! STOP THEM NOW!