Re: the ghost of UEFI and Micr0$0ft
On 06/06/12 14:06, Miles Bader wrote:
> "Christofer C. Bell" <firstname.lastname@example.org> writes:
>>> Again, let MS rot in its malware hell. I don't care! Perhaps if MS had
>>> been a bit more proactive a couple of decades ago we would not be having
>>> this discussion. MSFT issues are not for us in the Debian or wider
>>> Linux community to resolve.
>> Comments like this make you look like a tool. Microsoft is acting as
>> as nothing more than a certificate authority here. This has jack and
>> all to do with MS Windows.
> Er, except that MS is one of the main parties pushing this ...
>> You can't disable the code signing requirement on ARM.
> ... which is a great deal more worrying.
Yes. And no.
I'd hate to see a situation where it was impossible to buy an ARM (or
other CPU based board) without UEFI that can be disabled - but I support
devices that can be made to *only* run signed code *provided* MS is
*not* the certificate agency. They have a vested interest making life
hard for other OS, and a poor track record (earlier this year) at
reviewing key management processes.
I'd like to see a group composed of industry (and community)
representatives that manages the UEFI keys - and the cost of
registration capped at $99. I'd also like the group to not be like
ICAAN, and I'd like a pony too.
>>From that thread, I got the impression that they actually pushed this
> requirement ("signing cannot be disabled by user").
>From other sources (research) - it appears that both Intel (who wants a
monopoly) and MS (who want their own monopoly) have pushed for that - I
suspect that originally they considered ARM as a platform only for
mobile communications. I'd be very surprised if they were the only
parties pushing for signed code to only be allowed on ARM.
NOTE: UEFI originated with Intel and they still control it. MS is only
one of the OS players. They might have more history of making life hard
for other OS - but the other players are no more caring, benevolent or
community minded (they're all companies).
> Is this even _legal_...? Surely that kind of thing is much more
> likely to run afoul of antitrust laws etc.
IANAL but I'd think so... but it seems that much of the industry
(material sourcing, component pricing, market placement) is in breach
anyway. What eBooks did to the concept of book ownership is nothing
compared to what commercial OS did to the idea of owning code (bonnet
welded shut, no liability or responsibility).
On another note - I can see a need for UEFI (though I don't want it on
*my* devices - just the irresponsible peoples' whose failings keep my
firewall dropping packets and my spam filters busy), but it's like skin
cream for measles if hardware trust and code quality is not addressed
also (pointless waste of time).
Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding
answers to questions about Debian:-