[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 18/04/13 18:50, Rob Beard wrote:
Almost - the requirements are different for ARM-based machines running> As far as I understand it, a requirement of getting hardware
> 'certified' by Microsoft to be ready for Windows 8 manufacturers must
> have a UEFI firmware on the machines with Secure Boot enabled. I also
> gather that it should be possible for the end user to disable secure
> boot to be able to boot other operating systems.
>
> However it's down to the manufacturer to make it possible to disable
> it. I've not really looked into the whole thing about what individual
> distros are doing, I gather that RedHat/Fedora have a solution as does
> Canonical with Ubuntu, but I don't have a Windows 8 machine to hand to
> test it out on, possibly when I buy a new machine it might come with
> Windows 8 pre-installed (not sure yet, really depends on what hardware
> is available when I decide to upgrade my laptop... if I go for a
> desktop machine I'll build one from scratch).
>
> I was reading something recently about UEFI and how the source to the
> AMI UEFI firmware was released online. This got me thinking about
> another factor for secure boot... it could be used as an anti-piracy
> feature.
>
> Basically to cut a long story short, manufacturers activate Windows
> automatically by inserting a key or string (depending on the version
> of Windows) into the BIOS. Then the copy of Windows also has a
> certificate and specific product key installed. If they all match
> Windows is activated. If not, it isn't. Now some folks have worked
> out how modifiy bioses to put these keys in, so for instance it can
> fool Windows into thinking it's running on different hardware... an
> example would be to modify a Gigabyte motherboard with the key for a
> Dell system. Windows sees the Dell key and activates Windows with the
> Dell certificate and product key.
>
> I'm guessing here, but if a UEFI firmware can't be modified by anyone
> other than the manufacturer, then it might not be possible to insert
> the keys in the firmware (if it's modified in any way it won't appear
> secure anymore so it won't boot), hence this stops the practice of
> modifying the firmware or BIOS to activate Windows.
>
> I'm sure as machines come out thousands of Linux users will be testing
> hardware and we'll soon find out which manufacturers are allowing
> Secure Boot to be disabled or not.
>
> Rob
>
WinRT but the requirements for the win8/UEFI situation on x86/64 is that
the secure boot *must* be possible to disable: not "if the manufacturer
can be bothered to enable the feature", but *must*. I don't know why
everyone has such a hard time understanding this as it seems to be one
of the core problems people have with UEFI, and it's one that doesn't
actually exist.
You are at least partly right about the anti-piracy feature though - a
little tool called "windows loader" has been very popular recently with
pirates as it uses exactly the trick you described (SLIC injection) to
flawlessly activate win7, vista and the server builds. I'm pretty sure
that was starting to piss Microsoft off...
Regards
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq