FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

[geoffrey mendelson]

On Oct 25, 2011, at 6:34 PM, Oleg Goldshmidt wrote:
>
> This does not really mean much to me. As far as I can decipher the
> really problematic piece is the bootloader (e.g., grub for our
> purposes).

The points not covered here is that secure boot IN PART has been  
around for a long time. Later versions of Windows XP started the trend  
by looking for encrypted keys in the BIOS. This is how Windows knows  
you are using for example a Packard Bell version of Windows (and  
therefore not needing activation) on a Packard Bell computer.

Windows 7 expanded upon this. As a way of getting around this  
mechanism, hackers have developed a modified GRUB (yes, they started  
with the real thing) that loads the keys from disk and fakes the  
authentication server in the BIOS.

So you can go to xxx.com and download a version of GRUB which lets you  
choose the manufacturer of your computer that Windows 7 sees, so that  
it will boot without external authentication.

That's why Microsoft is asking for the ability to check if a  
bootloader was used that is not approved and to warn the customer.

MY GUESS is that if an unsigned version of GRUB (or any other  
bootloader) is used, Microsoft will use an alternate identification  
and authentication method (e.g. call 1-800-Linux-sux and ask for  
Bill). (that's a joke for the paranoid trolls out there).

To me this has a silver lining. If Windows 8 refuses to boot on a  
computer with the secure boot disabled or not included at all, then  
they can't sell you that computer with a copy of Windows 8, and charge  
you for it.

Geoff.
-- 
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(