Re: Fedora Pays Microsoft Boot License fee.

2012-06-09 Thread Dazed_75 
As stated, they are not paying M$, they are paying Verisign a TOTAL of $99
for a certificate they can use to sign their software.  This is not worth
the time to discuss it.

On Fri, Jun 8, 2012 at 6:41 PM, Wayne Davis wrote:

> http://dangerousprototypes.**com/2012/06/04/fedora-pays-m-**
> boot-tax-to-access-consumers-**hardware/
>
>
> Curious to see what the take is on this amongst the PLUG users.  Is this a
> lot about nothing or the beginnings of a real problem?
> --**-
> PLUG-discuss mailing list - 
> plug-disc...@lists.plug.**phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss
>



-- 
Dazed_75 a.k.a. Larry

Please protect my address like I protect yours. When sending messages to
multiple recipients, always use the BCC: (Blind carbon copy) and not To: or
CC:. Remove all addresses from the message body before sending a Forwarded
message. This can prevent spy programs capturing addresses from the
recipient list and message body.
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-09 Thread Wayne Davis 

Excellent.  I'm glad it IS nothing of note.



On 06/09/2012 09:01 AM, Dazed_75 wrote:
As stated, they are not paying M$, they are paying Verisign a TOTAL of 
$99 for a certificate they can use to sign their software.  This is 
not worth the time to discuss it.


On Fri, Jun 8, 2012 at 6:41 PM, Wayne Davis 
mailto:waydavis.phx.li...@gmail.com>> 
wrote:



http://dangerousprototypes.com/2012/06/04/fedora-pays-m-boot-tax-to-access-consumers-hardware/


Curious to see what the take is on this amongst the PLUG users.
 Is this a lot about nothing or the beginnings of a real problem?
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us

To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




--
Dazed_75 a.k.a. Larry

Please protect my address like I protect yours. When sending messages 
to multiple recipients, always use the BCC: (Blind carbon copy) and 
not To: or CC:. Remove all addresses from the message body before 
sending a Forwarded message. This can prevent spy programs capturing 
addresses from the recipient list and message body.



---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-09 Thread Derek Trotter 
I just don't like the idea of buying a uefi motherboard and not being 
able to run the OS I want to on it.  Maybe I will want to install an OS 
that predates uefi.  According to the dangerous prototypes article, it 
looks like that could be a problem if the manufacturer of the 
motherboard doesn't like the particular OS I'm trying to install.


If I'm missing something, please let me know.

thanks

On 6/9/2012 15:53, Wayne Davis wrote:

Excellent.  I'm glad it IS nothing of note.



On 06/09/2012 09:01 AM, Dazed_75 wrote:
As stated, they are not paying M$, they are paying Verisign a TOTAL 
of $99 for a certificate they can use to sign their software.  This 
is not worth the time to discuss it.


On Fri, Jun 8, 2012 at 6:41 PM, Wayne Davis 
mailto:waydavis.phx.li...@gmail.com>> 
wrote:



http://dangerousprototypes.com/2012/06/04/fedora-pays-m-boot-tax-to-access-consumers-hardware/


Curious to see what the take is on this amongst the PLUG users.
 Is this a lot about nothing or the beginnings of a real problem?
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us

To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




--
Dazed_75 a.k.a. Larry

Please protect my address like I protect yours. When sending messages 
to multiple recipients, always use the BCC: (Blind carbon copy) and 
not To: or CC:. Remove all addresses from the message body before 
sending a Forwarded message. This can prevent spy programs capturing 
addresses from the recipient list and message body.



---
PLUG-discuss mailing list -PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-09 Thread Eric Shubert 
I don't see how that would be a problem. Please reference exact part of 
the article which leads you to believe that.


BL, there's a lot of misinformation about this. I don't think it's 
anything to be concerned about.


--
-Eric 'shubes'

On 06/09/2012 04:47 PM, Derek Trotter wrote:

I just don't like the idea of buying a uefi motherboard and not being
able to run the OS I want to on it. Maybe I will want to install an OS
that predates uefi. According to the dangerous prototypes article, it
looks like that could be a problem if the manufacturer of the
motherboard doesn't like the particular OS I'm trying to install.

If I'm missing something, please let me know.

thanks

On 6/9/2012 15:53, Wayne Davis wrote:

Excellent. I'm glad it IS nothing of note.



On 06/09/2012 09:01 AM, Dazed_75 wrote:

As stated, they are not paying M$, they are paying Verisign a TOTAL
of $99 for a certificate they can use to sign their software. This is
not worth the time to discuss it.

On Fri, Jun 8, 2012 at 6:41 PM, Wayne Davis
mailto:waydavis.phx.li...@gmail.com>>
wrote:


http://dangerousprototypes.com/2012/06/04/fedora-pays-m-boot-tax-to-access-consumers-hardware/


Curious to see what the take is on this amongst the PLUG users.
Is this a lot about nothing or the beginnings of a real problem?
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us

To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




--
Dazed_75 a.k.a. Larry

Please protect my address like I protect yours. When sending messages
to multiple recipients, always use the BCC: (Blind carbon copy) and
not To: or CC:. Remove all addresses from the message body before
sending a Forwarded message. This can prevent spy programs capturing
addresses from the recipient list and message body.


---
PLUG-discuss mailing list -PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




---
PLUG-discuss mailing list -PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss






---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-09 Thread Stephen 
The main thing will be oem builders being able to lock the pre-installed os
into place. But that would also mean locking the bios. And there is nothing
to say that will or wont happen
On Jun 9, 2012 4:47 PM, "Derek Trotter"  wrote:

>  I just don't like the idea of buying a uefi motherboard and not being
> able to run the OS I want to on it.  Maybe I will want to install an OS
> that predates uefi.  According to the dangerous prototypes article, it
> looks like that could be a problem if the manufacturer of the motherboard
> doesn't like the particular OS I'm trying to install.
>
> If I'm missing something, please let me know.
>
> thanks
>
> On 6/9/2012 15:53, Wayne Davis wrote:
>
> Excellent.  I'm glad it IS nothing of note.
>
>
>
> On 06/09/2012 09:01 AM, Dazed_75 wrote:
>
> As stated, they are not paying M$, they are paying Verisign a TOTAL of $99
> for a certificate they can use to sign their software.  This is not worth
> the time to discuss it.
>
> On Fri, Jun 8, 2012 at 6:41 PM, Wayne Davis 
> wrote:
>
>>
>> http://dangerousprototypes.com/2012/06/04/fedora-pays-m-boot-tax-to-access-consumers-hardware/
>>
>>
>> Curious to see what the take is on this amongst the PLUG users.  Is this
>> a lot about nothing or the beginnings of a real problem?
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> Dazed_75 a.k.a. Larry
>
> Please protect my address like I protect yours. When sending messages to
> multiple recipients, always use the BCC: (Blind carbon copy) and not To: or
> CC:. Remove all addresses from the message body before sending a Forwarded
> message. This can prevent spy programs capturing addresses from the
> recipient list and message body.
>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail 
> settings:http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail 
> settings:http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-09 Thread Derek Trotter 

From the article mentioned in the original post:

Microsoft's practice is facilitated by the UEFI, or Unified Extensible 
Firmware Interface, which allows a manufacturer to lock down the boot 
process so that it will only work on their specified conditions.


What's to keep Microsoft from telling a manufacturer they must lock down 
the machine so no other operating system will boot on it if they want 
licenses to install windows on their machines?


On 6/9/2012 17:14, Eric Shubert wrote:
I don't see how that would be a problem. Please reference exact part 
of the article which leads you to believe that.


BL, there's a lot of misinformation about this. I don't think it's 
anything to be concerned about.


---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-10 Thread keith smith 

During the mid 80's software manufactures tried to lock down their software.  
What they found was stopping pirating entirely reduced sales.  Who would have 
known.  The thought at the time was that without the ability to copy and try, 
some were unwilling to buy.  Unintended byproduct.  The other thing that 
happens was a work around.   There were several apps that would unlock the 
software and allow it to be installed anywhere.

If the hardware manufactures lock down their hardware several things are going 
to happen.  someone will create an open source / free app to beat the hardware 
lock.    

Another unintended consequence could be surplus (used) hardware become unusable.

Another consequence could be a niche market for unlocked hardware, which could 
cause the OEM's to lose market share.  

Yet another unintended consequence is the potential for increased support by 
M$.  I seem to recall a number of years ago M$ tried to lock down it's OS and 
support was a big issue and they stopped the practice. 

If they lock down the hardware, I will not buy Dell or HP any longer.  I will 
build my own. 



Keith Smith

--- On Sat, 6/9/12, Derek Trotter  wrote:

From: Derek Trotter 
Subject: Re: Fedora Pays Microsoft Boot License fee.
To: "Main PLUG discussion list" 
Date: Saturday, June 9, 2012, 9:13 PM


  


  
  
From the article mentioned in the
  original post:

  

Microsoft’s practice is facilitated by the UEFI, or Unified
Extensible Firmware Interface, which allows a manufacturer to lock
down the boot process so that it will only work on their specified
conditions. 



What's to keep Microsoft from telling a manufacturer they must lock
down the machine so no other operating system will boot on it if
they want licenses to install windows on their machines?



On 6/9/2012 17:14, Eric Shubert wrote:
I
  don't see how that would be a problem. Please reference exact part
  of the article which leads you to believe that.
  

  

  BL, there's a lot of misinformation about this. I don't think it's
  anything to be concerned about.
  

  


  


-Inline Attachment Follows-

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-10 Thread Patricia Wilson 
Ahh the day of the Dongle.

I expect a much higher than average number of people on this list can "roll
their own" -- that is certainly not the case in general even amongst linux
users.

On Sun, Jun 10, 2012 at 7:58 AM, keith smith  wrote:

>
> During the mid 80's software manufactures tried to lock down their
> software.  What they found was stopping pirating entirely reduced sales.
> Who would have known.  The thought at the time was that without the ability
> to copy and try, some were unwilling to buy.  Unintended byproduct.  The
> other thing that happens was a work around.   There were several apps that
> would unlock the software and allow it to be installed anywhere.
>
> If the hardware manufactures lock down their hardware several things are
> going to happen.  someone will create an open source / free app to beat the
> hardware lock.
>
> Another unintended consequence could be surplus (used) hardware become
> unusable.
>
> Another consequence could be a niche market for unlocked hardware, which
> could cause the OEM's to lose market share.
>
> Yet another unintended consequence is the potential for increased support
> by M$.  I seem to recall a number of years ago M$ tried to lock down it's
> OS and support was a big issue and they stopped the practice.
>
> If they lock down the hardware, I will not buy Dell or HP any longer.  I
> will build my own.
>
> ----
> Keith Smith
>
> --- On *Sat, 6/9/12, Derek Trotter * wrote:
>
>
> From: Derek Trotter 
> Subject: Re: Fedora Pays Microsoft Boot License fee.
> To: "Main PLUG discussion list" 
> Date: Saturday, June 9, 2012, 9:13 PM
>
>
>  From the article mentioned in the original post:
>
> Microsoft’s practice is facilitated by the UEFI, or Unified Extensible
> Firmware Interface, which allows a manufacturer to lock down the boot
> process so that it will only work on their specified conditions.
>
> What's to keep Microsoft from telling a manufacturer they must lock down
> the machine so no other operating system will boot on it if they want
> licenses to install windows on their machines?
>
> On 6/9/2012 17:14, Eric Shubert wrote:
>
> I don't see how that would be a problem. Please reference exact part of
> the article which leads you to believe that.
>
> BL, there's a lot of misinformation about this. I don't think it's
> anything to be concerned about.
>
>
> -Inline Attachment Follows-
>
>
> ---
> PLUG-discuss mailing list - 
> PLUG-discuss@lists.plug.phoenix.az.us<http://mc/compose?to=PLUG-discuss@lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
Sent from my super hot-shot dual core 64 bit Gateway running Ubuntu 12 from
the chrome/teak/glass desktop in my Luxo Scottsdale condo.

Patricia Wilson
Apache Junction, AZ
Member NRA, ARRL
WB8DXX
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-10 Thread Lisa Kachold 
eople on this list can
> "roll their own" -- that is certainly not the case in general even amongst
> linux users.
>
> On Sun, Jun 10, 2012 at 7:58 AM, keith smith wrote:
>
>>
>> During the mid 80's software manufactures tried to lock down their
>> software.  What they found was stopping pirating entirely reduced sales.
>> Who would have known.  The thought at the time was that without the ability
>> to copy and try, some were unwilling to buy.  Unintended byproduct.  The
>> other thing that happens was a work around.   There were several apps that
>> would unlock the software and allow it to be installed anywhere.
>>
>> If the hardware manufactures lock down their hardware several things are
>> going to happen.  someone will create an open source / free app to beat the
>> hardware lock.
>>
>> Another unintended consequence could be surplus (used) hardware become
>> unusable.
>>
>> Another consequence could be a niche market for unlocked hardware, which
>> could cause the OEM's to lose market share.
>>
>> Yet another unintended consequence is the potential for increased support
>> by M$.  I seem to recall a number of years ago M$ tried to lock down it's
>> OS and support was a big issue and they stopped the practice.
>>
>> If they lock down the hardware, I will not buy Dell or HP any longer.  I
>> will build my own.
>>
>> 
>> Keith Smith
>>
>> --- On *Sat, 6/9/12, Derek Trotter * wrote:
>>
>>
>> From: Derek Trotter 
>> Subject: Re: Fedora Pays Microsoft Boot License fee.
>> To: "Main PLUG discussion list" 
>> Date: Saturday, June 9, 2012, 9:13 PM
>>
>>
>>  From the article mentioned in the original post:
>>
>> Microsoft’s practice is facilitated by the UEFI, or Unified Extensible
>> Firmware Interface, which allows a manufacturer to lock down the boot
>> process so that it will only work on their specified conditions.
>>
>> What's to keep Microsoft from telling a manufacturer they must lock down
>> the machine so no other operating system will boot on it if they want
>> licenses to install windows on their machines?
>>
>> On 6/9/2012 17:14, Eric Shubert wrote:
>>
>> I don't see how that would be a problem. Please reference exact part of
>> the article which leads you to believe that.
>>
>> BL, there's a lot of misinformation about this. I don't think it's
>> anything to be concerned about.
>>
>>
>> -Inline Attachment Follows-
>>
>>
> --
> Sent from my super hot-shot dual core 64 bit Gateway running Ubuntu 12
> from the chrome/teak/glass desktop in my Luxo Scottsdale condo.
>
> Patricia Wilson
> Apache Junction, AZ
> Member NRA, ARRL
> WB8DXX
>
>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
<http://it-clowns.com>Safeway.com
Automation Engineer
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-11 Thread Eric Shubert 

On 06/10/2012 01:11 PM, Lisa Kachold wrote:

Microsoft responded by saying that there was no mandate from Microsoft
that prevents secure booting from being disabled in firmware or that
keys could not be updated and managed.


I think this is key to understanding the situation. Anyone can easily 
disable secure booting and people can do as they please, as they do 
presently.


In order to use secure booting with an alternative OS, one simply needs 
to get a certificate request signed by a CA (a service which comes with 
a fee), much the same as certs are done for SSL. This would be one cert 
per OS, not per computer. I'm not certain of the details of how to do 
this, but this is my understanding of the process.


BL, if you don't want or need secure booting, things are pretty much the 
same as they've always been. I doubt that most people would notice a 
difference between UEFI and traditional BIOS per se. The differences are 
largely between different vendor's implementations, as has always been 
the case.


As Larry said earlier, much to say about nothing.

--
-Eric 'shubes'

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-11 Thread kitepi...@kitepilot.com 

And why you have to 'get a certificate request signed by a CA' ?
I can do SSL all day long with a self-signed (or even expired) certificate.
The only thing that the CA validates (the encryption will still be there) is 
that you are whom you are claiming to be, but if you don't care (I don't 
drop my credit card unless the certificate is 'validly signed'), I still go 
ahead (as happens on some I-wonder-why SSL(ed) Ubuntu support pages). 


I may be dumb, though...
ET 





Eric Shubert writes: 


On 06/10/2012 01:11 PM, Lisa Kachold wrote:

Microsoft responded by saying that there was no mandate from Microsoft
that prevents secure booting from being disabled in firmware or that
keys could not be updated and managed.


I think this is key to understanding the situation. Anyone can easily 
disable secure booting and people can do as they please, as they do 
presently. 

In order to use secure booting with an alternative OS, one simply needs to 
get a certificate request signed by a CA (a service which comes with a 
fee), much the same as certs are done for SSL. This would be one cert per 
OS, not per computer. I'm not certain of the details of how to do this, 
but this is my understanding of the process. 

BL, if you don't want or need secure booting, things are pretty much the 
same as they've always been. I doubt that most people would notice a 
difference between UEFI and traditional BIOS per se. The differences are 
largely between different vendor's implementations, as has always been the 
case. 

As Larry said earlier, much to say about nothing. 


--
-Eric 'shubes' 


---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-11 Thread Eric Shubert 
Same as other software, I'm guessing that the cert would need to be 
signed by a CA that's recognized by the UEFI software. I'm guessing that 
you wouldn't be able to modify which CAs UEFI recognizes, but if you 
can, than you could simply add your CA to the list and be good to go.

--
-Eric 'shubes'

On 06/11/2012 08:19 AM, kitepi...@kitepilot.com wrote:

And why you have to 'get a certificate request signed by a CA' ?
I can do SSL all day long with a self-signed (or even expired) certificate.
The only thing that the CA validates (the encryption will still be
there) is that you are whom you are claiming to be, but if you don't
care (I don't drop my credit card unless the certificate is 'validly
signed'), I still go ahead (as happens on some I-wonder-why SSL(ed)
Ubuntu support pages).
I may be dumb, though...
ET



Eric Shubert writes:

On 06/10/2012 01:11 PM, Lisa Kachold wrote:

Microsoft responded by saying that there was no mandate from Microsoft
that prevents secure booting from being disabled in firmware or that
keys could not be updated and managed.


I think this is key to understanding the situation. Anyone can easily
disable secure booting and people can do as they please, as they do
presently.
In order to use secure booting with an alternative OS, one simply
needs to get a certificate request signed by a CA (a service which
comes with a fee), much the same as certs are done for SSL. This would
be one cert per OS, not per computer. I'm not certain of the details
of how to do this, but this is my understanding of the process.
BL, if you don't want or need secure booting, things are pretty much
the same as they've always been. I doubt that most people would notice
a difference between UEFI and traditional BIOS per se. The differences
are largely between different vendor's implementations, as has always
been the case.
As Larry said earlier, much to say about nothing.
--
-Eric 'shubes'
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Fedora Pays Microsoft Boot License fee.

2012-06-11 Thread Lisa Kachold 
On Mon, Jun 11, 2012 at 11:44 AM, Eric Shubert  wrote:

> Same as other software, I'm guessing that the cert would need to be signed
> by a CA that's recognized by the UEFI software. I'm guessing that you
> wouldn't be able to modify which CAs UEFI recognizes, but if you can, than
> you could simply add your CA to the list and be good to go.
> --
> -Eric 'shubes'
>
>
> On 06/11/2012 08:19 AM, kitepi...@kitepilot.com wrote:
>
>> And why you have to 'get a certificate request signed by a CA' ?
>> I can do SSL all day long with a self-signed (or even expired)
>> certificate.
>> The only thing that the CA validates (the encryption will still be
>> there) is that you are whom you are claiming to be, but if you don't
>> care (I don't drop my credit card unless the certificate is 'validly
>> signed'), I still go ahead (as happens on some I-wonder-why SSL(ed)
>> Ubuntu support pages).
>> I may be dumb, though...
>> ET
>>
>>
>>
>> Eric Shubert writes:
>>
>>> On 06/10/2012 01:11 PM, Lisa Kachold wrote:
>>>
 Microsoft responded by saying that there was no mandate from Microsoft
 that prevents secure booting from being disabled in firmware or that
 keys could not be updated and managed.

>>>
>>> I think this is key to understanding the situation. Anyone can easily
>>> disable secure booting and people can do as they please, as they do
>>> presently.
>>> In order to use secure booting with an alternative OS, one simply
>>> needs to get a certificate request signed by a CA (a service which
>>> comes with a fee), much the same as certs are done for SSL. This would
>>> be one cert per OS, not per computer. I'm not certain of the details
>>> of how to do this, but this is my understanding of the process.
>>> BL, if you don't want or need secure booting, things are pretty much
>>> the same as they've always been. I doubt that most people would notice
>>> a difference between UEFI and traditional BIOS per se. The differences
>>> are largely between different vendor's implementations, as has always
>>> been the case.
>>> As Larry said earlier, much to say about nothing.
>>> --
>>> -Eric 'shubes'
>>>
>>
From:
http://www.zdnet.com/blog/open-source/linus-torvalds-on-windows-8-uefi-and-fedora/11187

Matthew Garrett, a Red Hat developer, explained why Fedora has ended up
with its Microsoft-based UEFI solution.
“We explored the possibility of producing a Fedora key and encouraging
hardware vendors to incorporate it, but turned it down for a couple of
reasons. First, while we had a surprisingly positive response from the
vendors, there was no realistic chance that we could get all of them to
carry it. That would mean going back to the bad old days of scouring
compatibility lists before buying hardware, and that’s fundamentally
user-hostile. Secondly, it would put Fedora in a privileged position. As
one of the larger distributions, we have more opportunity to talk to
hardware manufacturers than most distributions do. Systems with a Fedora
key would boot Fedora fine, but would they boot Mandriva? Arch? Mint?
Mepis? Adopting a distribution-specific key and encouraging hardware
companies to adopt it would have been hostile to other distributions. We
want to compete on merit, not because we have better links to OEMs.”

Fedora explored other options. “An alternative was producing some sort of
overall Linux key. It turns out that this is also difficult, since it would
mean finding an entity who was willing to take responsibility for managing
signing or key distribution. That means having the ability to keep the root
key absolutely secure and perform adequate validation of people asking for
signing. That’s expensive. Like millions of dollars expensive. It would
also take a lot of time to set up, and that’s not really time we had. And,
finally, nobody was jumping at the opportunity to volunteer. So no generic
Linux key.”

In addition, the Linux Foundation had proposed a system by “Linux and other
open operating systems will be able to take advantage of secure
bootif
it is implemented properly in the hardware. This consists of:

All platforms that enable UEFI secure boot should ship in setup mode where
the owner has control over which platform key (PK) is installed. It should
also be possible for the owner to return a system to setup mode in the
future if needed.

   - The initial bootstrap of an operating system should detect a platform
   in the setup mode,
   - Install its own key-exchange key (KEK), and install a platform key to
   enable secure boot.
   - A firmware-based mechanism should be established to allow a platform
   owner to add new key-exchange keys to a system running in secure mode so
   that dual-boot systems can be set up.
   - A firmware-based mechanism for easy booting of removable media.
   - At some future time, an operating-system- and vendor-neutral
   c

Re: Fedora Pays Microsoft Boot License fee.

2012-06-11 Thread Eric Shubert 

On 06/11/2012 03:03 PM, Lisa Kachold wrote:

By year’s end, many, if not most, mass-market PCs are going to be sold
with Windows 8 and that in turn will mean there’s no easy way to boot
them into Linux.


This should say "using secure boot" at the end. I think it can be 
misleading otherwise.


It's easy enough to turn off secure boot, and that's pretty much the 
same situation we've had for 3 decades with BIOS.


--
-Eric 'shubes'

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss