Bonum Certa Men Certa

Microsoft Proves Techrights Right by Screwing UEFI 'Partners'

UEFI



Summary: Linux booting still an issue on new PCs as Microsoft fails to deliver hardware keys

James Bottomley, who had been paid by Novell (Microsoft) before he left, is developing "secure boot" and finding out that UEFI promises are empty. From his blog:



Asked support why the process was indicating failed but I had a valid download and, after a flurry of emails, got back “Don’t use that file that is incorrectly signed. I will get back to you.” I’m still not sure what the actual problem is, but if you look at the Subject of the signing key, there’s nothing in the signing key to indicate the Linux Foundation, therefore I suspect the problem is that the binary is signed with a generic Microsoft key instead of a specific (and revocable) key tied to the Linux Foundation.

However, that’s the status: We’re still waiting for Microsoft to give the Linux Foundation a validly signed pre-bootloader. When that happens, it will get uploaded to the Linux Foundation website for all to use.


So they are losing time and they gave Microsoft the carte blanche to carry on with UEFI.

Will Hill wrote: "Predictable, jerk around. Restricted Boot is defective by design."

Katherine Noyes says:



In any case, the end result is that, despite paying its $99 fee, the Linux Foundation so far still does not have a validly signed pre-bootloader.


Steven J. Vaughan-Nichols also complains:

By design, Microsoft has made installing and booting Linux on Windows 8 PCs with UEFI (Unified Extensible Firmware Interface) Secure Boot troublesome. Many of the major Linux distirbutors, including Fedora, openSUSE, and Ubuntu, have proposed different ways of addressing this problem. The Linux Foundation, which supports all Linux, recently proposed a universal plan for addressing the UEFI Secure Boot issue. Unfortunately, it's been delayed.

The plan was, as James Bottomley, Parallels' CTO of server virtualization and well-known Linux Kernel maintainer, explained on October 10th, 2012, to "obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system)."


Red Hat too was bamboozled by Microsoft, the longtimes convicted thug. This is what happens when you become UEFI 'partners' with the monopolist rather than file an antitrust complaint. As Larabel puts it:

Linux Foundation Struggles With Microsoft UEFI Signing



James Bottomley has written about the problems being faced by the Linux Foundation in having a Microsoft-approved validly-signed UEFI pre-bootloader.

There's many hurdles to jump from Microsoft and Verisign/Symantec for obtaining a valid signing key. There's third-party open-source tools for handling much of the signing process, but in the end Windows is still needed due to a Silverlight-based file uploader for the UEFI binary. The Mono-based Moonlight doesn't work with the Silverlight uploader. After uploading the cabinet file for signing, there's a seven-stage process.


That is how bad it is. Pogson puts it more crudely:

M$ Sabotages UEFI “Secure Boot” for Linux Foundation



[...]

I have always thought it was a mistake to do anything in GNU/Linux the M$’s way. They will do anything to prevent GNU/Linux being more widely accessible for consumers. Expect nothing but “accidents”, failures, disasters and the inevitable legal suits to result. They’re all good for M$ keeping the cash-cow flowing a bit longer.


Muktware says:

Microsoft may have attracted some headlines and discussion on Slashdot for being a 'sponsor' at the Linux Foundation's Europe event LinuxCon. But this sponsor is not giving the Linux Foundation any special treatment when it comes to UEFI Secure boot.

If you remember the Linux Foundation earlier announced their workaround for the UEFI Secure boot for the Linux community. That's getting delayed.

James Bottomley, chair of the Linux Foundation's Technical Advisory Board, explains in his blog the 'technical' and 'paper' challenges there are to get a Microsoft signed key and implement it.

He detailed the entire painful process to get a Microsoft signed key. While is extremely easy to pay $99 and get a Verisign verified key the rest of the process is quite daunting and challenging, which also requires one to use Microsoft technologies.

[...]

The foundation somehow managed to create and upload the file which had to go through seven stages and "unfortunately, the first test upload got stuck in stage 6 (signing the files)."

There were some email exchanges between Microsoft and Bottomley to sort the problem but at the moment the cart is stuck in mud.
We're still waiting for Microsoft to give the Linux Foundation a validly signed pre-bootloader. When that happens, it will get uploaded to the Linux Foundation website for all to use.


UEFI apologists hopefully learned their lesson by now. Microsoft has crooks trying to save Windows by breaking Linux.

Comments

Recent Techrights' Posts

[Meme] The Ponzi Scheme That Eats Rivals (by Paying Them to Stop Competing)
Why compete when you can bribe and defang antitrust authorities?
In 2006 We Had a Novell Problem and Now We Have Several Novells
Microsoft thorns inside the community
Richard M. Stallman (RMS) Debunks Misconceptions About What Free Software Means and Explains How It Works
Free software means people (including users and developers) exercise control over the program, not the programmers
Certificate Authority Let's Encrypt Has Fallen From 12% in Geminispace to Just 1.2% in Two Years (Capsules Usually Self-Sign Their Certificates)
Don't ask the imposters about security
Dispelling the Notion That Microsoft is Political Left
Microsoft not only got bailed out (several times) by Donald Trump but also approached him to take over TikTok without paying for it
 
Links 11/09/2024: EPO Patents Tossed Out by Courts, Software Patent Reveals Ford "Tech That Listens to Driver Conversations to Serve Ads"
Links for the day
More "Linux" SEO SPAM, Wrapped Up as Clown Computing, Composed by a "Bullshit Generator" (LLM)
linuxsecurity.com at it again this week
"Linux" and Linux.com Diploma Mill
The front page of Linux.com right now is the usual nonsense
Links 11/09/2024: ROOPHLOCH Report, Small Web Experiences, and Cohost Effectively Dead
Links for the day
Links 11/09/2024: Russia Enters Latvia With Drone, Truth Social Stock Crashes
Links for the day
The "IT Industry" is Full of Imposters (It's a Growing Crisis)
They often manage the companies
Richard Stallman Explains Stochastic Parrots (LLMs)
From his latest talk
The Toys of Today's Kids and Coordination Woes, Not to Mention a Lack of Social Skills
Too much time indoors, too much screen time
Linus Torvalds, the Son of a Politician, Tries to Stay Out of Politics (or Political Topics)
"I'm just a geek" has its limits in practice
Richard Stallman Still Deals With Politics
Stallman's gonna Stallman
GAFAM Not Invincible
The US has an election very soon and Microsoft is already bribing candidates for deregulation and favours, based on press reports
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 10, 2024
IRC logs for Tuesday, September 10, 2024
The Greatest Show on Earth (Buzzwords Circus)
What next? Being denied medical service because you don't have a Facebook account?
Gemini Links 11/09/2024: Happiness, Improvised Nebuliser, and olden Age of Palm OS
Links for the day
Julian Assange's Father Turns 80 and They Show Themselves in Melbourne
Will he be active in Wikileaks soon?
Slow But Ongoing Mass Layoffs at EPO, Estimates That Nearly Half of the FOs Will be Made Redundant Soon
When you cease to care about validity and quality of patents you're granting why bother with humans at all?
[Teaser] EPO Tightening Its Belt
who didn't see this coming?
Are Lawsuits Over EPO Corruption Next?
Why does the mainstream media not cover it?
Europe's Second Largest Institution, the EPO, Exploits Lack of Oversight to Commit Crimes Every Day
Immunity begets impunity, which in turn begets crime
[Video] Richard Stallman's New Talk in Germany Covers What Free Software Means, Why LLMs are "Bullshit", and Lots More (Web3 Summit 2024 Berlin)
Closing Keynote Day 3 - Dr. Richard Stallman - Web3 Summit 2024 Berlin
Transcript of Latest Public Talk by Dr. Richard M. Stallman (RMS), Delivered Last Month at Web3 Summit 2024 Berlin
quick-and-dirty transcription
Links 10/09/2024: Big Brother Awards Germany 2024 and Telling the Unemployed to 'Drive Uber'
Links for the day
Gemini Links 10/09/2024: DUIs and Useless Analytics
Links for the day
The Peril of the Electronic Frontier Foundation (EFF) Illuminates the Dangers of Founders Leaving or Being Forced Out
Whatever you may think they stand for, you risk being fixated on what they originally were and perhaps what their Web sites still say
Difficult Times at Soylent News
We hope that Soylent News will recover from this
New Article in redhat.com: How to Install Microsoft Windows
That's just about as bad as that sounds...
Crimes of the EPO Are Costing Everybody in Europe
Since virtually everyone in Europe is a user of software (almost nobody is a forest dweller like in countries near the equator), this impacts everybody
OSI's Blog is Still 100% Microsoft-Sponsored Attacks on Free/Open Source Software
OSI is a compromised, defunct body. It exists to serve the enemies of its original mission.
A Decade Ago Things Became So Bad at the European Patent Office (EPO) That Staff Jumped Out the Window During Working Hours
Colleagues saw the suicide; the EPO's response wasn't to tackle the causes but to bolt down the windows (like factories in China installing controversial 'suicide nets')
Red Hat is Suing to Protect From Patent Trolls
Why doesn't Red Hat (IBM) also lobby to eliminate all software patents once and for all?
COVID-19 Ushered in Attacks on Human Rights and Things They Said They Had Introduced Temporarily Are Still in Effect/Operation Today
COVID-19 changed a lot of things
Quitting Academia When Its IT Systems Are Dominated by Clowns Who Outsource
It seems like a common trajectory
Why the Free Software Foundation (FSF) Owning or Renting Office Space Mattered
"In the long term, the FSF needs to own its future office space, but then the deadly risk is that the property ownership becomes the end goal rather than software freedom."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 09, 2024
IRC logs for Monday, September 09, 2024
Free Software Foundation (FSF) Probably Has No Choice But to Shut Down Its Office
Net Income -$686,366
Nearly Two Years After Quitting My Job
My colleagues and I were bullied by managers (grievance complaint got filed) who didn't even know what "Linux" was
Terms of Service (TOS) Under Scrutiny - Part XVIII - In Conclusion
Many activities can be done offline without having to sign anything
Modern spyware and the problems of "Discord newspeak"
The history of modern instant messaging...
Links 09/09/2024: More Trash Balloons and Collapse of Real Estate Market in China
Links for the day
Gemini Links 09/09/2024: ROOPHLOCH and More
Links for the day
Wrong Priorities at IBM
Lavish spendings on a 16-year contract for the most expensive place while firing tens of thousands of staff
Links 09/09/2024: LLMs Manipulated to Lie, More Corruption Found in COVID-19 Contracts
Links for the day
The Best Interface is Outdoors, It's Nature!
Not everything should be replaced by or emulated by digital devices
Terms of Service (TOS) Under Scrutiny - Part XVII - A Personal Perspective
The bottom line is, it's possible to reduce (albeit not entirely eliminate) how many things one signs, presses "OK" on and so on
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 08, 2024
IRC logs for Sunday, September 08, 2024
Always Taking Things Up a Notch
Nothing will stop us
[Meme] EPO Keeps Masking Its Corruption With "Diversity and Inclusion" (Hiring the Wife of a Friend of Someone Who Bribed His Way Into EPO Presidency)
chain of nepotism
Very Large EPO Applicants Now Threaten a Boycott of the EPO (the EPO Management is Trying to Bribe Them to Change Their Plans/Minds While Hiding It From Staff)
If corruption prevails to this extent, it will have severe international effect
Gemini Links 09/09/2024: Gemini Application Developer Guide and ROOPHLOCH 2024
Links for the day
Links 09/09/2024: 'Dieselgate' Criminal Trial Starts Late, Mass Layoffs at Volkswagen
Links for the da