Free Republic

Microsoft's July round of patches fixes a vulnerability that could be used to bypass the Secure Boot protection feature if an attacker simply adds a policy to the target Windows systems. Microsoft mandates Secure Boot on newer PCs designed to run Windows. The feature is implemented in the unified extensible firmware interface (UEFI) code that checks the Windows boot loader before it starts up the operating system, to ensure it is digitally signed by Microsoft. Secure Boot can, however, be bypassed completely by applying a Windows group policy, providing attackers with full access to systems thought to be locked down....

A zero-day software vulnerability in the firmware of older Apple computers could be used to slip hard-to-remove malware onto a computer, according to a security researcher. Pedro Vilaca, who studies Mac security, wrote on his blog that the flaw he found builds on previous ones but this one could be far more dangerous. Apple officials could not be immediately reached for comment. Vilaca found it was possible to tamper with an Apple computer's UEFI (unified extensible firmware interface). UEFI is firmware designed to improve upon BIOS, which is low-level code that bridges a computer's hardware and operating system at startup....

Summary: Short synopsis of a long discussion with the UEFI Forum regarding ‘secure’ boot We don’t always speak to figures of authority in pursuit of reform, but when we do, it is rather productive (pardon the meme). OIN is a good example of this. Last year, UEFI criticism began as a ‘feature’ of UEFI, namely ‘secure’ boot, was put to use by Microsoft, which basically misused it for anticompetitive reasons, making it hard to boot GNU/Linux.“Security was not the main outcome of UEFI ‘secure’ boot being put in place.”The UEFI Forum got in touch with yours truly, setting up an...

The lawyer who has filed a complaint with the European Commission against secure boot in Windows 8 on  behalf of some 8000 Linux users in Spain says the complaint takes "an user and developer perspective, it is an unprecedented approach to the problem of monopoly in operating systems in Europe"."I think that Hispalinux is likely to show that Microsoft is engaged in additional anticompetitive acts that were not conclusively determined in the 1998 European Commission investigation," José Maria Lancho (pictured above) told iTWire.Hispalinux is the organisation on whose behalf Lancho has filed the complaint; according to him, it is a...

Summary: Is it possible that the recent attempts to push secure boot onto computer users was a response to the growing hardware vendor support for coreboot back in 2011? This is only speculation on my part, but I suspect that this might be the case. Coreboot is a badly needed solution that can restore freedom to  PC users while updating the outdated PC BIOS technology. What is CoreBoot?Coreboot is a free software replacement for the BIOS currently found in most computers. It is also a better alternative than UEFI/secure boot because it gives the owner of a computer the freedom...

It's early days for secure boot, the new method that Microsoft is using to protect its desktop turf, but it would not be unfair to say that the company has succeeded in showing up the sharply fragmented nature of GNU/Linux.Secure boot is a feature in the Unified Extensible Firmware Interface, the replacement for the motherboard firmware or BIOS. It has been implemented by Microsoft in a manner that effectively prevents easy booting of other operating systems on machines which have secure boot enabled. An exchange of cryptographic keys takes place at boot-time so that a system can verify that the...

The prospect of Windows 8's planned Secure Boot restrictions has caused no end of controversy in the Linux world, where distributors and users of the free and open source operating system have been struggling to figure out just what it's all going to mean for those who don't embrace Windows. The prospect of Windows 8's planned Secure Boot restrictions has caused no end of controversy in the Linux world, where distributors and users of the free and open source operating system have been struggling to figure out just what it's all going to mean for those who don't embrace Windows....

The FOSS community is understandably upset with both Red Hat and Ubuntu for their planned ways of implementing UEFI Secure Boot. Indeed, both companies plans are unacceptable for a variety of reasons. Free software isnÂ’t free if it requires permission from an outside source before it can be loaded onto a new or used computer. This is true even if the permission comes from a well-meaning bureaucratic regulatory agency. ItÂ’s doubly true if that permission must come from a self-serving monopoly with an anti-FOSS history, like Microsoft.In early June, Red Hat came under fire from the FOSS press for their...

(Brief disclaimer - while I work for Red Hat, I'm only going to be talking about Fedora here. Anything written below represents only my opinions and my work on Fedora, not Red Hat's opinions or future plans) Fedora 17 was released this week. It's both useful and free, and serves as a welcome addition to any family gathering. Do give it a go. But it's also noteworthy for another reason - it's the last Fedora release in the pre-UEFI secure boot era. Fedora 18 will be released at around the same time as Windows 8, and as previously discussed all...

At the beginning of December, we warned the Copyright Office that operating system vendors would use UEFIsecure boot anticompetitively, by colluding with hardware partners to exclude alternative operating systems. As Glyn Moody points out, Microsoft has wasted no time in revising its Windows Hardware Certification Requirements to effectively ban most alternative operating systems on ARM-based devices that ship with Windows 8. The Certification Requirements define (on page 116) a "custom" secure boot mode, in which a physically present user can add signatures for alternative operating systems to the system's signature database, allowing the system to boot those operating systems. But...

A senior Red Hat engineer has lashed back at Microsoft's attempt to downplay concerns that upcoming secure boot features will make it impossible to install Linux on Windows 8 certified systems. Unified Extensible Firmware Interface (UEFI) specifications are designed to offer faster boot times and improved security over current BIOS ROM systems. The secure boot feature of the specification is designed so that only digitally signed OS loaders will load, a security feature that would prevent the installation of generic copies of Linux or FreeBSD as well as preventing rootkits and other boot-time malware from running. A digitally signed build...