Comments Locked

22 Comments

Back to Article

  • wumpus - Wednesday, November 22, 2017 - link

    Does this mean anything for the end user? Does it mean anything for embedded?

    I suspect that there might be the occasional use of DOS for certain embedded jobs that really don't want anything grabbing the CPU, but what you need x86 for but not a real RTOS is pretty small (and fancy processors already have serious latency issues, stick to the classics and "made for embedded" processors if you want to count cycles).

    I'm guessing we will miss the joy of this https://www.youtube.com/watch?v=bS9hiSwL1KY
    (lazy game reviews installs DOS on a 2017 game machine) and not much else.
  • HStewart - Wednesday, November 22, 2017 - link

    Most uses of older operating systems would use virtual cpu environment like VMWare or DOSBox.

    For embedded, the first thought I would think in such environment you would need to virtualize the bios - this can be done by using power of 386 at the time cpu - to load the bios code into memory space. I did this with Video Bios at my first back in late 80's early 90's. You likely also have to virtualize the IO Ports.

    I would think now a days - most embedded environments don't depend on the bios.

    When I did development with PC-MOS back in late 80's and early 90's we pretty much emulated all the bios and in fact DOS interrupt functions at the time.
  • baka_toroi - Wednesday, November 22, 2017 - link

    So this is basically a way to make Secure Boot a mandatory feature down the line. Prove me wrong.

    By 2032 only "terrorists" will use open computing.
  • ddriver - Wednesday, November 22, 2017 - link

    And possession of a general purpose computer device will be punishable by death.
  • CaedenV - Wednesday, November 22, 2017 - link

    well, terrorists and businesses lol
    just this last week I had to reinstall win10 on a PC because Dell's pre-boxed version of win10 would not take our antivirus. Disable secure boot, boot from flash, a 7 min install process (win10 installs soooooo fast!), and we were back in business.

    Keep in mind that secureboot does not mean that you can't reinstall an OS, or install another one. It just means that you have to have physical access to the device, and appropriate media to boot from. It is really only there to keep the kids from installing linux on their parent's work laptop lol

    Also, far more secure against USB based attacks, and other firmware/middleware vulnerabilities. Throw a password on your UEFI and apply some disk encryption and you have a fairly secure box that people cant get data off of without lots of effort... or an Intel IME vulnerability X-P
  • wolrah - Wednesday, November 22, 2017 - link

    I don't think you understand how secure boot works.

    You can netboot with it, you can install Linux with it, etc. All it cares about is that the code you're loading has a signature that validates with one of the keys stored on the system.

    Obviously everyone preloads Microsoft's keys and a few vendors preload their own. I'm not sure if any mainstream OEMs preload any of the major Linux distros' keys. Most business desktops and pretty much all DIY hardware supporting secure boot allows you to load your own keys at the system level. Allowing this was a requirement for Windows Logo certification for a while.

    If you have a machine that doesn't allow that here's a shim, signed with the Microsoft keys, which can be used to then load anything signed with keys of your choice: https://mjg59.dreamwidth.org/20303.html

    Variations on that shim, prepackaged with the vendor's keys and then individually re-signed by MS are used by most major Linux distros to support secure boot.

    Those shims will load on any system that can boot current x86 versions of Windows and allow you to run whatever you want.
  • DanNeely - Thursday, November 23, 2017 - link

    When secure boot first came out Canonical was planning to get a version of their boot loader signed by the MS key arguing that making sure that "It just works" for the common user and not having to turn off security features for some enterprise customers were more important than ideological objections to the entire concept. Did they end up following through; or did the plan get waylaid at some point?
  • edzieba - Wednesday, November 22, 2017 - link

    So... just delete the MS key from the Secure Boot keystore and load your own, and sign your own bootloader? Why not just USE a security feature as intended?
  • HunterKlynn - Wednesday, November 22, 2017 - link

    Yeah this is my understanding. Isn't complaining about requiring SecureBoot like complaining about requiring HTTPS, now that anyone can sign this stuff?
  • adrian_sev - Wednesday, November 22, 2017 - link

    for "security reasons" :)) i will just leave this link here : https://techreport.com/news/32867/intel-patches-ne... and a related link http://schd.ws/hosted_files/ossna2017/91/Linuxcon%...
  • LordanSS - Wednesday, November 22, 2017 - link

    O.O
  • awolfe63 - Wednesday, November 22, 2017 - link

    Where are you getting these numbers from? BIOS is from the IBM PC in 1981. That is only 36 years ago.
  • Devo2007 - Wednesday, November 22, 2017 - link

    Correct. The writer was referring to the term BIOS, which originated in 1975 with the CP/M Operating System, but it wasn't the same as the BIOS used on IBM PCs.
  • amrs - Thursday, November 23, 2017 - link

    It seems to me the writer is a little off with the timeline anyways: "Standard PC BIOSes from the 1970s had numerous limitations (a 16-bit processor mode, 1 MB of addressable memory space), which needed to be hacked around in the 1980s". What was a "standard PC BIOS" in the 1970s? CP/M machines back then were 8-bitters on such CPUs as Z80 or 8080. They definitely didn't have "16-bit processor mode" or "1 MB or addressable memory space". 16-bit CP/M is from the 1980s.
  • edzieba - Wednesday, November 22, 2017 - link

    About damn time. Having Legacy & CSM features turned on by default (for the Windows 7 stick-in-de-muds who'll complain to high heaven if new hardware doesn't work out of the box with their 8 year old OS) can end up in hours of fart-arseing about and needing to do an OS re-install to get some things enabled again properly if you don't remember do it before first install. Not so much a problem for OEM systems, but a real annoyance for self-assembly.
  • Hurr Durr - Thursday, November 23, 2017 - link

    Eight years is not that old for an OS, especially in the corporate world. I`ve read qbittorrent fixlist recently and found out that they have dropped freaking OS/2 only in the newest version.
  • piroroadkill - Thursday, November 23, 2017 - link

    Windows 7 can boot with UEFI. I have no idea what this has to do with Windows 7, it just felt like you wanted to bitch about people who want to use a particular OS.
  • qlum - Thursday, November 23, 2017 - link

    What I am worried about is oem's only allowing the windows keys that are preloaded making it a lot more difficult / impossible to install what os you want. Secure boot is nice but should remain open to new keys and preferably be optional for hassle free installation.
  • Hurr Durr - Thursday, November 23, 2017 - link

    Ball is on the side of loonix maintainers here. I`m sure OEM will include any reasonably widespread distro as long as maintainer is proactive with it.
  • Silma - Friday, November 24, 2017 - link

    Does this mean secure boot only accepts one key?
    Can't it accept a few, such as Microsoft & Canonical for a typical dual boot system ?
  • Hugh R - Tuesday, November 28, 2017 - link

    "Once CSM is removed, the new platforms will be unable to run 32-bit operating systems"

    This seems wrong. I have systems that have 32-bit UEFI on Intel Atom. Without CSM. So they can only boot 32-bit OSes. And not legacy ones. These are annoying since the processor does 64-bit but the firmware does not. This was some market segmentation game played by Intel or Microsoft while they were trying to fight ARM.

    Some Linux distros, after a bunch of years, can now run a 64-bit kernel and userland on this dumb platform (each call to UEFI from the kernel downshifts to 32-bit mode).

    I think what you mean is that old OSes that had no provision for running under UEFI will no longer be bootable on the bare metal. Like DOS. Like OS/2. Like BeOS. Like old copies of pretty much anything.

    There's booting and there's running. Booting is all different. Running is only different for those things that made BIOS calls, and those are few and far between since that required switching into non-virtual 16-bit mode.

    On the booting front, I guess MBR partitioning has to go. And about time.

    So the big casualty is DOS. I use it for some repair tasks. Like flashing firmware (few manufacturers currently support flashing from Linux). A natural replacement might be the UEFI Shell but that seems to have been deprecated (apparently MS dictates that it must not be available by default).
  • AJSB - Saturday, December 2, 2017 - link

    Wintel going to a killing...not only XP but also 32 AND 64bit versions of Windows 7 and Windows 8.x...hell, even users that staid with Windows 10 RTM will no longer can use it .

    F*** Wintel, going to stay with AMD and if it caves in also and removes also CSM, i will go for Linux definitively....or buy some "old" MBs,etc. still supporting CSM and seal them so i can have hardware as i want no matter how much i live.
    You might say this is insane, but, this is what some will do when cornered by Wintel.

    I

Log in

Don't have an account? Sign up now