Page 2 of 3
Re: Windows is standard
Posted: Wed Dec 02, 2020 6:43 am
by bzt
foliagecanine wrote:Really?
Really. No GRUB nor Linux kernel is signed by an MS KEK key.
foliagecanine wrote:It would load GRUB just fine, but when GRUB tried to load the Linux kernel, it said that that kernel wasn't signed.
GRUB does not check the kernel's signature, it delegates that task to
a module, shim_lock. This means GRUB must be loaded via shim, and in turn shim uses the
MOK key, not the KEK key. As a result, you'll have an overcomplicated chain of loaders, using several certificates and keys, where only the first stage (shim) is signed by MS with a key that's signed by the PK.
This SB is a huge mess that does not make the boot process secure at all, just overcomplicated (google "BootHole" for example). It is conceptually flawed, because if you can't install your own certificate then your machine is locked down, and if you can, well then a malicious code can install one too. Furthermore, you can easily make a signed, unchanged, verbatim executable to run *any* code with a simple UEFI hook hijack (a method commonly used by
CIA spyware according to wikileaks).
Cheers,
bzt
Re: Windows is standard
Posted: Wed Dec 02, 2020 4:01 pm
by nexos
I'm not bothering reading this half political, half Microsoft bashing thread. Let me state my opinion about MS, but first I will take a road down history which you may know already....
Back in the 1970's, Dennis Ritchie and Ken Thompson made Unix. Unix was great and simple, but as Ritchie said, "it takes a genius to understand the simplicity". So CP\M was created. It was easier to use, but way pricy. Hence no one really used a computer. Then Intel made the x86. Then IBM made the PC, and IBM wanted an OS for the PC. So they asked Digital for CP\M. That fell through. I heard that there were PCs with CP\M out there, but they were more expensive. So IBM went to Microsoft, a small startup at the time. Microsoft purchased 86-DOS, a CP\M clone from Tim Patterson. They changed it some, and sold it to IBM as PC-DOS. They themselves sold it as MS-DOS. So because it was simple and because it was cheap for the time, people went with the PC. MS got big, and they became a monopoly. MS does have a monopoly, and they do bully other companies. Windows became standard not because MS had a monopoly, but because it was made at a time when everyone else was bickering about what arch was best, what UNIX was better, what the better was to this and that was, etc. MS, IBM, and Intel were the only attractive options. So it was natural that it happened. MS is a bully, but other companies should have been more procative. What was MS supposed to do? Say, "here, Digital, your trying, so you go make all the money and we will be a small startup". That would have been foolish.
Re: Windows is standard
Posted: Wed Dec 02, 2020 9:04 pm
by austanss
nexos wrote:Windows became standard not because MS had a monopoly, but because it was made at a time when everyone else was bickering about what arch was best, what UNIX was better, what the better was to this and that was, etc.
To be honest, in the distrohopper community (annoying @$$ clique), it still is that way.
Re: Windows is standard
Posted: Thu Dec 03, 2020 6:20 am
by bzt
nexos wrote:Windows became standard not because MS had a monopoly, but because it was made at a time when everyone else was bickering about what arch was best, what UNIX was better, what the better was to this and that was, etc.
Nope, Windows got widespread because MS took advantage of their monopoly. First, they had an exclusive contract with the original manufacturer, IBM, so IBM PCs were shipped with MS-DOS only in the early days. There was simply no other option. Then later, when PC compatibles (not manufactured by IBM) started to appear, they forced restrictive licensing agreements on OEMs. They have kept that practice for decades, that's what resulted in the
antitrust lawsuit. BTW, even today, if you go to any computer store, 99.9% of the PCs have Windows preinstalled. Actually it's extremely difficult to buy a PC with Linux from an OEM.
To prove my point, if you
search for "PC" on Amazon, then on the first page there will be only one machine with ChromeOS, so ALL but one come with Win 10 preinstalled.
Cheers,
bzt
Re: Windows is standard
Posted: Thu Dec 03, 2020 11:18 am
by nullplan
bzt wrote:Actually it's extremely difficult to buy a PC with Linux from an OEM.
When I think of extreme difficulty, typing "linux laptop" or "linux pc" into Google is not what comes to mind. In my case, here is the second result from duckduckgo:
http://www.tuxedocomputers.com/ Which funnily enough is the company that made the laptop I am currently typing this on.
Re: Windows is standard
Posted: Thu Dec 03, 2020 12:52 pm
by iansjack
It's dead easy in the UK. Just go to Novatech.
Re: Windows is standard
Posted: Thu Dec 03, 2020 1:40 pm
by nexos
bzt wrote:nexos wrote:Windows became standard not because MS had a monopoly, but because it was made at a time when everyone else was bickering about what arch was best, what UNIX was better, what the better was to this and that was, etc.
Nope, Windows got widespread because MS took advantage of their monopoly. First, they had an exclusive contract with the original manufacturer, IBM, so IBM PCs were shipped with MS-DOS only in the early days. There was simply no other option. Then later, when PC compatibles (not manufactured by IBM) started to appear, they forced restrictive licensing agreements on OEMs. They have kept that practice for decades, that's what resulted in the
antitrust lawsuit. BTW, even today, if you go to any computer store, 99.9% of the PCs have Windows preinstalled. Actually it's extremely difficult to buy a PC with Linux from an OEM.
To prove my point, if you
search for "PC" on Amazon, then on the first page there will be only one machine with ChromeOS, so ALL but one come with Win 10 preinstalled.
Cheers,
bzt
Ok, I am not arguing with you, but for the sake of everyone else reading this thread, here are my last 2 cents...
bzt wrote:Nope, Windows got widespread because MS took advantage of their monopoly. First, they had an exclusive contract with the original manufacturer, IBM, so IBM PCs were shipped with MS-DOS only in the early days. There was simply no other option.
You're right, there was no other option! As I said above, IBM and Microsoft were the only companies that actually got something on the market in the early days! Was the PC less then optimal? Precisely. But if wasn't for IBM and Microsoft, we would be stuck with pricy old Apple. Like I said, Digital could have easily taken MS down with their better technology, but there was no OS to install on their machines, and they were too expensive! Everyone was arguing. You can't possibly blame MS for that... Yes, they do bully other companies and that isn't good. They just knew how to market!
bzt wrote:BTW, even today, if you go to any computer store, 99.9% of the PCs have Windows preinstalled. Actually it's extremely difficult to buy a PC with Linux from an OEM.
True, but everyone's apps and games only run on Windows. Only techie people use Linux. Linux came late to the scene. It is shocking its as popular as it is.
Re: Windows is standard
Posted: Thu Dec 03, 2020 3:29 pm
by iansjack
IBM didn't have an exclusive agreement with Microsoft. IBM offered a choice of three operating systems for the original IBM PC - PC-DOS, CP/M-86, and UCSD p-System.
Re: Windows is standard
Posted: Thu Dec 03, 2020 6:45 pm
by eekee
iansjack wrote:IBM didn't have an exclusive agreement with Microsoft. IBM offered a choice of three operating systems for the original IBM PC - PC-DOS, CP/M-86, and UCSD p-System.
Good to know. It sheds some light on what I thought was a shady thing WIndows did...
bzt wrote:Then later, when PC compatibles (not manufactured by IBM) started to appear, they forced restrictive licensing agreements on OEMs.
Microsoft selling MS-DOS for compatibles
at all is cast in a negative light by some. IBM certainly didn't like it. But, if IBM offered a choice of operating systems, I can see Microsoft's reasoning. That MS went on to restrict other OEMs is not the sort of business practice I'd want to be involved in.
nexos wrote:Linux came late to the scene. It is shocking its as popular as it is.
This makes me chuckle. Were you around in the 90s when everyone loathed their Windows PCs crashing all the time and were blown away by how stable Linux was? If it hadn't been for the bickering mentioned elsewhere and once common in far more than just the distrohopper community, open source would have overwhelmed Microsoft back then. For a big example of lack of agreement making sure nothing happened, see Gnu Hurd. It's almost unbelievable how long Hurd went without reaching a usable state. Gnu libc reached a usable state over a decade before it if I remember right. I think it's because the libc is, and was then before POSIX, a relatively well-understood set of functions; there were no big architectural decisions.
But the software industry has long been a very nasty place in which to do business. When describing what Microsoft did to Netscape in 1998, jwz reports that only people outside the software industry were upset by it. Those in the industry knew how it was. I can't find the article now, jwz.org is huge (as you'd expect of someone who's been blogging since 1994) and I don't really want to spend my night reading it again. (It's been a few years since I last did... and ugh! I think I had a stronger stomach then.) Anyway, in his words, "I have an honest job now, I sell beer."
Trailing shot: Did you know all stable versions of Windows trace their ancestry to a kernel written by a man in breach of contract with his previous company?
Re: Windows is standard
Posted: Thu Dec 03, 2020 8:16 pm
by foliagecanine
Sorry, I haven't checked the forum in a couple days.
bzt wrote:Really. No GRUB nor Linux kernel is signed by an MS KEK key.
I seem to be misunderstanding how Secure Boot works. I can guarantee that computer had Secure Boot on. As far as I know, no "custom keys" or whatever were loaded. How would the computer load GRUB (then Linux) if it were not signed with a key?
EDIT: Just to be clear, I'm not trying to argue with you or anything. I just don't know how it works, and would like to learn.
Re: Windows is standard
Posted: Fri Dec 04, 2020 12:58 am
by iansjack
The genius of Gates, and the reason that Microsoft became so successful, was that he insisted on licensing PC-DOS to IBM. They wanted to buy it outright. But Gates took the risk that the PC would succeed and the rest is history.
Re: Windows is standard
Posted: Fri Dec 04, 2020 5:38 am
by bzt
foliagecanine wrote:As far as I know, no "custom keys" or whatever were loaded. How would the computer load GRUB (then Linux) if it were not signed with a key?
I've already told you in the previous posts, by adding extra complexity and an additional stage to the boot process:
- The EFI firmware loads shim, which is signed by MS, using a KEK key that's installed by the PC manufacturer (debian, Ubuntu, RH/CentOS, Arch, Gentoo, etc. etc. etc.)
- Then shim loads GRUB and checks it against shim's own certificate or against the MOK key (both are "custom" in the sense that they're not PK signed KEK keys)
- Shim installs a run-time UEFI service for that check and starts GRUB
- GRUB should be compiled with shim_lock module, which uses that run-time service to check the kernel (so the kernel is not checked against the MS KEK key either)
Just for the records, shim isn't the only solution, just the most widespread one. And the best solution is to simply turn off SB if you can, because it does not make your machine secure at all, just slows down boot. Calling this vendor lock-in "Secure Boot" is just a joke of the MS Marketing department.
Important take away: due to MS monopoly, only MS KEK is installed on machines. This means MS has absolute control over what can be booted using "Secure Boot". Should they not sign shim or revoke their cert, and no Linux will be able to boot (this actually already
happened).
Cheers,
bzt
Re: Windows is standard
Posted: Fri Dec 04, 2020 6:17 am
by bzt
nexos wrote:But if wasn't for IBM and Microsoft, we would be stuck with pricy old Apple.
I'd be quite happy with the Commodore Amiga for example... Everyone knows Commodore bankrupted because MS purchased all the chips from the factories, so Commodore couldn't manufacture and ship in time. Yet another questionable move on MS' part, but this time they just hammered the last nail on the coffin. (Why Commodore took huge pile of preorders without having the accessories in stock is a different question,
read history here. They had it coming because of an sad-little-rich-**** CEO).
Cheers,
bzt
Re: Windows is standard
Posted: Fri Dec 04, 2020 6:43 am
by iansjack
"Everyone knows..."
Translated that means "I just made this up".
Re: Windows is standard
Posted: Fri Dec 04, 2020 6:50 am
by Solar
bzt wrote:Everyone knows Commodore bankrupted because MS purchased all the chips from the factories, so Commodore couldn't manufacture and ship in time.
Errr... nope. And your link doesn't even back that up. Commodore croaked because of inherent cash-flow problems, and trying to re-invent the C64 (i.e., looking for a cheap machine they could sell unchanged for years instead of investing what little they had in R&D -- which was what killed the Amiga dead). They had a machine that was head and shoulders above any competition (Amiga Lorraine), and from the first
Commodore Amiga (A1000) onward they cheap'o'ed the line to death (RGB instead of HSB, small plastic case instead of metal case with room for expansion, floppy kickstart instead of ROM, 256k RAM instead of the more generous capacity Jay Miner envisioned. Staying with the OCS/ECS instead of trying to
stay ahead and push the AGA chipset and beyond.) Eventually, time caught up with them, and it didn't even require any "direct intervention" by MS for them to go belly-up.
As for your link, it's no coincidence that the Deathbed Vigil video shows the Amiga developers burning
Gould in effigy, not Gates...
And that the technology presented by Amiga, Acorn et al. gets dropped completely and the discussion boils down to the eternal "Windows vs. Linux/Unix"
here on OSDev is a shame IMHO. There wasn't a feature in Windows 95 that hadn't been in AmigaOS years earlier (sometimes much superior, e.g. OO kernel, drive handling, ...), yet MS got away with advertising it all as "new". That's what I referred to as "business smarts". I was there at CeBit when they introduced Win95. There was a bunch of us standing there in disbelief at the
chuzpe of the presentation. Multitasking? Yes, been there. Documents linked to the application they were to be opened with? Yes, been there. Long filenames? Yes, been there. We were using AmigaOS, MacOS, RiscOS, and we had seen all those features before. But the crowd was hanging at the MS presenter's lips, while at the same CeBit one hall over they were presenting the utter joke that was the
Amiga Walker -- which was hardly an upgrade from the A1200 -- while
hiding the Amiga 4000 under the desk while showing off the iGlasses (VR goggles) using the Amiga shooter Nemac IV, because there was zero PC support for the technology at the time.