Today's Distrowatch.com Weekly question has some info on this topic. http://distrowatch.com/weekly.php?issue=20130909#qa
Joan in Reno >________________________________ > From: "[email protected]" <[email protected]> >To: [email protected] >Sent: Monday, September 9, 2013 1:34 PM >Subject: Re: [LINUX_Newbies] Windows 8 and Linux install > > > > >I wrote what I did from the security stand point that with the Windows OS installed – the major security technologies (secure boot) were circumvented as turned off. The information I posted is ENTIRELY based on fact and indeed am one of the sources along with all the others, professional and expert, easily googled or if you want them I will post to you. I do not subscribe to FUD as you say (Please do not spread "doom and dread" messages) and never will. FUD http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt > >That was your opinion (Please do not spread "doom and dread" messages) - and NOT welcomed. If you would like to cite your souces that any content of my emails are this? Computer security by all users is to be a priority on any system as expounded on by OS’s and the government and ISPs and on and on - and as Linux sources in general now advise at least using ClamAV to strip off/quarantine/delete any windows malware that may be sent from a Linux machine as well. > >What I wrote IN context is as I would do realizing things about the current set up. That is to reinstall Windows the new Win8 way and have it reset to including the secure boot technologies. This is actually and virtually entire reality that this is the only real area currently that Windows has a security edge over Linux with Vista and Win8 that do not allow and block rootkits/bootkits from running. They can run on Linux. Rootkits are the second worst computer threat behind botnets and usually always require wiping the disk and reinstalling the OS (operating system) as the only cure. Rarely do anti-rootkit utilites do much more than dectect as even opposed to actually removing rootkits. > >So my whole point was if the user wanted to maintain as recommended a secure system and computer then to do it from scratch first setting up windows properly as recommended by professionals and experts and gov and isp and etc etc etc. If you are against all that for simple convenience of use etc etc etc, maybe you should not promote circumventing operating systems security technologies from the too familiar relaxed lazy and apathetic attituded too prevalent in the community so many now speak against as is injurious to the community. > >You have Linus Torvalds as credited as principal founder of Linux with Canonical (Ubuntu) and then countless others who have gone through the process with all the time and money of making Linux dual-bootable with Windows 8 (even including petitions that circulated from others) – and why would they do this if it was “spreading doom and dread messages” to quote you? Is Linus Torvalds and Canonical and the rest of the Linux Foundation etc etc etc spreading doom and dread messages in making available Linux with secure boot compatible with Windows 8 now? Even Linux servers are using it as SuSe for one. These are FUD? If it was FUD why has the Linux Foundation even bothered a second look? > >My replies to the user where that I strongly recommend he start over and set up his computer as recommended with ALL security features in place. Advising security is NOT FUD! It is a mega billion dollar industry of and intregal part of the world wide web. I posted the link (my forum string) to many, many, many of the professionals articles dealing with Linux secure boot with Win8 from the beginning forward that covered the whole controversy as it began. Reading in between the lines allows gaining the knowledge of what is going on and NECESSARY for setting up a Windows 8 PC as dual boot with Linux. You claimed I did not post sources. Did you even bother to read those sources I posted? BELOW IS ONE OF A ZILLION SOURCES OF LINUX SECURE BOOT WITH WINDOWS 8 – GOOGLE THE REST PLEASE...... Thank you for your indulgence before falsely accusin people! ! ! > >ONE OF MANY....... > >Secure boot loader now available to allow Linux to work on Windows 8 PCs >http://www.pcworld.com/article/2027864/secure-boot-loader-now-available-to-allow-linux-to-work-on-windows-8-pcs.html > >QUOTED: > >"Freeing the way for independent Linux distributions to be installed on Windows 8 computers, the Linux Foundation has released software that will allow Linux to work with computers running the UEFI (Unified Extensible Firmware Interface) firmware. > >The Linux Foundation Secure Boot System solves a fundamental problem for many Linux distributions, by providing a way for a Linux-based OS to run on new hardware controlled by UEFI firmware, also known as "secure-boot" technology. > >"The Linux Foundation wishes not only to enable Linux to keep booting in the face of the new wave of secure boot systems, but also to enable those technically savvy users who wish to do so to actually take control of the secure boot process by installing their own platform key," wrote Linux Foundation technical advisory board member James Bottomley, who led the development of the bootloader, in a statement. > >As a potential replacement to the long-used BIOS firmware, UEFI is an industry initiative to secure computers against malware by designing the computer's firmware to require a trusted key before booting the operating system, or any hardware inside the computer, such as a graphics card. > >UEFI would provide a foundation for a chain of trust that would connect all the way up to the software layer, which could thwart attempts to install illicit, and harmful, software on computers. > >Windows 8 >Microsoft requires UEFI on all machines running Windows 8. While OEMs (original equipment manufacturers) have the option of providing a way to turn off UEFI so other OSes can run on the machine, many in the Linux community fear that OEMs will not provide a UEFI off-switch, thereby not allowing other OSes without a key to run on these machines. > >A generic Linux distribution will not run on a Windows 8 computer without keys. > >"In secure mode ... the platform will only execute EFI binaries signed with a key that is whitelisted in the UEFI secure boot signature database," Bottomley explained. > >The latest releases of many major Linux distributions now include a bootloader or a shim of some sort to work with UEFI, including Ubuntu 12.10 and Fedora 18. This UEFI requirement, however, has been seen as a roadblock for those who like to create their own distributions of Linux. The Linux Foundation bootloader provides a hash code, certified by Microsoft, and support infrastructure to boot a generic Linux kernel. > >"We have in place a protocol where Microsoft is happy for us to hand off from the initial Microsoft signed EFI binary load to a separately verified EFI binary chain, which the individual distributions control," Bottomley wrote. > >Other efforts >This is not the first approach someone in the Linux camp has devised for working with UEFI. Security developer Matthew Garrett released his own shim last year. > >A shim is different from a bootloader even though both override the UEFI security system to load Linux. Garrett's shim is hardcoded to work with a specific generic bootloader, called elilo, that boots the Linux kernel. > >UEFI >The Linux Foundation bootloader, which Bottomley said technically is more of "a preloader," can work with any generic Linux bootloader. "We did this because our mission is to enable any bootloader in the Linux ecosystem to work with secure boot," Bottomley said. > >Garrett and Bottomley are discussing the possibility of merging Garrett's shim with the Linux Foundation's bootloader. Garrett helped Bottomley create the bootloader, as did other developers from the Linux Foundation, Red Hat, and Canonical. > >UEFI has proved to be a challenge to implement even for Microsoft Windows. Garrett also reported that certain Samsung laptops running Windows 8 could permanently stop working due to a bug in how the Samsung firmware stores system crash data in the UEFI storage space. " > >UNQUOTE > >PS..... JAMES J., THE USER STARTING THIS HELP STRING, HAS NOT REPLIED AND SAID THAT HE DID NOT WANT THE SECURE BOOT SET UP. IF HE DOES, HE ALSO WROTE HE DID NOT HAVE A RESCUE CD THAT COULD BE USED TO REINSTALL WINDOWS AND START OVER AND THEN INSTALL LINUX PROPERLY AS RECOMMENDED. I GAVE SOURCES/LINKS OF HOW TO DO THAT WITHOUT THE EMERGENCY CD/DVD REPAIR DISK (RESCUE DISK) BY THE BUILT IN NEW TECHNOLIGIES IN WINDOWS 8 – REFRESH AND RESET OPTIONS. IF HE IS NOT INTERESTED IN ALL THAT LET HIM SAY SO. YOU CAN DISABLE THE NEW WIN 8 TECHNOLOGY (SECURE BOOT) AND NOT RECOMMENDED AS WINDOWS USER. > >BTW (by the way) IN A DUAL BOOT – LINUX HAS FULL ACCESS TO WINDOWS. THERE IS POSSIBILITY OF CROSS PLATFORM INFECTION IF YOU ARE NOT AWARE. HIGHLY UNLIKELY. IF CYBER CRIME ACHIEVES IT NO DOUBT WILL BE THROUGH A LINUX ROOTKIT. THAT IS A FURTHER REASON I PROMTED ESET FOR LINUX – FULL WINDOWS AND LINUX PROTECTION. HOPEFULLY YOU DO NOT FEEL NOD32 IS FUD? > >IF YOU ARE OWNER/MODERATOR OF THIS GROUP PLEASE SAY SO AS YOU HAVE GROUP RULES TO BE ADHERED TO. IF YOU FEEL I PROMOTE FUD I OBVIOUSLY DISAGREE AND CONSIDER THAT A PERSONAL ATTACK BUT THIS IS NOT MY GROUP AND I WELL UNDERSTAND GROUP RULES – VIOLATE AND YOU GET THE BOOT. I FEEL I HAVE AT LEAST SCRATCHED THE SURFACE IN SUPPORTING MY EMAIL POSTS AS HAVING ABSOLUTELY NOTHING TO DO WITH FUD OR “SPREADING DOOM AND DREAD MESSAGES” AS YOU ACCUSE ME OF. I WOULD HAVE TO SAY YOU SAID THAT ABOUT ALL OF LINUX AND WINDOWS COMBINED AND ARE PROMOTING SPREADING DUMB PILLS THEN. I DO NOT SUSCRIBE TO THAT SCHOOL AT ALL. COMMUNITY WEBSITES AND FORUMS AND GROUPS THAT OFFER FREE TECH HELP DO SO BECAUSE THEY HAVE EXPERIENCE AND KNOWLEDGE AND CAN HELP KNOWING THE COSTS OF NOT-FREE HELP AND ARE IN GENERAL PROMOTING A HEALTHY CLIMTAE FOR THE COMMUNITY OF COMPUTER USERS TO PARTICIPATE IN – NOT SPREADING FEEL GOOD CONVENIENCE AND DUMB PILLS WHEN IT COMES TO THE SAFETY OF ALL THE COMMIUNITY OF COMPUTER USERS OF ALL OPERATING SYSTEMS INCLUDED. > >THANK YOU FOR STATING YOUR OWN OPINIONS RATHER THAN ACCUSING OTHERS OPINIONS THAT YOU APPEAR TO NOT HAVE KNOWLEDGE IN WHAT YOU SAID! > >gerald philly pa usa >Webmaster: http://bluecollarpc.us/ >http://linuxducks.webs.com/ > > >From: C. Beck >Sent: Sunday, September 8, 2013 9:31 AM >To: [email protected] >Subject: Re: [LINUX_Newbies] Windows 8 and Linux install > >On Sep 7, 2013 4:39 PM, <[email protected]> wrote: >>I am only recommending this as apparently it seems somehow you went ahead and cold-cokked installed Linux as dual boot with Windows 8. [....] Did you disable Windows secure Boot – 8? Then question is who did? It is possible some less than genuine manufacturer has moved to circumvent this and release the Windows PC without protection enabled as a quote convenience to the user – which would leave your brand new latest Windows OS in the stone age as an Windows XP machine without protections offered since then. >> >Please do not spread "doom and dread" messages of fear without at least citing your source. It would be nice also if the source were fact-based rather than op.ed. > >> I strongly! recommend that you wipe the disk by easily in-place reinstalling Windows 8 and start from scratch! >If the bios is in legacy mode, how is reinstalling Windows going to change anything? It also seems to me that if there is software broken, it would be the boot-OS that needs a firmware update rather than a problem with Windows. > > > > > >
