Jump to content



Photo

Secure Boot complaint filed against Microsoft


  • Please log in to reply
63 replies to this topic

#46 rfirth

rfirth

    Software Engineer

  • Tech Issues Solved: 2
  • Joined: 11-September 09
  • Location: Baton Rouge, Louisiana
  • OS: Windows 8
  • Phone: Nokia Lumia 620

Posted 29 March 2013 - 07:49

That explains it. His is 5/22/12 I guess I should email acer for a download of an updated bios.


Why would a computer that shipped with Windows 8... which was released in October 2012... ship with a BIOS revision from May 2012 instead of the more current version from August 2012? Interesting...

And if that's a revision from May 2012, and that was written before Windows 8 was released... why can't you boot Windows 7?

See? Microsoft isn't screwing with you. Acer is.


#47 uMadRabbit

uMadRabbit

    Neowinian Senior

  • Joined: 03-January 12

Posted 29 March 2013 - 08:08

That explains it. His is 5/22/12 I guess I should email acer for a download of an updated bios.


BIOS updates should be listed on their site download sections as well. At least most OEM's have it this way.

#48 redvamp128

redvamp128

    Neowinian Senior

  • Joined: 06-October 01

Posted 29 March 2013 - 08:17

Why would a computer that shipped with Windows 8... which was released in October 2012... ship with a BIOS revision from May 2012 instead of the more current version from August 2012? Interesting...

And if that's a revision from May 2012, and that was written before Windows 8 was released... why can't you boot Windows 7?

See? Microsoft isn't screwing with you. Acer is.

that one was oops a miss typed I am
on my phone.
8/22/12 was what it should have been whichit was September 2012 when he wanted me to put 7 on it... there were no updated bios on their site when I checked that month

#49 Torolol

Torolol

  • Joined: 24-November 12

Posted 29 March 2013 - 08:31

If it's any good you can, my motherboard lets me install/remove any keys (including the default MS keys)

whats your motherboard type?
i would like to recommend it to some client,
as most Secure Boot capable motherboard i've seen, doesn't allow you to installing your own keys easily,
some said that user can change the key during Firmware Updates,
which mean the key must be specified somewhere in the firmware binaries!

Stopped reading at "keys handled by Microsoft".
No they are not. Verisign is handling Secure Boot keys. Microsoft bought they key like everyone else can do, they even offered keys for Linux distros for free for a while but since Linus is too stuck up on his own views it went all sour, this is nothing you can blame MS on.

yes, but doesn't change the fact that almost (all?) windows 8 in existance are signed by the very same key, which pose pending problem of key compromise i mentioned above.
And, the corporates actually want to sign the OS they use with their own unique keys,
as that would give them control on what OS allowed to be used in their environtment,
and less likely affected whenever the world-wide Windows-8 Secure Boot keys compromise happens.

but:

then find a way to sign the MS bootloader and you're in..

signing MS OS's component using your own unique keys...,
i read the report that some one did try and of course the Windows 8 was complaining afterward (which is a good thing from OS security's POV btw),
Thats however, unable to achieves what the corporates want.

You can load your own signing keys in some implementations..

That is, however, the reason it's set up the way it is.
It's beyond confusing for the average user. That's why Microsoft mandated that you be able to turn it off.

If you want secure boot that you hold the keys to, awesome. Find an OEM provider that allows you to.

yes, by firmwire updates some OEM did offering that, but it also mean OEM will know the half about the unique key,
some corps would like if if none of the outsider would know about their keys.
And currently, only open-sourced OS (linux flavor for example) components than can easly signed, not Windows 8.


so why Coprs not switch to Linux?
well, due the fact that Corporation still need windows, and OS migration are costly & painful process.

#50 redvamp128

redvamp128

    Neowinian Senior

  • Joined: 06-October 01

Posted 29 March 2013 - 08:36

Hello,

Can you please list the brands and models of computers that vendors have shipped that have Windows 8 preloaded and no option to disable UEFI Secure Boot in their firmware? Please note that by computer, I mean an IA-32 instruction set compatible CPU such as those made by AMD or Intel, and not tablet devices with ARM CPUs that run Windows RT. Thank you.

Regards,

Aryeh Goretsky


I think we figured it out...bios needs flahing... his was for august 2012 ... which did not have that as an option... the october bios says that was added.. but when I checked in september there were no bios updates ... which I then gave it back to him.... so there is a fix....problem is on acer

#51 articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 29 March 2013 - 08:37

I know a couple of implementations offer revocation of third party keys, I've heard rumour some allow revocation of the master key and both of these cases allow for the addition of your own keys.

Your objection appears to be that some corporations want to control the entire signing process.. Something that no OEMs ever offered, and none offer despite MS getting them half way (I bet some allow the revocation of the primary signing key, but I've never bothered to look).. The issue of course being that Windows will object to a different signature on their binaries when it loads up.. So even if it was possible, you couldn't do it with Windows 8 >.>

You seem to want something that completely defies the point of the secure boot system :\

Also, I've yet to find a single business customer with a concern about the signing key in secure boot. Most of them don't care full stop. >.>

#52 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 29 March 2013 - 08:50

whats your motherboard type?
i would like to recommend it to some client,
as most Secure Boot capable motherboard i've seen, doesn't allow you to installing your own keys easily,
some said that user can change the key during Firmware Updates,
which mean the key must be specified somewhere in the firmware binaries!
...


Sabertooth Z77

It's not a low end mobo, and that's probably why it's more flexible in that regard.

#53 tkaw220

tkaw220

    Neowinian

  • Joined: 02-October 12

Posted 29 March 2013 - 08:51

That explains it. His is 5/22/12 I guess I should email acer for a download of an updated bios.


You can download the latest BIOS from http://us.acer.com/a...content/drivers.

#54 redvamp128

redvamp128

    Neowinian Senior

  • Joined: 06-October 01

Posted 29 March 2013 - 09:05

You can download the latest BIOS from http://us.acer.com/a...content/drivers.


I am. Seeing this now...thanks.. this was not an option sept of last year.... seems that is why in oct they released an updated one. Now have to teach him how to flash it... he is on assignment in germany now. He won't be back for another month. He said he still wants 7 win8 he says is sluggish.

#55 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 29 March 2013 - 11:50

I had a friend bring me his All in one with Windows 8
Acer Aspire AZS600-UR15


and wanted me to install Windows 7 on it- there was no option to turn off the check.

Windows 7 would pretend like it would install then at the point of installing boot loader - Fail- even when I placed a fresh drive int the machine.

It would not let it write to the boot sector.
I looked and there was nothing -- the only options were - to control boot order- check for extra hard drives and turn to compatibility mode.
I had to end up restoring the Windows 8.

Actually, I could think of a number of other reasons for that happening except Secure Boot. especially since the computer already allowed changing boot order and changing boot device.

So a user should be content with a system that lags? then? And they want to run a lower OS? - Priceless-
And upgrade of processor is not a valid option since it is a cpu/gpu built into an all in one .
Or you should be stuck with something they don't like then?


If Windows 8 lags, then it's either a so slow computer it'll lag on 7 as well, unlikely if it's a new computer, or there's something wrong with the computer and his techie friend should have known that instead of instantly blaming Windows 8 because he has a personal non rational hate for it, those are the things that make you unable to properly troubleshoot problems. you need objectivity.

#56 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 29 March 2013 - 11:59

I am. Seeing this now...thanks.. this was not an option sept of last year.... seems that is why in oct they released an updated one. Now have to teach him how to flash it... he is on assignment in germany now. He won't be back for another month. He said he still wants 7 win8 he says is sluggish.


Again, if his computer is sluggish, windows 7 isn't going to fix that, since no part of 8 is slower than 7, and many parts are in fact faster. so if it's sluggish something else is wrong.

and again, while your old bios didn't have the option to turn on secure boot, it was never on in the first place as has been explained to you, if it was on, it wouldn't have prevented writing the boot loaded, it would have prevented starting it and it wouldn't have allowed USB/CD boot. So there must be something else preventing writing the boot loader.

#57 redvamp128

redvamp128

    Neowinian Senior

  • Joined: 06-October 01

Posted 29 March 2013 - 12:16

Again, if his computer is sluggish, windows 7 isn't going to fix that, since no part of 8 is slower than 7, and many parts are in fact faster. so if it's sluggish something else is wrong.

and again, while your old bios didn't have the option to turn on secure boot, it was never on in the first place as has been explained to you, if it was on, it wouldn't have prevented writing the boot loaded, it would have prevented starting it and it wouldn't have allowed USB/CD boot. So there must be something else preventing writing the boot loader.


It is not mine....the installer booted it only got as far as preparing.... failed on any hard drive writes..in an effort to fix the sluggushness ..I did a factory restore of it...when he bought it the literature he had said "now with secure boot" but we found no way to turn that off. That was september of last year.. when the user said sluggish he is talking about bsimpleb tasks like surfing the web. IE is what he said was slow and he did not like the tiles ... to him it is sluggish... I merely tried to give him what he needed. ...and I also tried which I know someone is going to say.. with and without the option of setup mode enabled and disabled. The booklet said it had secure boot... but no choice to go into advanced mode nor authenticate.....which the other person with the oct bios screen shows. That when he gets back we will flash it and try it again. I even tried one of my spare drives thinking it was something installed on his hard drive. That drive of mine I had wiped it and still no os other than 8 refused to install. So what else than a secure boot that his booklet said it had that was blocking it. Also on that spare drive I tried 7 .linux and then a copy of 8 which was the only one that would write to that spare drive. So please tell me what else it could be? I ended up putting his old one in and did a factory restore to help fix it. Then installed all updates.

#58 MDboyz

MDboyz

    Neowinian

  • Joined: 16-November 01

Posted 29 March 2013 - 13:10

Don't blame MS on that. Blame it on Linux not working with OEM to produce more Linux computers. Also, I thought Linux are mostly techy. They can just build the computer for themselves.

The other thing to look at is -- people say "BUY a Linux Computer" well that limits the choices and those choices are not very strong computers.
Other than -
https://www.system76.com


But still there are not a lot of options- They don't even offer any AMD chip-sets.



#59 articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 29 March 2013 - 13:12

Again, if his computer is sluggish, windows 7 isn't going to fix that, since no part of 8 is slower than 7, and many parts are in fact faster. so if it's sluggish something else is wrong.

and again, while your old bios didn't have the option to turn on secure boot, it was never on in the first place as has been explained to you, if it was on, it wouldn't have prevented writing the boot loaded, it would have prevented starting it and it wouldn't have allowed USB/CD boot. So there must be something else preventing writing the boot loader.

There are a number of fringe cases where in 8 performs significantly worse than 7 on certain hardware configurations.

In particular there are a number of issues with how the OS communicates with storage devices that causes repeated interrupts and makes the OS run like proverbial ass >.>

I don't know how MS buggered that one up tbh D:

#60 majortom1981

majortom1981

    The crazy one

  • Tech Issues Solved: 1
  • Joined: 30-November 01

Posted 29 March 2013 - 13:17

Even the knowledgeable ones (Timothy Lottes for one example) seem to believe MS did it just to block competition. I'm really not sure what to think of these people.


How are they blocking the competition when you can just go into your bios and turn secureboot off?