Torvalds doesn't want Windows 8 secure boot keys in Linux kernel

There are now two separate ways for a Linux-based operating system to be installed and booted on a Windows 8-based PC. One comes from the Linux Foundation and the other comes from Linux programmer Matthew Garrett. Both are in the early stages of development. However. the creator of Linux, Linus Torvalds, has now expressed his opinions on a proposal that would add Microsoft-signed binary keys to a Linux kernel, and they are not very nice.

ZDNet.com reports that Red Hat software engineer David Howells recently asked Torvalds in a message board exchange on the Linux Kernel Mailing List for such a move so that Linux could boot on a Windows 8 PC that had binary-only drivers that are used by AMD and NVIDIA graphics chipsets.

Torvalds shot that suggestion down, calling it "f******* moronic". In another message board post he added:

If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chissake, it's in that f****** pull request.

All in all, the battle for a smooth path for Linux users to have a dual boot system for a Windows 8 PC continues its slow pace and while there are preliminary solutions in place, it may be some time before they are fully implemented.

Source: ZDNet.com | Image via Linus Torvalds

Report a problem with article
Previous Story

Windows 8-based Razer Edge tablet pre-orders start Friday

Next Story

Review: Zen Studios' Star Wars Pinball [Updated with Windows 8 info!]

78 Comments

Commenting is disabled on this article.

The title of the article should be: "Torvalds doesn't want a F*ng Windows 8 secure boot keys in Linux kernel"

Well, it is *HIS* Kernel, so he can do whatever he feels like it with it. Pretty much like MSFT and their Start Menu :-p

I haven't dual booted in a long time, always found it to be too consuming to do (if I need the other OS I have to restart and wait to get into that OS, then if I need to go back I need to restart, etc), but couldn't you just like disable UEFI Secure Boot in the bios then install as normal? I just ran into this trying to clean install Windows 8 (install media wasn't set up for secure boot).

sdreamer said,
I haven't dual booted in a long time, always found it to be too consuming to do (if I need the other OS I have to restart and wait to get into that OS, then if I need to go back I need to restart, etc), but couldn't you just like disable UEFI Secure Boot in the bios then install as normal? I just ran into this trying to clean install Windows 8 (install media wasn't set up for secure boot).

yes, you can just disable Secure Boot in the BIOS/UEFI settings and none of this affects you. unfortunately, many common users don't know how to do that, and a percentage of Linux users feel Microsoft only implemented Secure Boot as a requirement to kill Linux on desktops

This article is pretty bad, it doesn't explain anything. Of course I agree with Linus, there is no way these should end up in the kernel for the exact reasons his said. As for the members here who are so against Linux/Linus for whatever reason, do you have any interest in computing or the future of it? There has never been a better time for that "I dont want to live on this planet any longer" meme after reading some of the comments here.

Warning: The following is a rant more than anything.

[rant]
Not to get too technical on anyone but anyone referring to Secure Boot as a BIOS functions is wrong. Secure Boot is a UEFI Extension and will never see itself on Legacy BIOS implementations.

BIOS = Basic Input/Output System
UEFI = Unified Extensible Firmware Interface

They are 2 independent things. UEFI can emulate legacy BIOS functions but it causes it to go through itself more slowly. Every motherboard will either have BIOS or UEFI but never both. Many current motherboards have UEFI and more and more OEM systems are coming with UEFI equipped on them already. As an example my Alienware laptop is fully UEFI and many of the Dell or HP desktop computers at work are UEFI.
[/rant]

EDIT: I sorta agree with Torvalds that the secure boot functions do not belong in the kernel (which I think he was trying to point out). It should be at the boot loader levels which is what I thought they were going to do.

Ugh.... some people seriously need to grow up.

Firstly those of you complaining about the language used in this email clearly have short memories or knew nothing of the Windows 2000 source code leak. The source files were littered with tons of profanity like "use this class so it doesn't f*** up the piece of s*** compiler". yes, it seems unprofessional but most coders do it.

Secondly, the level of ignorance displayed by Neowin's Microsoft shills is absolutely insane. It seems so many of you are eager to bash Linux, yet if it weren't for the kernel the costs of so many consumer devices like routers would rise because companies would either have to employ coders to create inhouse software or license software from other manufacturers. The Linux kernel has been incredibly kind to the tech community over the years and it's a shame that some of you are so eager to hate simply because of misguided product loyalty. The fact that we don't see the Linux kernel as much as NT doesn't mean it doesn't have a very strong influence in all of our technological lives. It's there in so many of our devices.

These days Neowin seems to be turning into one great big Microsoft advert. It was a great tech community once.

Javik said,
Ugh.... some people seriously need to grow up.

Firstly those of you complaining about the language used in this email clearly have short memories or knew nothing of the Windows 2000 source code leak. The source files were littered with tons of profanity like "use this class so it doesn't f*** up the piece of s*** compiler". yes, it seems unprofessional but most coders do it.

Secondly, the level of ignorance displayed by Neowin's Microsoft shills is absolutely insane. It seems so many of you are eager to bash Linux, yet if it weren't for the kernel the costs of so many consumer devices like routers would rise because companies would either have to employ coders to create inhouse software or license software from other manufacturers. The Linux kernel has been incredibly kind to the tech community over the years and it's a shame that some of you are so eager to hate simply because of misguided product loyalty. The fact that we don't see the Linux kernel as much as NT doesn't mean it doesn't have a very strong influence in all of our technological lives. It's there in so many of our devices.

These days Neowin seems to be turning into one great big Microsoft advert. It was a great tech community once.

They could easily use bsd which I believe a lot of them currently are. Which router uses Linux kernel?

What I really want to say is the software is free he has no right to criticize what someone else does with it so if redhat wants to put other things in the kernel he can't stop them. He can only go on being disrespectful. I don't care how smart or powerful you are If u can't respect others then you can go suck yourself

I agree with Linus here (why would the keys need to be in the kernel? AFAIK it doesn't make much sense), but did he have to say that RedHat wanted to "deep-throat Microsoft"? That makes it sound like the whole thing is based off of his distaste for Microsoft.

Great job moderating this news post moderators! I cannot see any flame baiting material, oh, oh wait a moment.... *scrolls up to pages of flame bait*... Nevermind.

The comments here are ludicrous. Linus Torvalds is a breath of fresh air compared to the self-important statements which Neowin constantly reports about from Steve "the world's greatest executive" Ballmer and Bill "the world's most giving man" Gates.

Linus went on to call Steve Ballmer a 'Doody Head' before throwing a 20 minute temper tantrum which was only stopped by another dev giving him his bottle and reading him a story about chipmunks.

I have no words for the level of ignorance in this thread. The Linux kernel is the most widely used kernel in the world, encompassing embedded devices (routers, etc.), servers, supercomputers and most mobile phones. Its penetration on the desktop computer has remained low, but that's kind of the point of what Linus is saying.

Linus Torvalds is right: secure boot keys for compatibility with Windows 8 PCs do not belong at the kernel level, since the Linux kernel doesn't specifically target PCs (never mind Windows 8 PCs) in and of itself; it targets anything and should stay as platform-neutral as possible. Linux-based operating systems, like Red Hat, can add that themselves. So what Linus is saying is not that Linux-based operating systems shouldn't be compatible with Windows 8 PCs, just that this layer of compatibility doesn't belong at the kernel level.

> I have no words for the level of ignorance in this thread.

The most disappointing thing is that the most ignorant comments have the most 'positive' votes. Honestly I despair more and more each time I read these front page comments. I wouldn't mind but the majority of the trolling is so factually incorrect or actually IRRELEVANT - the commentary should be on the article. Opinions such as 'Linux is monkey feces' - not entirely sure what that contributes at all to the discussion.

Sigh.

To be fair most people on here (including me) are going by what is quoted in this blog article/post (I didn't read his whole discussion with Red Hat). That snippet of language from Linus makes it seem that he doesn't want to support SecureBoot at all. I can understand that he just doesn't want it at the kernel level. Makes sense.

I know right! The level of trolling in this comment thread is beyond ridiculous. Mods have got to clamp down on this kind of garbage.

<ontopic>
I too agree with Linus here. Letting something like this into the Kernel means that it ends up, unused, in a great many different types of system. I'm surprised that Redhat didn't know better to be honest, given that their primary product is a server-oriented distro which would unlikely ever see secure boot. I guess that's why Linus is so ****ed about it.

mnl1121 said,
To be fair most people on here (including me) are going by what is quoted in this blog article/post (I didn't read his whole discussion with Red Hat). That snippet of language from Linus makes it seem that he doesn't want to support SecureBoot at all. I can understand that he just doesn't want it at the kernel level. Makes sense.

But couldn't you have at least read the article title?

Dr_Asik said,
I have no words for the level of ignorance in this thread. The Linux kernel is the most widely used kernel in the world, encompassing embedded devices (routers, etc.), servers, supercomputers and most mobile phones. Its penetration on the desktop computer has remained low, but that's kind of the point of what Linus is saying.

Linus Torvalds is right: secure boot keys for compatibility with Windows 8 PCs do not belong at the kernel level, since the Linux kernel doesn't specifically target PCs (never mind Windows 8 PCs) in and of itself; it targets anything and should stay as platform-neutral as possible. Linux-based operating systems, like Red Hat, can add that themselves. So what Linus is saying is not that Linux-based operating systems shouldn't be compatible with Windows 8 PCs, just that this layer of compatibility doesn't belong at the kernel level.

That's a nice bed time story there, too bad reality is different now.

Linux is not the same Linux it used to be. Since it merged with Android, it's become a mutant monstrosity full of security and privacy flaws.

Dr_Asik said,
I have no words for the level of ignorance in this thread. The Linux kernel is the most widely used kernel in the world, encompassing embedded devices (routers, etc.), servers, supercomputers and most mobile phones. Its penetration on the desktop computer has remained low, but that's kind of the point of what Linus is saying.

Linus Torvalds is right: secure boot keys for compatibility with Windows 8 PCs do not belong at the kernel level, since the Linux kernel doesn't specifically target PCs (never mind Windows 8 PCs) in and of itself; it targets anything and should stay as platform-neutral as possible. Linux-based operating systems, like Red Hat, can add that themselves. So what Linus is saying is not that Linux-based operating systems shouldn't be compatible with Windows 8 PCs, just that this layer of compatibility doesn't belong at the kernel level.

To be honest I don't think it necessarily belongs in the kernel either. However there are MANY MANY other things baked into the Linux kernel that you will NEVER use on a regular desktop and visa versa so the argument that it should remain platform independent isn't really valid. I work with the Linux kernel, particularly with embedded, and can tell you there is a lot of useless crap that is desktop and server exclusive. That's why we have to rip all that out and by the end of things our product kernel barely resemble the original Linux kernel. It's basically just a shorthand way of working backwards rather than forwards. This is same situation with server OSes (which I also work on), by the time the product kernel is completed it resembles nothing of the Linux you know, like I can't stress how different it is. We don't use it because its good or something we use it because it removes the need for us to rewrite a tonne of object code which provides us a foundation of an OS.

So yeah Linux kernel based OSes aren't Linux based like you think they are, in fact I think it's an insult to the complications of the Linux kernel (albeit poorly and not next-gen computer oriented) to have Super Computer and Embedded kernels that are based on it put in the same category.

archonis said,

That's a nice bed time story there, too bad reality is different now.

Linux is not the same Linux it used to be. Since it merged with Android, it's become a mutant monstrosity full of security and privacy flaws.

What, the hell are you talking about? As far as I was aware, many of the contributions the Android merge provided (or will provide) improved security (where applicable). There's no issue of privacy either. Google haven't "injected" some super-secret spy device into the kernel that uploads your syscalls to their servers.

Have you got any sources for these "security and privacy flaws" in the Linux kernel?

I always find it funny how the opinion of people who actually work in high tech industries is so different than message boards like this filled with teenage fan boys. Hmm.... I wonder why that may be. I know this has always been a Windows based site but a number of you have grown incredibly hostile to anything that doesn't have a Microsoft logo on it. Kinda sad and pathetic really. I'm constantly amused at how much some of you really think all of this matters in life.

AJerman said,
I always find it funny how the opinion of people who actually work in high tech industries is so different than message boards like this filled with teenage fan boys. Hmm.... I wonder why that may be. I know this has always been a Windows based site but a number of you have grown incredibly hostile to anything that doesn't have a Microsoft logo on it. Kinda sad and pathetic really. I'm constantly amused at how much some of you really think all of this matters in life.

So now we should all listen to people who work in high tech industries and let out own opinions to die? No thanks.

As much as I'd like to use Linux I am not going to anymore. I'm done with the arrogance of some developers who think they are the king of the worlds. Linus is one of them, look at the way he speaks, what the hell..anyone who would be in his positions wouldn't do that, not a single person.

It's all fine when Linux users flame Windows users but when it's the other way around it's fanboys? Get off your high horse and start thinking like a normal human being for Christ sake.

Majesticmerc said,

What, the hell are you talking about? As far as I was aware, many of the contributions the Android merge provided (or will provide) improved security (where applicable). There's no issue of privacy either. Google haven't "injected" some super-secret spy device into the kernel that uploads your syscalls to their servers.

Have you got any sources for these "security and privacy flaws" in the Linux kernel?


He's just trolling. Android runs ONTOP of the kernel. And is technically kernel independent due to it running in a virtual machine. Hence not counted to be a Linux distro by most of the Linux world. Same as the PS3 OS isn't counted as a Linux distro, while it uses the Linux kernel.
AJerman said,
I always find it funny how the opinion of people who actually work in high tech industries is so different than message boards like this filled with teenage fan boys. Hmm.... I wonder why that may be. I know this has always been a Windows based site but a number of you have grown incredibly hostile to anything that doesn't have a Microsoft logo on it. Kinda sad and pathetic really. I'm constantly amused at how much some of you really think all of this matters in life.

For me personally the issue is that most hatred for Microsoft shown here and everywhere in the world is unjustified. Hence I often pick sides with MS in these 'flamewars'. And I think this is similar for quite some people here. And I somehow think this secureboot thing would've been added if it wasn't Microsoft that came with it. MS isn't the horrible monster people have claimed and still claim for the past 2 decades. They actually do allot of good and unlike other companies are not only in it for the profits. (of course profits are still most important). Often have offered to help Linux but got rejected.
And this useless hatred between the MS 'world' and Linux 'world' has been slowing down progress unnecessary for both sides, and my personal thought is that it's hurting Linux hell of al lot more then it is hurting MS.

alwaysonacoffebreak said,

As much as I'd like to use Linux I am not going to anymore. I'm done with the arrogance of some developers who think they are the king of the worlds. Linus is one of them, look at the way he speaks, what the hell..anyone who would be in his positions wouldn't do that, not a single person.

It's all fine when Linux users flame Windows users but when it's the other way around it's fanboys? Get off your high horse and start thinking like a normal human being for Christ sake.

Why does the arrogance of developers decide whether you should use a tool they've developed? I bet Microsoft developers are just as arrogant, yet this happens all behind closed doors whereas open source is through public accessible mail lists etc. If people like Linus didn't exist then I bet computing would be locked down, very expensive, no where near as researched as it is now.

And to be honest, most of the Linux users who flame Windows have used both platforms to some depth whereas when its round the other way, I see a lot of Windows users either never tried Linux or installed it once then changed something to break it.

Because this is intra-developer discussion, of an open development process. Do you not think big closed-source companies don't have discussions like this behind their closed doors?! Do you not think Linus is passionate about the operating system he wrote? Honestly..

His discussion obviously was not behind closed doors. You wouldn't be hearing about it if you did. And no companies don't let their employees talk like that. It is very unprofessional.

Chicane-UK said,
Because this is intra-developer discussion, of an open development process. Do you not think big closed-source companies don't have discussions like this behind their closed doors?! Do you not think Linus is passionate about the operating system he wrote? Honestly..

Honestly... you are using wrote pretty loosely there. Anyone in a real business speaking that way to a colleague would be fired and probably sued.

Chicane-UK said,
Because this is intra-developer discussion, of an open development process. Do you not think big closed-source companies don't have discussions like this behind their closed doors?! Do you not think Linus is passionate about the operating system he wrote? Honestly..

I don't know about passionate, but he's definitely delusional and hypocritical. So much so that he opened to Android with open arms, and allowed the main Linux code path to merge with Android.

Chicane-UK said,
Do you not think Linus is passionate about the operating system he wrote?

Linus NEVER wrote a operating system. He wrote a kernel.

mnl1121 said,
His discussion obviously was not behind closed doors. You wouldn't be hearing about it if you did. And no companies don't let their employees talk like that. It is very unprofessional.

Agree 1000% thank you

Chicane-UK said,
Because this is intra-developer discussion, of an open development process. Do you not think big closed-source companies don't have discussions like this behind their closed doors?! Do you not think Linus is passionate about the operating system he wrote? Honestly..

I do not doubt a single moment Linux is not passionate about Linux, he absolutely is.
But I do think his automatic hatred towards anything MS is retarded and not good for his precious OS.

pes2013 said,

Linus NEVER wrote a operating system. He wrote a kernel.

And you can boot into the kernel and it will run. And thus is an OS on its own.

This is why his kernel will never amount to anything serious . Your days of desktop Linux are not coming and you will always be a nerds hobby

The Linux kernel is the most widely used kernel in the world today - way above Microsoft's NT kernel. How is it "not amounting to anything serious"?

Where do you get your "facts" from?

EDIT: Unless are you also taking into account non-desktop electronics? If yes, then I think you are right.

mnl1121 said,
Where do you get your "facts" from?

EDIT: Unless are you also taking into account non-desktop electronics? If yes, then I think you are right.

Consumer desktop PCs are but a small fraction of all computers.

Dr_Asik said,
Consumer desktop PCs are but a small fraction of all computers.

Yet the subject clearly is desktop computing, an area where the Windows NT kernel surpasses the Linux kernel about 90 to 1. Incidentially not all embedded systems run Linux, a ******** of these run a stripped down NT kernel or WinCE kernel.

sjaak327 said
Yet the subject clearly is desktop computing
Everyone knows Linux has about 1% market share on desktop, that's not the point of this article. The subject is whether some functionality targeting certain desktop PCs belongs in the Linux kernel or not. Linux' market share on PCs has nothing to do with it, and comments calling it insignificant or pointless clearly miss the point of Linus' comment and are just ill-informed flamebait.

Dr_Asik said,
Everyone knows Linux has about 1% market share on desktop, that's not the point of this article. The subject is whether some functionality targeting certain desktop PCs belongs in the Linux kernel or not. Linux' market share on PCs has nothing to do with it, and comments calling it insignificant or pointless clearly miss the point of Linus' comment and are just ill-informed flamebait.

Yet all kinds of drivers end up in the Linux kernel, case in point Microsoft's Hyper-V drivers that are included into the kernel starting with version 3.0. Of course market share is relevant and RH's request has a lot to do with this (albeit RH's main subject is the server market). You can discuss the need for inclusion into the kernel, but I absolutely detest the language usage and behavior of Linus, really unprofessional and a clear indication in my mind why Linux will never be a mainstream desktop operating system.

Dr_Asik said,
Consumer desktop PCs are but a small fraction of all computers.

And business computers allot more, and guess what most of them run? I'll even bet you there's more MS-DOS systems running in cooperate environments then Linux. (Just count ALL the ATM machines in Europe running either MS-Dos or Windows XP Embedded)
Only in super computing and webservers Linux is ahead, and its Webservers headstart of 90% more then a decade ago, dwingled down to 60%
Supercomputing is not a market MS seems interested in, but keep in mind that Azure runs on NT and is a super computer. So NT can easily do it.

Shadowzz said,
Only in super computing and webservers Linux is ahead, and its Webservers headstart of 90% more then a decade ago, dwingled down to 60%

And mobile phones, where Android accounts for 72% of shipping devices.

TurboShrimp said,
This is why his kernel will never amount to anything serious . Your days of desktop Linux are not coming and you will always be a nerds hobby

Why do you think his goal is to get Linux on the desktop?

The reason he STARTED this project was: For the lulz. He thought it was just fun.

I'm willing to believe that Linus think Linux has succeeded far beyond his expectations. It's far beyond a "nerd's hobby", being used on tens of thousands of servers worldwide, often production critical servers too.

Your comment is just ridiculous and I hope you know it, for your own sake.

sjaak327 said,

Yet the subject clearly is desktop computing


NO, and that's why Linus Torvalds strongly oppose this idea of Windows 8 keys in the kernel!!

I don't get what's so hard to understand in this article.

Northgrove said,

NO, and that's why Linus Torvalds strongly oppose this idea of Windows 8 keys in the kernel!!

I don't get what's so hard to understand in this article.

Yet as I stated already, there is tons of desktop specific stuff in the kernel. There is also tons of server specific stuff in the kernel.

Agreed, not a kernel patch. I believe they can improve the already existing solutions and make a really stable one. Yeah, I'd turn that **** off if I get a Win 8 PC, but for those who wants it on and also want dual booting, well, it should be something in user mode, a module, well, anything that really works

When I saw the posts on the kernel mailing list five days ago I knew this would be eventually twisted and posted here.

Linus is correct: this should be done in user land, not in the kernel.

Linus is the moron. While so many people tote SecureBoot as a way to prevent people from booting an alternate OS it is really a security feature. Yes it does have the side effect of preventing people from booting from an alternate OS while on (it can be easily turned off with a flip of an option in your BIOS).

One of the easiest ways to steal the password(s) to log into your machine is through alternate OS booting. Think of this scenario. Someone gets physical access to your machine and tries to boot into your comp. Someone without SecureBoot turned on (and yes you would need to password protect your BIOS settings too) will easily get the file that stores the hashes to their passwords stolen. Then the attacker can crack the passwords off-site on their own time.

Same scenario, but this time secureboot is on. On damn this guy can't boot into his alternate OS and grab your hashed passwords. Security threat averted.

Yes SecureBoot isn't exactly necessary for the average joe. Thats why you can EASILY turn off the feature. For those that can really benefit (read businesses, high-profile targets, and government machines) it is a welcome addition. People, especially Linus, need to stop whining about the feature.

I agree with you that it's a security feature, but honestly, the reason is more to prevent bootkits and the like; it's to prevent you from accidentally ending up with unsigned malicious code as part of the boot process.

I mean, if you're trying to prevent someone from loading an alternate OS, you would just need to lock the BIOS / firmware. In your example, someone can easily just load the firmware settings up, turn off SecureBoot, and load the OS of their choice. (Though whole-disk encryption would prevent someone from being able to get that file as well).

Then why is Linus a moron? Why would they modify the kernel if the feature can be easily turned off by the end users in the bios?

Although your points are valid I don't agree with you. IMO SecureBoot is an easy way for Microsoft in this case (we're on Neowin after all) to make it harder for avarage persons to install an alternative OS.

First, an avarage person don't know what SecureBoot is, so if they ever get lets say an Ubuntu disc in their hand, they won't have a clue why they can't install it.

Secondly it won't increase their security a bit, since they have never heard 'BIOS' before and they certainly don't know how to password protect it.

Thirdly, the attack vector is quite small. If someone has access to your hardware and really wants your data, they'll probably just take it all--or at least the drives.

SecureBoot can block malicious code trying to alter the boot process though, which is good, but not exactly common.

@LaP Password protect your BIOS settings and only you can turn of secureboot.

EDIT:
@fobban that is a very common argument against secureboot, but so many people fail to realize is that the average joe won't even consider installing linux on their machine. IF the average joe even knows about linux they would probably be smart enough to search online why they can't install it, or ask a tech savvy friend.

@Snake89 - Please google where your passwords are stored before making a comment. How do you think you login to your computer? Your password needs to be saved somewhere on your machine.

@jhoff80 - well in my example thats why you would also need to password protect your BIOS settings. It was only one example, you are right that it also prevents bootkits.

@russianmonk - yes that is true. To me though it is a none-issue since it can be so easily turned off. Microsoft doesn't force you to get some kind of code or make it hard to turn of it. Its a flip of a switch.

Edited by mnl1121, Feb 26 2013, 8:29pm :

Linus is a moron because he gave away Linux to the people to do whatever they want with it, and now he is criticizing those same people for doing just that! Lets be clear that he is not just expressing his opinion here, he is downright blasting them for it....
Torvalds needs to accept that the baby that has his name on it, is not his baby anymore. It has grown up got a life and left home.

fobban said,
Although your points are valid I don't agree with you. IMO SecureBoot is an easy way for Microsoft in this case (we're on Neowin after all) to make it harder for avarage persons to install an alternative OS.

First, an avarage person don't know what SecureBoot is, so if they ever get lets say an Ubuntu disc in their hand, they won't have a clue why they can't install it.

Secondly it won't increase their security a bit, since they have never heard 'BIOS' before and they certainly don't know how to password protect it.

Thirdly, the attack vector is quite small. If someone has access to your hardware and really wants your data, they'll probably just take it all--or at least the drives.

SecureBoot can block malicious code trying to alter the boot process though, which is good, but not exactly common.

Of course it is not designed to make it easier for Microsoft to block the average user from installing a different operating system. First there is absolutely no reason why Microsoft would have the need to do this. In the 20 years that the Linux kernel exists it has made next to zero gains when it comes to gaining market share at the expense of Windows, the only operating system that made a small gain is OSX, which due tot the EULA cannot legally be installed on non Apple hardware. Secondly, there is an explicit requirement for any OEM that wishes to receive the certified status to offer their customers a way to disable secure boot on their systems, a requirement that is pushed by Microsoft. Disabling secure boot certainly isn't any harder than installing an alternative operating system such as Linux, or reinstalling the operating system that came with the machine such as Windows 8.

Totally agree but I think it's more or less the average joe that will benefit from this and them not knowing how to turn it off is good. Make them password protect the UEFI settings and you've pretty much solved 99.9% of physical computing based attacks.

DukeWars said,
Linus is a moron because he gave away Linux to the people to do whatever they want with it, and now he is criticizing those same people for doing just that! Lets be clear that he is not just expressing his opinion here, he is downright blasting them for it....
Torvalds needs to accept that the baby that has his name on it, is not his baby anymore. It has grown up got a life and left home.

Exactly.

Not only that, in the ultimate act of hypocrisy, this "baby" of his has grown up, had kids of its own, and some of those kids are mutant, frankenstein babies all with the last name "Android". So did he blast them? Nope, he accepted them with open arms, to live with him. Meanwhile, some of the "pure" Linux babies he is blasting very hard. Complete hypocrite.

mnl1121 said,
How do you think you login to your computer? Your password needs to be saved somewhere on your machine.

Your password can be verified without your machine actually knowing what your password is.

mnl1121 said,
Linus is the moron. While so many people tote SecureBoot as a way to prevent people from booting an alternate OS it is really a security feature. Yes it does have the side effect of preventing people from booting from an alternate OS while on (it can be easily turned off with a flip of an option in your BIOS).

One of the easiest ways to steal the password(s) to log into your machine is through alternate OS booting. Think of this scenario. Someone gets physical access to your machine and tries to boot into your comp. Someone without SecureBoot turned on (and yes you would need to password protect your BIOS settings too) will easily get the file that stores the hashes to their passwords stolen. Then the attacker can crack the passwords off-site on their own time.

Same scenario, but this time secureboot is on. On damn this guy can't boot into his alternate OS and grab your hashed passwords. Security threat averted.

Yes SecureBoot isn't exactly necessary for the average joe. Thats why you can EASILY turn off the feature. For those that can really benefit (read businesses, high-profile targets, and government machines) it is a welcome addition. People, especially Linus, need to stop whining about the feature.

you'd just have to remove the HDD of the machine you're hacking then. No use whatsoever on a stolen laptop. If there's anything that important then you should encrypt the whole damn drive.

LaP said,
Then why is Linus a moron? Why would they modify the kernel if the feature can be easily turned off by the end users in the bios?

Because its the same hypocritical BS each and every time when something that originates from MS comes in contact with Linux. Its Microsoft, so its evil. If they can avoid supporting something that comes from Microsoft they will. This sad and in my opinion retarded behavior is why Windows is now a decade ahead of Linux. Linux just having surpassed the capabilities of XP but not even Vista yet.
People can argue this all they want, if I want a high end machine. Vista will pump out allot more performance on high end hardware then Ubuntu, Red hat or even Debian could.
It just saddens me to see, I'm a fan of Debian, love their approach to how an OS should be developed. But they are stuck on the Linux kernel which is slacking behind the NT kernel way to much.
By the time Linux finally has something to properly replace X11/Xwindow with, at least their Desktop experience would be allot better. (the latency on any desktop package except the most basic ones, is absolutely horrible). Windows 9 or even 10 will have been released. If not before the 1.0 stable half the development team got in a fight with the rest, forked and started another version of it. Delaying development even more (such a typical thing in the OSS world)

Am I wrong to assume that all distros maintain their own kernel and then they pull the changes they want to add to their variant from some central kernel repo? If that's correct than I don't see much of a problem - instead of having the keys/binaries maintained centrally, each distro needs to take care of these on their own. It increases slightly the maintenance effort but nothing tragic.

Linus is truly original, he's maintaing his work to the highest level of purity and the software remains as free software

It's truly one of the historical gems of the technologic era aside the Internet.

togermano said,
I'd love to be so famous that I could use lang like that and get away with it

You can always be an ******* no matter how famous you are. Give it a go.