all Windows 8 OEM need UEFI ?

Discussion in 'Windows 8' started by B8, Oct 14, 2011.

Thread Status:
Not open for further replies.
  1. B8

    B8 MDL Member

    Sep 13, 2011
    136
    92
    10
    #1 B8, Oct 14, 2011
    Last edited: Nov 19, 2011
    all Windows 8 OEM need UEFI ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. alextheg

    alextheg Super Moderator
    Staff Member

    Jan 7, 2009
    1,776
    806
    60
    I shall let Yen do the translation of this, Google translate is ok but not as good as a native speaker :D . However the one thing i did pick from the converstation was that windows will refuse to boot if the bootloader is compromised in any way. Im pretty sure we were all aware of that anyway. The whole process is going to be down to digital signature's and that's no easy process to get around.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Gyrxiur

    Gyrxiur MDL Junior Member

    Feb 7, 2008
    74
    4
    0
    So we will emulate uefi instead of bios slic ;c)
     
  4. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,433
    66,405
    300
    #4 Daz, Oct 15, 2011
    Last edited: Oct 15, 2011
    If this is true then someone in the linux community will come up with an exploit.

    If OEM activation is locked down to UEFI only then older systems using the legacy BIOS won't be able to activate via the OEM channel. It's not something that can be emulated either.

    The news posted could be wrong of course because Falck seems to be quoting what he's read online and Kurim just takes a guess ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,541
    60
    It seems that web site is offline now, but the quoted posts aren't anything new. Windows 8 certified OEM systems will require UEFI and the possibility of secure boot, MS said that at BUILD. Unsigned boot loaders are only prevented if secure boot is enabled, but that's up to the OEM.
     
  6. venu

    venu MDL Addicted

    Oct 16, 2009
    894
    99
    30
    No point for MS in going to all this trouble if oem win8 will be permitted to boot without secure boot enabled. So what the OEMs do (provide/not provide switch) may be irrelevant.
     
  7. Jachra

    Jachra MDL Member

    Apr 5, 2010
    178
    53
    10
  8. alextheg

    alextheg Super Moderator
    Staff Member

    Jan 7, 2009
    1,776
    806
    60
    It sounds like you are up for the challenge Nononsence. I guess anything that can be done , can be undone or emulated ! We will see soon enough I guess .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. .NetRolller 3D

    .NetRolller 3D MDL Novice

    Jul 16, 2009
    32
    2
    0
    Let's not forget DUET, the EDK2 EFI-on-BIOS emulator...
     
  10. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,433
    66,405
    300
    #12 Daz, Oct 18, 2011
    Last edited: Oct 20, 2011
    * Removed *
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. alextheg

    alextheg Super Moderator
    Staff Member

    Jan 7, 2009
    1,776
    806
    60
    Have MS really managed to lock it down that tight ? Surely KMS will be due for a shake up too ?

    one has to wonder if MS have really achieved a secure OS, if so then in all honesty they should be congratulated. However, I find it difficult to believe that there isn't a flaw somewhere ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. Shenj

    Shenj MDL Expert

    Aug 12, 2010
    1,557
    652
    60
    As Microsoft already said Secure Boot is a must have with UEFI for OEM's, but the Ability to Disable Secure Boot is not, but it's kind of hard to expect OEM's to add a option to disable it (on Desktops) they might be more open on Laptops as you can not custom build a laptop yourself unlike a Desktop, adding a option might mean for lot of "noobs" that the first thing they do is Disable Secure Boot even though they are not installing Linux or anything else..

    Sure it's a loss for the consumer when he wants to install a 3rd party bootloader that isn't signed, but in the end GRUB etc can be Signed no? or does this GPL License not allow software to be digitally signed? ~.~
    At least i don't see any real reason for something like Ubuntu to stop working on such PC's where you can not disable Secure Boot, behind Ubuntu is a million dollar company (a rich dude), they easily can afford a digital signature... and heck if GRUB blocks them from doing so they just write their own or use another.

    Secure Boot is a UEFI 2.3.1 Standard (too recent), It's not on any Mainboard yet, but when it is then this Secure Boot feature can be used by any OS, Windows will just make use of it.

    I'm not exactly sure what's discussed here... cause well you know.. if you buy a PC from a OEM then... there is no reason to even try a Loader or whatever as it's a legit OEM PC.. so what is this talk about?
    And on any "DIY" Mobo this feature will be available as well but i doubt it will ever by Activated by default unlike OEM machines which will have this Activated by Default.

    For now let's just take it as it comes, cause it still doesn't matter at all, if you can somehow get a slic emulated on UEFI then it can be done in W8 as well if it's still the same Method we have now, just new Algo = new keys/certs
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,093
    10,746
    340
    I can tell you exactly what's this talk about:

    If OEM_SLP needs a signed boot environment then it means when buying a preinstalled OEM PC you have a either or situation. You cannot dualboot a w8 OEM_SLP license with a unsigned bootloader. To activate w8 via SLP channel you need to mimic the specifications of OA3.0, of course not install a loader on a legit machine.

    The problem with grub2 :If grub should become digitally signed the signature key must become public, it's a GPLv3-License

    We don't know the specifications of OA3.0 and if secure boot is included. Also remember one thing, Intel EFI has already a signed area. Until now nobody was able to modify (SLIC) such a EFI. (Except with the leaked official tool).

    The question will be, is it possible to mimic the situation for OA3.0?
    One thing is clear to me already, OA3.0 will be implemented into UEFI only. Also OA will use specifications of the EFI. OA2.x uses ACPI specifications. OA3.0 could check for GPT. To update the UEFI to 2.3.1 is just a BIOS update away.

    I have to agree with Daz. The OEM channel can become difficult...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. .NetRolller 3D

    .NetRolller 3D MDL Novice

    Jul 16, 2009
    32
    2
    0
    Daz: That is assuming that a TPM will also be a requirement. From what I've heard, it isn't - and a software-based implementation without TPM should be emulatable.

    And if a TPM will be required - I bet you can foresee the reaction of consumer groups. See what happened to Vista and Palladium.
     
  15. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,093
    10,746
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,800
    90
    If MS is going to force OEMs to enable it by default then the linux community will be angry. But it's sure that they are going to enable it. So maybe they'll add an option to go from windows bootloader (signed) to grub (unsigned) and than to linux. I simple "I trust this bootloader" button could do the trick. When the users trusts the bootloader to activate the system windows can't really say much about the mallware part. Then it's just a matter of encryption and hiding stuff like windows loader does now.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. Jachra

    Jachra MDL Member

    Apr 5, 2010
    178
    53
    10
  18. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,093
    10,746
    340
    I have read something about a similar possibility: A password to confirm to load an unsigned boot loader if detected.
    W8 has detected an unsigned bootloader, make sure you can trust the publisher: W8 loader by Daz. Then enter password to confirm. :D

    The only right 'solution' is to ditch w8
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...