The officially official Devuan Forum!

You are not logged in.

#1 2021-07-06 07:15:30

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Windows 11 will _enforce_ Secure Boot

Apologies for the Twitter link but:

https://twitter.com/tomwarren/status/14 … 8216078337

Tom Warren wrote:

if Microsoft's Windows 11 upgrade checker is telling you that your PC isn't supported, check your BIOS. You'll need a TPM 2.0 chip and to have Secure Boot enabled in the BIOS

This could extend to Windows 11 machines refusing to boot at all without Secure Boot — Microsoft have already stopped requiring that disabling Secure Boot be a feature on new hardware.

Debian will be fine because they already sign the bootloader & kernel and Devuan will inherit this ability but the smaller distributions (or even some bigger ones like Arch & Alpine Linux) will struggle with this.

Last edited by Head_on_a_Stick (2021-07-06 07:16:44)


Brianna Ghey — Rest In Power

Offline

#2 2021-07-06 11:19:18

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Windows 11 will _enforce_ Secure Boot

I really hope my next computer will not be something microsoft has had a hand in making and or had influence on.

I did watch a video i cant find right now of a person saying that win11 will only be for the very latest machines on the market, ie; those with tpm2 and the latest version of secure boot plus some other mentions about ram a cpu requirements, but not sure how true that is due to the many video's popping up saying they can get around this with software tweaks.

Last edited by dice (2021-07-06 11:29:59)

Offline

#3 2021-07-06 11:48:34

sgage
Member
Registered: 2016-12-01
Posts: 339  

Re: Windows 11 will _enforce_ Secure Boot

I don't know that 'only the very latest machines on the market' have TPM 2.0. My computer has a Core i5 7400, TPM 2.0, and Secure Boot, and it is late-2017. Supposedly, my CPU doesn't qualify for Win11. Woe is me! Like I care :-)

Offline

#4 2021-07-06 15:12:40

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Re: Windows 11 will _enforce_ Secure Boot

Hello:

dice wrote:

... hope my next computer will not be something microsoft has had a hand in making ...

Hmm ....
Very optimistic of you.

eg: ever seen a pig whistle, a cow fly or a talking dog?
No, Snoopy does not count, it's just baloon talk.

dice wrote:

... saying that win11 will only be for the very latest machines ...

I have no intention of using W11 or any other MS Wxx incarnation.
My only worry is that Linux suddenly finds itself not being able to boot in whatever crap they come up with.

Fortunately I'm quite happy with my present rig, a ca. 2007 Sun Microsystems Ultra 24 running on an Intel Core2 Q9550.

A.

Last edited by Altoid (2021-07-06 15:15:46)

Offline

#5 2021-07-06 20:20:21

starbreaker
Member
From: United States
Registered: 2021-06-03
Posts: 23  
Website

Re: Windows 11 will _enforce_ Secure Boot

I'm fine as long as I can find refurbished machines.


"Out of order? [BLEEP!] Even in the future nothing works."
desktop: refurbished ThinkCentre M92p (i7, 32GB RAM, 1TB SSD, 2TB HDD)
laptop: refurbished Thinkpad T60 (Core 2 Duo, 3GB RAM, 1TB SSD)
gemini capsule: starbreaker.org

Offline

#6 2021-07-06 21:02:22

golinux
Administrator
Registered: 2016-11-25
Posts: 3,137  

Re: Windows 11 will _enforce_ Secure Boot

@starbreaker . . . That would depend on your lifespan . . .

Online

#7 2021-07-06 22:54:41

zapper
Member
Registered: 2017-05-29
Posts: 835  

Re: Windows 11 will _enforce_ Secure Boot

starbreaker wrote:

I'm fine as long as I can find refurbished machines.

Agreed, but even better than that, would be coreboot + me cleaner... smile

I got some computers with such stuff on it.  I will take ivy bridge issues or over the current and I use this sarcastically, "latest and the greatest"

Because these two things do not agree for me combined.  Aka, Latest = worst... at this time anyways...

As long as Risc-V isn't where it needs to be,  I will stick with what I have for most things.

Starfive gives me some hope though. It looks like it may be closer to sandy bridge, but oh well...

It is still open source though completely...

When the time is right, I will still probably use it. wink

Pocket Mnt Reform is coming! Potentially, in two years I bet! smile


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#8 2021-07-07 06:45:06

denk_mal
Member
Registered: 2017-12-01
Posts: 9  

Re: Windows 11 will _enforce_ Secure Boot

Maybe there is anopther solution. Using ARM CPU's instead of amd64 like apple do could be the right step.
No TPM, no Intel ME, no meltdown and spectre and faster with less power consumption.

I would not be surprised if Distributors like System76, Tuxedo and others would bring out such devices if Win10++ came to the market.


Linux - be root
Windows systemd - reboot

Offline

#9 2021-07-07 11:22:30

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Re: Windows 11 will _enforce_ Secure Boot

Hello:

denk_mal wrote:

Using ARM CPU's instead of amd64 ...

Good luck finding getting any one of the existing/surviving motherboard OEMs to put out a properly oufitted motherboard with provision for an ARM CPU instead of an amd64 one.

Never heard  of the WinTel racket?

denk_mal wrote:

I would not be surprised ...

I would be (very) and much more so if it did not cost 3x or 4x the amd64 equivalent.

A.

Offline

#10 2021-07-09 15:44:29

Ogis1975
Member
Registered: 2017-04-21
Posts: 307  
Website

Re: Windows 11 will _enforce_ Secure Boot

I've always used and will use older computers with older hardware. Let the devils take those who call themselves progressives.


What economists call over-production is but a production that is above the purchasing power of the worker, who is reduced to poverty by capital and state.
            ----+- Peter Kropotkin -+----

Offline

#11 2021-07-09 16:19:48

golinux
Administrator
Registered: 2016-11-25
Posts: 3,137  

Re: Windows 11 will _enforce_ Secure Boot

There will come a time when these abominations will be the only older hardware available.  Many of us will not live long enough to see that shift but it will eventually happen . . .

Online

#12 2021-07-09 17:19:08

blackhole
Member
Registered: 2020-03-16
Posts: 90  

Re: Windows 11 will _enforce_ Secure Boot

Secureboot is not a security feature.

I've warned about Secureboot and UEFI for years. That it was essentially a ploy by Microsoft to have greater control over the OS that's installed on the x86 platform which it effectively controls.

MS left it up to OEMs to decide on whether they allow secureboot to be disabled. But MS also has an undisclosed deal with the OEMs. Part of that deal is exclusivity for MS Windows.

Offline

#13 2021-07-09 17:52:58

Dutch_Master
Member
Registered: 2018-05-31
Posts: 275  

Re: Windows 11 will _enforce_ Secure Boot

Expect 'hacked' BIOSes where SB has been removed. Not easy, but it can be done.

Offline

#14 2021-07-09 19:34:24

starbreaker
Member
From: United States
Registered: 2021-06-03
Posts: 23  
Website

Re: Windows 11 will _enforce_ Secure Boot

denk_mal wrote:

Maybe there is anopther solution. Using ARM CPU's instead of amd64 like apple do could be the right step.
No TPM, no Intel ME, no meltdown and spectre and faster with less power consumption.

I would not be surprised if Distributors like System76, Tuxedo and others would bring out such devices if Win10++ came to the market.

Well, if I haven't already had my midlife crisis I could buy a Talos II rig instead of a Harley.


"Out of order? [BLEEP!] Even in the future nothing works."
desktop: refurbished ThinkCentre M92p (i7, 32GB RAM, 1TB SSD, 2TB HDD)
laptop: refurbished Thinkpad T60 (Core 2 Duo, 3GB RAM, 1TB SSD)
gemini capsule: starbreaker.org

Offline

#15 2021-07-09 19:58:06

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Re: Windows 11 will _enforce_ Secure Boot

Hello:

blackhole wrote:

Secureboot is not a security feature.
... a ploy by Microsoft to have greater control ...
... an undisclosed deal with the OEMs.
... exclusivity for MS Windows.

A decades long arrangement, if you want to call it that.
More like extorsion:

Want be able to sell your OEM products?
Then they'll have to be Windowsabled (ie: approved/tested/whatever) by MS.
BIOS and drivers according to our specifications and don't give us any of that Linux cancer/OSS crap.
Right?

And it's only undisclosed in that the public in general doesn't know the exact details, but it has always been blindingly obvious.

O.

Offline

#16 2021-07-10 15:20:18

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Windows 11 will _enforce_ Secure Boot

starbreaker wrote:
denk_mal wrote:

Maybe there is anopther solution. Using ARM CPU's instead of amd64 like apple do could be the right step.
No TPM, no Intel ME, no meltdown and spectre and faster with less power consumption.

I would not be surprised if Distributors like System76, Tuxedo and others would bring out such devices if Win10++ came to the market.

Well, if I haven't already had my midlife crisis I could buy a Talos II rig instead of a Harley.

If i could mix and match the specs of the talos II with a compulab airtop 3 setup id be a happy boomer.

https://fit-iot.com/web/products/airtop3/

Offline

#17 2021-07-10 17:29:42

Camtaf
Member
Registered: 2019-11-19
Posts: 408  

Re: Windows 11 will _enforce_ Secure Boot

For a regular desktop user, i.e. internet, photos, music, movies, wordprocessor, spreadsheet user, a Raspberry Pi 4B is the answer, & we have Devuan to put onto it - a win/win situation! smile

N.B. The RPi4B with 2GB ram is only about £35/$35 & is silent in operation - 4GB is about £55/$55 - 8GB about £75/$75.

Offline

#18 2021-07-10 18:16:41

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Windows 11 will _enforce_ Secure Boot

Camtaf wrote:

For a regular desktop user, i.e. internet, photos, music, movies, wordprocessor, spreadsheet user, a Raspberry Pi 4B is the answer, & we have Devuan to put onto it - a win/win situation! smile

I don't think the Raspberry Pi should be used by anybody who values hardware freedom — not only does it depend on a blob for booting but they also switched to a proprietary Broadcom video card just as Panfrost was being finalised. Bastards. The entire platform is locked down by design.

And in respect of Talos the new POWER10 chips look to be fundamentally incompatible with their open hardware philosophy:

https://www.talospace.com/2020/08/power … t-but.html


Brianna Ghey — Rest In Power

Offline

#19 2021-07-11 09:19:33

Camtaf
Member
Registered: 2019-11-19
Posts: 408  

Re: Windows 11 will _enforce_ Secure Boot

Not sure what to make of your comments, I have Devuan on all my RPi, 3A+ / 3B+ / 4B / 400, works well as a basic desktop computer for me.

Offline

#20 2021-07-11 10:04:08

Dutch_Master
Member
Registered: 2018-05-31
Posts: 275  

Re: Windows 11 will _enforce_ Secure Boot

@Camtaf: Some people take issue with "binary blobs" in Linux. They feel "Open Source" isn't "open" if there's a binary blob (proprietary code) on their system. That's fine, it's their prerogative. Others have a more pragmatic stance, accepting that these blobs are necessary if certain vendors (mainly nVidia, but also the RPi/Broadcom chips) have their products work on Linux.

Offline

#21 2021-07-11 11:27:47

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Re: Windows 11 will _enforce_ Secure Boot

Hello:

Dutch_Master wrote:

... take issue with "binary blobs" in Linux.

For what it may be worth, I sit sort of in the middle with respect to how pragmatic I'll willing to be.
Call it pragmatic but only up to a point.

ie:
I can, if the advantages are relevant, accept to have proprietary code within my installation if I can trust the origin and some of my hardware (WiFi, video card) needs it to work.
But I would not be willing to accept proprietary code if it is required for the OS itself to work.

A.

Offline

#22 2021-07-12 03:39:49

zapper
Member
Registered: 2017-05-29
Posts: 835  

Re: Windows 11 will _enforce_ Secure Boot

golinux wrote:

There will come a time when these abominations will be the only older hardware available.  Many of us will not live long enough to see that shift but it will eventually happen . . .

That is not a good sign to hear...

I really, really hope that this doesn't happen till the next millenium or never.

Such things are pure evil.

Unless Risc-V takes shape in the future... well you know.

That all being said, I recently learned that gen 5 processors and onward require blobs even for their sound! that's just plain bullshit.

It's bad enough that gen 5 processors have boot guard and blob for the graphics, but sound too now? lame...

sad


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#23 2021-07-12 03:44:24

zapper
Member
Registered: 2017-05-29
Posts: 835  

Re: Windows 11 will _enforce_ Secure Boot

Dutch_Master wrote:

@Camtaf: Some people take issue with "binary blobs" in Linux. They feel "Open Source" isn't "open" if there's a binary blob (proprietary code) on their system. That's fine, it's their prerogative. Others have a more pragmatic stance, accepting that these blobs are necessary if certain vendors (mainly nVidia, but also the RPi/Broadcom chips) have their products work on Linux.

Blobs, are completely stupid to even require. Usually its just an excuse to force backdoors down people throats.

Smh...

btw, Nvidia and Broadcom can suck it if that's there way of doing things.

I will never, ever use their products  unless I have no choice, and more importantly, I will never buy or ask for their products most likely either.

That being said, blobs are not an issue to me, if it can be confirmed they do nothing shady. But that is very unlikely usually...

Mnt Reform being one example of this. Libreboot/Coreboot + Me cleaner being similar albeit not nearly as good.


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#24 2021-07-12 09:21:36

Camtaf
Member
Registered: 2019-11-19
Posts: 408  

Re: Windows 11 will _enforce_ Secure Boot

But.......don't all processor chips have proprietary code in them......I really can't see much difference - but blobs can be updated by a user, or maybe even replaced by different code.

Offline

#25 2021-07-12 17:07:17

blackhole
Member
Registered: 2020-03-16
Posts: 90  

Re: Windows 11 will _enforce_ Secure Boot

BLOBs are not the same as device firmware. The latter is part of most devices, either residing the device's NVRAM or as a firmware image which is loaded via the device driver/firmware loader.

Far from being unnecessary, they are actually the device's own OS.  In that they are code which runs on the device itself and not any kind of x86 OS binary.

Some firmware is "open source", some is proprietary.  Despite contributing driver code the Linux graphics stack, Intel and AMD graphics tech is every bit as proprietary as Nvidia - with closed source firmware and hardware. They won't release  code which could threaten their commercial interests.

Camtaf, you're correct in that modern CPU's actually use a firmware layer called microcode, which runs on the "hardwired" CPU. Microcode makes it possible, well most of time, for the vendor to "patch" the CPU. There are also "out of band" processors running on modern CPU's, running a small OS - e.g.  the Intel Management Engine.

The IME has been deliberately designed to prevent the end user disabling it.  Along with UEFI and Secureboot, all of this tech equates to less freedom, privacy and security for end users.

As headstick has said, raspberry pi and its Broadcom chips, is no escape - neither is in fact ARM, if/when Nvidia buy them out.

The raspberry pi people already made their intentions plain in the PR disaster regarding the vscode Microsoft repository. But if you're already in bed with Broadcom, signed NDAs and developing devices loaded with proprietary firmware, courting Microsoft is not such a big deal.

Last edited by blackhole (2021-07-12 17:20:12)

Offline

Board footer