Rich Mingin (PLUG) on 9 Sep 2015 17:59:44 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Cheap x86 Windows tablet?


I'm well aware. I was referring to 'teaching' the MS firmware about your shiny new key being the hard part.

http://blog.davidelner.com/dual-booting-ubuntu-14-10-on-the-surface-pro-3/

See that screenshot halfway down the page?
http://cdn.delner.com/www/images/blog/surface-linux/05_secured_boot.jpg

It shows the firmware options (BIOS, in outdated terms). There are no other screens. That info is still up to date as of July 2015, when I owned a Surface 3 Pro briefly.

The sum total of all the Secure Boot options on the Surface 3 Pro are:

Secure Boot (Enable/Disable)
Delete all secure boot keys? (y/n)

That's it. Where do I tell it about my KEK or PK?


Sure, you can turn Secure Boot off and leave it off, but it seems a shame to disable a valid security tool, and you'll be treated to a very bright red startup screen on every boot, with a little nag message.

You can, sure, but why swim upstream? It's clear MS doesn't want anyone else swimming in their pool, and when they start actively pissing in it, why not go to someone else's pool? The Acers I listed are much, much more affordable, the "works under linux" feature set is nearly identical, where it doesn't flat out favor the Acers (they COME with keyboards that work, instead of MS charging an extra 150$ for theirs....).



On Wed, Sep 9, 2015 at 8:41 PM, brent saner <brent.saner@gmail.com> wrote:

https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#Secure_Boot

It's definitely possible to use your own keys on Linux.


On Wed, Sep 9, 2015, 20:34 Rich Mingin (PLUG) <plug@frags.us> wrote:
Oh, you can disable Secure Boot on S3Pro. It just makes the boot splash a white "Microsoft" on a screaming red background instead of a black one, and it prints an informative little scare lecture about how you're letting the evil hackers in. I don't know that you can self-register keys, but it's possible. I returned mine after a week or so, since it kept giving me a hard time no matter what OS I was running.

More important than the awkwardness and obstinacy of the firmware, IMO, is the dodgy and not-quite-standard hardware that will give you all sorts of fits.

For a discussion, we can go on, but for someone considering buying one of those things, I hope enough ill has been said already.

On Wed, Sep 9, 2015 at 8:09 PM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
On Wed, Sep 9, 2015 at 7:13 PM, Rich Mingin (PLUG) <plug@frags.us> wrote:
> Surface 3 Pro is a somewhat-standard-ish Core i5/i5/i7 PC, and while it's
> possible to put Linux on it (there's an arch-surface3 mailing list I
> follow), it's far from issue-free, there are long lists of gotchas and
> sorta-working items. It's also actively hostile to booting non-MS OSes, via
> the UEFI and the difficulties in disabling Secure Boot.
>


Interesting.  I believe MS's stated policy is to support disabling
secure boot or changing the key on x86, and to forbid this on ARM.
That largely agrees with your email, but this is the first that I've
heard that the Surface Pro has a bootloader which is hard to change
the key on.  Is that really the case, or is this just like any other
EFI motherboard out there now?

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug