Why - Secure Boot - is a problem even if the OEMs are in charge

Forum: LinuxTotal Replies: 14
Author Content
BernardSwiss

Jun 17, 2012
2:21 PM EDT
These links were part of another story posted here recently -- over six months old, now, but they seem rather pertinent, in light of the recent fuss over UEFI Secure Boot for Windows 8 -- and the facile claims that it's not really a problem, because the actual implementation of Secure Boot is entirely up to the OEMs {snort} rather than up to Microsoft.

I wish I had this link handy for earlier discussions.

Gigabyte's ASPM Motherboard Fix: Use Windows http://www.phoronix.com/scan.php?page=news_item&px=MTAwMjg

Motherboards With Broken ASPM On Linux http://www.phoronix.com/scan.php?page=news_item&px=OTk4NQ

jdixon

Jun 17, 2012
7:53 PM EDT
Strange, not a single Biostar motherboard listed. I know Biostar isn't normally a favorite of performance users, but...

I've had very few problems with them over the years, and I've had at least 3 Biostar motherboards. Maybe it wasn't just luck.
tuxchick

Jun 17, 2012
9:03 PM EDT
Teehee. Secure Boot, using Microsoft's signing key?

https://www.ssllabs.com/ssltest/analyze.html?d=www.update.microsoft.com

Overall rating F, zero

tuxchick

Jun 17, 2012
9:14 PM EDT
This is fun. Another notable flunker is ebay.com.
jdixon

Jun 18, 2012
9:53 AM EDT
> Another notable flunker is ebay.com.

My home site flunks because I use a self signed certificate. It also notes that apache mod-ssl is susceptible to "the Beast" attack, but that seems to be a man in the middle attack, which shouldn't be a concern.
CFWhitman

Jun 18, 2012
10:29 AM EDT
Interestingly enough, it's not really the ASPM itself that is broken on most of these boards. It's just the notification that's not being set. These boards don't advertise to the operating system that they support ASPM as the PCI-E specification calls for, so ASPM isn't activated unless you pass a kernel parameter to force it on. It seems to be a rather careless attitude by the manufacturers about complying with official PCI-E specifications.
JaseP

Jun 18, 2012
12:31 PM EDT
@CFWhitman:

It's not careless, it's planned. This is shades of the old Foxconn motherboard issue where they actually scanned for what OS was doing the inquiry, and directed Linux to a broken device table, when a working (and compatible) device table was reported to Win OSes. Foxconn tried to blame piss-poor programmers that were subcontractors (AMI BIOS developers), but that ignored the fact that it was easier to code all OSes to be directed to the WORKING device table, rather than specifically code Linux OSes to look at a corrupt one,... This was pointed out by a Linux enthusiast programmer who reverse engineered the BIOS. Foxconn quietly fixed the MBs wit a BIOS update, if I remember correctly. And Linux kernel devs fixed it my having Linux pass an ID as an M$ OS to the BIOS to get the correct data.
BernardSwiss

Jun 18, 2012
7:23 PM EDT
@JaseP

That's a fantastic "nutshell" summary of the Foxconn motherboard incident!

I figure to plagiarize that heavily.

-- Mind if I do?



Fettoosh

Jun 18, 2012
8:55 PM EDT
Quoting:And Linux kernel devs fixed it my having Linux pass an ID as an M$ OS to the BIOS to get the correct data.


Not too long ago, I purchased two little system made by Foxconn. They are working fine. Also a small company I developed a specialized application that runs on Linux just bought 10 units and planning to buy around 20 units a year are working pretty good.

JaseP

Jun 19, 2012
9:34 AM EDT
@Bernard Swiss,

Plagiarize to your heart's content... Attribution would be nice though...
JaseP

Jun 19, 2012
9:42 AM EDT
@Fettosh,

It wasn't all Foxconn motherboards. And after they were found out, they stopped doing it. It was one particularly popular model, that Dell even used as a pre-installed Linux offering. Interesting side note is that the motherboards supplied to Dell didn't suffer from the same BIOS problem. Dell was using their versions of the motherboard BEFORE the BIOS problems was discovered on the non-Dell boards... So, Foxconn definitely did it on purpose. Of course, Foxconn let the buck stop with themselves, and did not implicate their business partner from Redmond, WA in this incident (M$, at the time, was under their DoJ consent decree).
BernardSwiss

Jun 19, 2012
5:37 PM EDT
@JaseP

That bit (about the Dell mobos) I hadn't heard about before. Very interesting...
JaseP

Jun 19, 2012
5:50 PM EDT
Oh yeah,... M$ is very lucky that Foxconn didn't drop dime on them... It might have extended their DoJ consent decree another couple of years, and cost plenty in fines and atty fees.
BernardSwiss

Jun 19, 2012
6:52 PM EDT
@JaseP Any links?
JaseP

Jun 20, 2012
11:49 AM EDT
Been a long time since I read this stuff... Try Googling for the original guy who discovered the problem.

You cannot post until you login.