Why - Secure Boot - is a problem even if the OEMs are in charge
|
Author | Content |
---|---|
BernardSwiss Jun 17, 2012 2:21 PM EDT |
These links were part of another story posted here recently -- over six months old, now, but they seem rather pertinent, in light of the recent fuss over UEFI Secure Boot for Windows 8 -- and the facile claims that it's not really a problem, because the actual implementation of Secure Boot is entirely up to the OEMs {snort} rather than up to Microsoft. I wish I had this link handy for earlier discussions. Gigabyte's ASPM Motherboard Fix: Use Windows http://www.phoronix.com/scan.php?page=news_item&px=MTAwMjg Motherboards With Broken ASPM On Linux http://www.phoronix.com/scan.php?page=news_item&px=OTk4NQ |
jdixon Jun 17, 2012 7:53 PM EDT |
Strange, not a single Biostar motherboard listed. I know Biostar isn't normally a favorite of performance users, but... I've had very few problems with them over the years, and I've had at least 3 Biostar motherboards. Maybe it wasn't just luck. |
tuxchick Jun 17, 2012 9:03 PM EDT |
Teehee. Secure Boot, using Microsoft's signing key? https://www.ssllabs.com/ssltest/analyze.html?d=www.update.mi... Overall rating F, zero |
tuxchick Jun 17, 2012 9:14 PM EDT |
This is fun. Another notable flunker is ebay.com. |
jdixon Jun 18, 2012 9:53 AM EDT |
> Another notable flunker is ebay.com. My home site flunks because I use a self signed certificate. It also notes that apache mod-ssl is susceptible to "the Beast" attack, but that seems to be a man in the middle attack, which shouldn't be a concern. |
CFWhitman Jun 18, 2012 10:29 AM EDT |
Interestingly enough, it's not really the ASPM itself that is broken on most of these boards. It's just the notification that's not being set. These boards don't advertise to the operating system that they support ASPM as the PCI-E specification calls for, so ASPM isn't activated unless you pass a kernel parameter to force it on. It seems to be a rather careless attitude by the manufacturers about complying with official PCI-E specifications. |
JaseP Jun 18, 2012 12:31 PM EDT |
@CFWhitman: It's not careless, it's planned. This is shades of the old Foxconn motherboard issue where they actually scanned for what OS was doing the inquiry, and directed Linux to a broken device table, when a working (and compatible) device table was reported to Win OSes. Foxconn tried to blame piss-poor programmers that were subcontractors (AMI BIOS developers), but that ignored the fact that it was easier to code all OSes to be directed to the WORKING device table, rather than specifically code Linux OSes to look at a corrupt one,... This was pointed out by a Linux enthusiast programmer who reverse engineered the BIOS. Foxconn quietly fixed the MBs wit a BIOS update, if I remember correctly. And Linux kernel devs fixed it my having Linux pass an ID as an M$ OS to the BIOS to get the correct data. |
BernardSwiss Jun 18, 2012 7:23 PM EDT |
@JaseP That's a fantastic "nutshell" summary of the Foxconn motherboard incident! I figure to plagiarize that heavily. -- Mind if I do? |
Fettoosh Jun 18, 2012 8:55 PM EDT |
Quoting:And Linux kernel devs fixed it my having Linux pass an ID as an M$ OS to the BIOS to get the correct data. Not too long ago, I purchased two little system made by Foxconn. They are working fine. Also a small company I developed a specialized application that runs on Linux just bought 10 units and planning to buy around 20 units a year are working pretty good. |
JaseP Jun 19, 2012 9:34 AM EDT |
@Bernard Swiss, Plagiarize to your heart's content... Attribution would be nice though... |
JaseP Jun 19, 2012 9:42 AM EDT |
@Fettosh, It wasn't all Foxconn motherboards. And after they were found out, they stopped doing it. It was one particularly popular model, that Dell even used as a pre-installed Linux offering. Interesting side note is that the motherboards supplied to Dell didn't suffer from the same BIOS problem. Dell was using their versions of the motherboard BEFORE the BIOS problems was discovered on the non-Dell boards... So, Foxconn definitely did it on purpose. Of course, Foxconn let the buck stop with themselves, and did not implicate their business partner from Redmond, WA in this incident (M$, at the time, was under their DoJ consent decree). |
BernardSwiss Jun 19, 2012 5:37 PM EDT |
@JaseP That bit (about the Dell mobos) I hadn't heard about before. Very interesting... |
JaseP Jun 19, 2012 5:50 PM EDT |
Oh yeah,... M$ is very lucky that Foxconn didn't drop dime on them... It might have extended their DoJ consent decree another couple of years, and cost plenty in fines and atty fees. |
BernardSwiss Jun 19, 2012 6:52 PM EDT |
@JaseP Any links? |
JaseP Jun 20, 2012 11:49 AM EDT |
Been a long time since I read this stuff... Try Googling for the original guy who discovered the problem. |
You cannot post until you login.