Computer technology as advanced as far as it can go with the current chip technology. The amazing thing is that although the chips has reached maximum speed and capabilities, all that can be done now is make them smaller for cellphones, tablets and other uses. However, in a few short years a new breed of computers will start to appear - quantum computers that uses laser technology and a cube styled chip that is way more powerful than even IBM's Watson.
The laptops currently available marks the end of the era when end users were allowed to modify the machine in any way they liked. All computers sold since Windows 8 comes with Secure Boot installed (all laptops have Secure Boot enabled). Because of this, any changes to the physical hardware will result in the computer becoming locked up by Secure Boot. Once this happens, it becomes bricked.
The way Secure Boot works is very simple - everything except the laptop battery has a unique certificate that is stored in the modern version of the BIOS, called UEFI. Whenever any certificate does not match the UEFI list, booting up of the computer is halted. Even if the part with the unlisted certificate is removed the computer will continued to be bricked. Because of this, laptops are now designed to prevent changing the RAM, hard drive, sound card, network cards or video cards.
During the summer I learned that Secure Boot may be placed in setup mode where the computer operator may delete any certificate or add their own certificates. The trick is knowing which "F#" key to press repeatedly during the boot-up process.
Subscribe to:
Post Comments (Atom)
.jpg)
Posts
More a question. How does Open Source deal with non windows laptops? Is Windows Secure Boot technology and Open Source going to be the same? Or will Open Source develop their own Secure Boot that pretty much reacts the same way to certificates, or lack thereof, and also turns your laptop into a brick?
ReplyDeleteHi Jilian, the question should be "How will the Linux community handle UEFI Secure Boot?" To answer the question you need to know that (U)EFI is a replacement for Basic Input Output inStructions (BIOS) and was created by Intel as closed source. Without it the computer will not start.
DeleteSecure Boot is a protocol created by Intel and Microsoft to prevent the spread of root kits (very harmful viruses). Secure Boot was developed around 2010 but started showing up in computers sold with Windows 8. Windows 8.x computers came with a feature that allowed the owner to turn off UEFI Secure Boot. UEFI is a replacement for BIOS thus cannot be turned off. Turning off Secure Boot will result in loss of access to the hard drive but will allow the computer to be booted to a cd/dvd or USB drives.
The only way to install Linux on a computer with Secure Boot enabled is to install a distribution like Ubuntu or Fedora as these two distros bought their certificate from Microosoft. Otherwise the computer will become a very expensive paperweight.
The Linux foundation bought their own certificate for the whole community but discovered it will not work for any distribution as the certificate was issued specifically for Linux.org and cannot be used to certify say PCLinux.com as a source.
Because only Microsoft can sell certificates that will allow software, including operating systems, that will be installed on computers with UEFI Secure Boot turned on, it becomes very difficult to install Linux (other than Ubuntu and Fedora) on any new computer. The process requires UEFI be set to install mode so any or all certificates may be deleted and new certificates be installed in the UEFI certificates databases. User installed certificates may be used even if they were not bought from Microsoft. The difficulty is booting up the computer into UEFI setup mode to do this. From what I have read, Windows 10 computers does not even allow Secure Boot to be turned off and most computer manufacturers do not have nor publish the keystroke combination that will send the computer into UEFI setup. Without the ability to place the computer into UEFI it is impossible to install any operating system without a certificate from Microsoft.
I hope this answer your question.