Nah ini dia silakan dibaca. Bagi yg sudah baca, bisa kasih opininya. Yang belum, langsung dibaca aja. Ini berita yang mempersulit kita sbg pengguna linux.
Windows 8 dan Linux Tidak Sejalan?
Mekanisme secure boot di Windows 8 sebenarnya bertujuan bagus: memberi pengamanan lebih pada komputer. Namun di sisi lain, mekanisme ini menyulitkan instalasi Linux. Kok bisa?
Keterbatasan ini terkait penerapan UEFI sebagai bagian dari sistem keamanan Windows 8. Sebagai informasi, UEFI (Unified Extensible Firmware Interface) adalah sistem yang menghubungkan sistem operasi dengan firmware hardwareï¿½mirip fungsi BIOS di komputer masa kini.
Namun dibanding BIOS, UEFI lebih cerdas dan lebih fleksibel penggunaannya. Contohnya, UEFI bisa mengontrol hardware lebih cepat, yang berujung pada kecepatan booting yang lebih gegas. ï¿½Kepintaranï¿½ UEFI juga membuatnya bisa berfungsi seperti sistem operasi mini atau fungsi khusus lainnya.
Pada kasus Windows 8, Microsoft mendesain UEFI agar bisa berfungsi sebagai pengaman proses booting (secure boot). Mekanismenya, komputer berbasis UEFI akan dilengkapi sederet daftar sertifikat digital yang boleh berjalan saat booting. Nantinya UEFI akan mengecek orisinalitas sistem operasi, firmware, dan software lain yang berjalan selama proses booting sebelum membolehkan komputer berfungsi.
Ketentuan ini sebenarnya memiliki tujuan bagus, yaitu menyaring kebersihan sistem. Saat ini banyak malware yang langsung aktif saat proses booting sehingga sulit dibersihkan. Di sistem Windows 8 nanti, proses booting akan langsung dialihkan jika UEFI mendeteksi adanya malware yang ndompleng proses booting. Pokoknya jika ada aplikasi mencurigakan, proses langsung dialihkan ke system recovery yang ada di UEFI. Dengan begitu, pengguna bisa kembali ke kondisi sebelumnya, ketika sistem belum terkontaminasi malware.
Namun proses pengamanan tersebut menimbulkan efek samping yang tidak mengenakkan, yaitu menyulitkan instalasi Linux. Seperti kami sebut di atas, UEFI hanya akan menjalankan sistem operasi yang sertifikat digitalnya sudah terdaftar sebelumnya. Ketika Linux (atau sistem operasi lain yang tidak terdaftar di UEFI) ingin mengaktifkan hardware, sistem di dalam UEFI secara otomatis akan menolak.
Apakah Linux tidak bisa memiliki sertifikat digital? Bisa saja, namun prosesnya agak ribet. Karena Linux sifatnya terbuka, lembaga sertifikat akan sulit menerbitkan sertifikat digital yang menjamin keautentikan sebuah distro. Satu cara yang ditempuh adalah komunitas Linux menerbitkan sertifikat digital sendiri untuk distro yang mereka terbitkan, namun tetap saja mereka harus mengedarkan sertifikat digital ke seluruh produsen notebook.
Alternatif yang paling mungkin adalah adanya pilihan untuk menonaktifkan fungsi secure boot ini. Namun cara ini pun sangat bergantung pada produsen hardware, apakah mereka bersedia menyediakan opsi ini di produk mereka. Sayangnya berdasarkan pengalaman, produsen hardware cenderung main gampang dengan menyediakan BIOS dengan setting standar. Alhasil, kecil kemungkinan mereka mau repot-repot menyediakan opsi penonaktifkan secure boot di produk mereka.
Namun perlu dicatat, mekanisme secure boot berbasis UEFI ini hanya diwajibkan untuk produk yang ingin mencantumkan logo ï¿½Designed for Windows 8ï¿½. Jika produsen komputer menjualnya ï¿½kosonganï¿½ alias tanpa sistem operasi, mekanisme itu tidak ada. Nah, beruntunglah Indonesia yang pasarnya dipenuhi produk ï¿½kosonganï¿½ tersebut.
Nah bagimana pendapat anda2 semua menyikapinya?
Matthew Garrett, power management and mobile Linux developer at Red Hat, who was among the first to flag up concerns over the technology, said that Microsoft's response fails to address his central point that "Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems".
Red Hat, he explains, has been working with Linux suppliers, hardware manufacturers and BIOS developers since becoming aware of the issue in early August.
Garrett said that Windows 8 certification requires that hardware ship with UEFI secure boot enabled. A feature allowing secure boot to be disabled ï¿½ necessary to run Linux and FreeBSD on certified systems ï¿½ is not required for certification. "We've already been informed by hardware vendors that some hardware will not have this option," Garrett writes in a flow-up blog post to his original critique of the technology.
In addition, Windows 8 certification does not require that the system ship with any keys other than Microsoft's. Such systems will only securely boot Microsoft operating systems.
A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's," Garrett writes. "No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer."
Neither of the two options ï¿½ the first being to get OEMs to include keys for a digitally signed copy of a particular build of Linux and the second being allowing users to disable secure boot ï¿½ look likely in most circumstances. The upshot of this, as things stand, is that Linux fans will only be able to run the alternative operating system on a small minority of Windows 8-certified hardware.
But the issue goes beyond operating system choices and also affects other modification a user might choose to make to their PC, Garrett argues. He reckons Microsoft is pushing control of what can or can't be done on a PC away from consumers towards hardware manufacturers.
"Microsoft claims that the customer is in control of their PC," he writes. "That's true, if by 'customer' they mean 'hardware manufacturer'. The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC."
Garrett isn't opposed to secure boot or UEFI as such but the way Microsoft is "misusing" the technology to "gain tighter control" over the desktop operating system market it already dominates.
"Microsoft's rebuttal is entirely factually accurate," Garrett writes. "But it's also misleading. The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows. The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft are misusing to gain tighter control over the market. And the truth is that Microsoft haven't even attempted to argue otherwise," he concludes. ï¿½
Red Hat has done some testing work with the UEFI Forum, an industry group that is overseeing the development and introduction of the next-generation start-up specification. However this testing work happened before the implications of the secure boot feature became clear, Garrett told El Reg.
We're contributing members of the UEFI forum, which means we have access to the specification drafts and contribute towards the language in them," Garrett told El Reg. "We also typically attend some of the UEFI testing events. While the UEFI specification for secure boot has been public for some time, Microsoft's plans for it only became known very recently. We're still at the point of working out how some of the fine details are going to work. So, yes, while we do some testing with the forum, the last testing event was from before Microsoft let us know they were going to do this." ï¿½
Recently, in response to the brouhaha over its reported effort to implement a specification called Unified Extensible Firmware Interface (UEFI) that could make it impossible to run Linux on Windows 8 PCs, Microsoft officials responded with an extensive post that explains exactly what kinds of flexibility UEFI (Secure Boot) will offer. However, members of the Linux community in Australia have formally opposed UEFI, and many critics of Microsoft's defense of it argue that Microsoft is simply going to hand off the right to exclude Linux from Windows 8 PCs to hardware manufacturers, some of whom may choose to do so. Now the debate is getting a second wind, and a writer in the Windows corner has one of the best points yet.
Noted Windows pundit Ed Bott has weighed in on UEFI with a post titled "Why Do Linux Fanatics Want to Make Windows 8 Less Secure?" where he writes:
"The Free Software Foundation (FSF) is organizing a petition-signing campaign over Microsoftï¿½s announced support for the secure boot feature in next-generation PCs that use Unified Extensible Firmware Interface (UEFI) as a replacement for the conventional PC BIOS. My ZDNet colleague Steven J. Vaughan-Nichols is urging his readers to sign the petition with a bit of deliberately inflammatory language, calling it ï¿½UEFI caging.ï¿½ ... Don't fall for this FUD."
Interestingly, Bott makes a great point about how this whole debate is likely to be resolved. He asks: "Will PC makers make it possible for end users to toggle this option in the UEFI settings?" And, he decides, "of course they will." His reasoning is that a "non-trivial" percentage of PC owners will want to install non-Windows operating systems, including Linux, and the PC makers don't want to dedicate support people to answering calls about why they cannot do so.
Indeed, support is a huge cost center for most PC makers, who aren't making big profits these days. Most of the smart PC makers are likely to allow users to toggle the UEFI Secure Boot feature on or off, to avoid taking on support hassles. That said, if you intend to buy a Windows PC and you like to run Linux alongside Windows, be careful to check that you have a toggle option before buying, and know how to execute it.
silakan baca... update trus ini. silakan berargumen
So what are Linux users' prospects, given all of this? Once again, it's important to remember that this is all very preliminary, since Windows 8 won't be out for a long time still.
Working with what we've seen so far, though, not buying a Windows 8 certified PC is certainly one obvious option for avoiding any potential problems, as is simply upgrading from Windows 7 on an existing dual-boot machine. Building your own machine is always an option as well.
Assuming Microsoft does allow hardware vendors to give users the option of disabling secure boot, it may also end up being a matter of shopping carefully to ensure that the Windows 8 machine you buy includes that capability.
Signed versions of Linux don't sound likely, as I noted last week, due to licensing issues with the Grub and Grub 2 bootloaders and the fact that self-signed Linux keys would then have to be included by every PC maker--a logistical nightmare if ever there was one.
Of course, Linux fans tend to be pretty savvy users. If things do indeed continue on this path, I'm betting a variety of other workarounds will soon emerge.
"Why Do Linux Fanatics Want to Make Windows 8 Less Secure?"
oh gtu. HMM
"Why Do Linux Fanatics Want to Make Windows 8 Less Secure?"
oh gtu. HMM
klo mau dual boot sama windows, pakai yg asli lho? jgn membajak. Krn membajak itu dosa... dan bsa masuk penjara.