Re: N68C-GS FX -- Where are the POST messages?

Not to worry ronbaby, you've just been reading to many forum posts. Or I should say, semi-accurate forum posts, which are all to common. Wardog's last post qualifies as an accurate one, IMO.

I'm glad you mentioned that, and now that I understand (to a degree) how the dreaded "secure boot" option that UEFI firmware brings, it's funny that Microsoft alone was seemingly blamed for creating it and using it. I sure don't know all the true details of Microsoft's intent when this hit the fan, and they may have backed off or were innocent from square one. I do know a few things that make that controversy clearer.

EFI or UEFI firmware has existed for at least 10 years, although not used on most PCs until about 2011. Some companies used it earlier, like Intel, HP, and IBM, but most people did not know it was there (including me) since it was used in an emulated BIOS mode, and still is. If you find an option in your BIOS... uhm, UEFI firmware UI (BIOS screens ) called CSM (Compatibility Support Module), which will be enabled, you are using the standard BIOS firmware to start and boot a PC. Don't disable it to check the difference, the PC won't boot, you must install Windows in a slightly different way to all UEFI booting. Most PC enthusiasts still don't use UEFI booting, due to a few constraints that currently exist, such as not being able to use most video cards. Sounds weird, I know, or semi-accurate, but it's true, no details for now.

On topic (?), Secure Boot. Yes it can "lock out" software of any kind in the pre-OS environment that does not have the magic key, so has the potential to be abused as you described. Secure boot is an option of the UEFI design or spec, Microsoft did not create it or owns it. It is not controlled in Windows, although an OS must support it in order for it to work. The keyword here is it is an option, or should be an option. It is a simple, one line option in a UEFI, enabled or disabled. Your board may not have it, but wardog's and my boards do. It is disabled by default, or should be IMO. There is also the "security key" that the user should have control of, but that option and the extent of it varies from board to board. Full control allows the user to enter their own key, for example.

That's where the trouble started apparently, and I really don't know the story so I'm not qualified to talk about it. But I have read about a few new laptops sold with Windows 8 that are setup with Secure Boot enabled, and no option in the UEFI/BIOS to disable it. That is where the "locked down" aspect is, trying to install another OS without knowing the key or having access to the key, or simply not being able to disable Secure Boot. Microsoft or whomever would need to somehow require/force every PC's BIOS to not allow Secure Boot to be disabled, among other things, to lock the PC owner into one OS brand. I can only imagine the mother of all lawsuits that the EU regulators would have thrown at MS if they did that, enough money to bail out Greece, etc.

Frankly, IMO many all in one PCs and laptops are already controlled and semi-locked down. If you change any hardware, your warranty and support are gone. I always thought it was that other PC company that controlled their platforms so tightly, with few complaints from their customers.

Re: N68C-GS FX -- Where are the POST messages?

I guess that I should probably not speculate on the subject of which or how many machines have secure boot enabled and no way to disable it, but I do suspect that at this point it may be considerably more than just "a few laptops".


P.S. I had essentially the same problem as I have previously described (for my ASRock motherboard) recently when I was over at my cousin's house for Easter dinner. I had planned to go over there and use Clonezilla to make a complete backup of her hard drive (on her relatively new Dell tower system) for her, you know, for emergency purposes. Well, no matter what I did, after power-on I absolutely could not get the *&^%$#@! effing thing to either (a) show me a BIOS setup secreen or else (b) boot from the CD/DVD drive. It just refused, absolutely, and _never_ displayed _any_ ``POST'' messages at all... just going straight from black screen to Windows booting. So I was effectively and utterly thwarted from making the full system backup that I had planned to do. Ever since, I have been meaning to contact Dell about this and ask them "WTF?" but have not done so yet. But I have a deep suspicion that this may have to do with UEFI+SecureBoot.

Anyway, it doesn't matter. The point is that _someone_ is _somehow_ making hardware a LOT harder to use... with anything other than Windows... and it really chaps my hide.

Re: N68C-GS FX -- Where are the POST messages?

Oh! I almost forgot to mention... It appears that I may perhaps not be the only one with a tinfoil hat...

Microsoft Windows 8 UEFI Secure Boot complaint: The case for and against | ZDNet

Please note the date on the above article. This is a quite recent development. I only mention that to make the point that no, these problems have NOT all been neatly resolved yea. This whole thing is an ongoing issue at the time of this writing.

Re: N68C-GS FX -- Where are the POST messages?

I finally see what you want, during POST you want the process to stop and prompt you for various things. Such as, "Press F11 for the Boot Menu. Press F2 for BIOS Display", etc. That doesn't happen anymore, for better and worse. I have an older (~3 years) board that has BIOS options to display those messages during POST for a few seconds, but that's all. I highly doubt you'll find a board for a DIY PC, or pre-built PC that behaves as you would like, these days.

There has been a divergence in the PC world, between the all in one PCs the non-PC enthusiasts buys, and the pre-built boutique PCs or DIY PCs enthusiasts use. Manufactures of PCs for the average person have learned over the years that the less "techie" they make them, the fewer support issues they have with those users, and the happier the owners are. So all the things like POST options, extensive BIOS options, etc, have been removed. That is partially why your cousin's PC did not cooperate with your intentions. When a tech oriented user tries to use those PCs, they are frustrated, and dislike them. The tech oriented PCs have become more sophisticated, and with that a learning curve of new features and options. The things you knew of years ago (I suspect it has been more than a year or two since you built a PC) are no longer the way things are done. BTW, if that PC was configured for secure boot with Windows 8, standard cloning tools will not work, due to the GPT formatting of the OS drive. The PC world is not static, and things have changed quite a bit lately.

The adage, "The devil is in the details", is somewhat appropriate here, regarding the ZDNet article. Or as I am seeing more and more these days, the truth is in the details, but no one wants to bother with them.

The secure boot only scheme forced with Windows RT and ARM devices does not seem good, but at least that is known, or should be known, by the customer purchasing those products. But then in our culture, ignorance on the part of the consumer has become the fault of the manufacture.

Otherwise, the article has me thinking more about the mentality of these people in the EU, than secure boot and Windows 8. That seems to be, protect me from this product that I purchased of my own free will, that I don't understand how to configure and use as I'd like to, very different from the original product, when I put no effort into it, although it can be.

Excerpts from the ZDNet article:

"You can turn Secure Boot off, allowing you to load anything you want (though, admittedly, without the intended boot-time protection), or you can upload your own Platform Key, making you the cryptographic master of your own device".

"In any case it should be the other way round," said Brown. "It should be deactivated by default and, if the user needs secure boot, s/he can be given the instructions to activate it. The reasoning behind this is that deactivating Secure Boot is not a trivial or simple task for a non-technical user. Different providers locate the secure boot kill-switch in different places and under different names in the scarily complex and dangerous UEFI control panel."

I agree that secure boot should be an easily disabled option, or not enabled by default. But the demonizing and hand-wringing regarding how it is done is ridiculous, IMO.

I loved this, "... Different providers locate the secure boot kill-switch in different places and under different names in the scarily complex and dangerous UEFI control panel

Where is that kill switch, I must find it or all will be lost, Armageddon, Apocalypse, Dooms Day! Wow, I'm getting dizzy from the spin!

If the same person that found a UEFI/BIOS interface to be a scarily complex and dangerous UEFI control panel, were to open a PC to add a disk drive, and found the system to be scarily complex and dangerous, would they be justified in blaming the manufacture?

Ironically, the names given to the secure boot setting may be different between manufactures because:

• A low level employee writing/translating from Chinese to other languages made a mistake, or did not know what it should be, so were lazy or did the best they could
• Changed the term from secure boot in an attempt to make it more understandable, but just added confusion
• Modified the term just to be different, or appear savvy

This statement is mind boggling:

"As Linux users and professionals, we find it deeply disturbing that, to be able to boot a Linux operating system, or any other operating system for that matter, on a computer configured with Microsoft's UEFI Secure Boot keys," Hispalinux spokesperson Paul Brown told ZDNet, adding that 90 percent of the machines on the market are configured this way. "An individual, group of developers or company has to ask Microsoft for permission, wait for them to answer, and live with the threat that said permission can be revoked unilaterally by Microsoft at any moment and for any or no reason."

These are professionals that don't know how to disable secure boot, or bought PCs that could not be configured to disable secure boot? Their intent from the start was to install Linux, but were not aware of the possible issue with secure boot?

Also, what does, "... adding that 90 percent of the machines on the market are configured this way." mean? All in one PCs sold with Windows 8, that cannot have secure boot disabled? No, with security keys from MS. That is how secure boot works, with secure keys. My ASR board has its own built in keys, and there are certain other public keys, and it's possible to create your own keys, if the UEFI provides that capability. But the bottom line again is, disable secure boot, no problem installing another OS, the end.

The real question and controversy here is, why does an OS software provider, have the ability to control certain aspects of the hardware, and restrict what can be done with that hardware, when that OS provider is not providing any of the hardware?

Apple provides the entire PC package, so it can do what it wants to, and the consumer decides if they care or not. If MSoft was compelling PC manufactures to have secure boot enabled in Windows 8, with MS's proprietary security keys, without the ability to disable secure boot, that is wrong. How could they get away with that?

But then secure boot is not a part of Windows, or controlled in Windows, that's done in the "scarily complex and dangerous UEFI control panel". What a tangled web this is, and it was handed to them on a golden platter, free of charge. But I cannot see ALL of the PC manufactures bowing down to MS, IF, IF they were doing this. Anyone caught doing such a thing would be in deep international doo-doo.