Linked by Thom Holwerda on Thu 3rd Nov 2011 19:34 UTC, submitted by lucas_maximus
Hardware, Embedded Systems A big issue right now in the world of operating systems - especially Linux - is Microsoft's requirement that all Windows 8 machines ship with UEFI's secure boot enabled, with no requirement that OEMs implement it so users can turn it off. This has caused some concern in the Linux world, and considering Microsoft's past and current business practices and the incompetence of OEMs, that's not unwarranted. CNet's Ed Bott decided to pose the issue to OEMs. Dell stated is has plans to include the option to turn secure boot off, while HP was a bit more vague about the issue.
Permalink for comment 496072
To read all comments associated with this story, please click here.
RE: Ok, let's be fair
by Alfman on Sat 5th Nov 2011 19:45 UTC in reply to "Ok, let's be fair"
Member since:


"#1 Microsoft doesn't require secure boot to be enabled by default"

Do you have citation for that? Maybe it's changed, but this isn't what's been reported. Also, we don't know if windows will run without restrictions if it's disabled.
"Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled."

"#2 Microsoft doesn't require OEMs to not provide a way to disable secure boot"


"#3 Microsoft is spreading FUD: they don't want secure boot because they care about user's security, they want secure boot because they wrongfully think it will stop piracy"

It's possible microsoft is using it to sell media companies on DRM.

"#4 Even with secure bot, crackers will find a way to circumvent it, in no more than a few days after Windows 8 release"

The secure boot spec itself won't be cracked, just individual implementations. And even then secure boot has far fewer attack vectors than a modern multiuser operating system. It won't necessarily be crackable in software.

I think you agree that secure boot or no, the weakest link in the chain is still windows itself. Secure boot won't fix any of the OS or application level security problems.

"#5 If OEMs doesn't implement a way to disable secure boot, it is their fault, not Microsoft's"

Partly true, but this ignores the potential for dual boot issues, which is entirely in microsoft's hands now. Also remember that Microsoft had involvement in writing the spec which has no regard for keeping owners in control.

Additionally, many of us are uncomfortable with a security feature which will sometimes be locked to windows, and that will be difficult to impossible for users to enable for independent operating systems. This is apparently the biproduct of either a glaring oversight by an incompetent engineering team, or a hidden corporate agenda.

Edited 2011-11-05 19:59 UTC

Reply Parent Score: 2