Linked by Thom Holwerda on Wed 21st Sep 2011 22:06 UTC, submitted by kragil
Windows After the walled garden coming to the desktop operating system world, we're currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Thread beginning with comment 490323
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Comment from a dumb user
by Alfman on Thu 22nd Sep 2011 07:23 UTC in reply to "RE: Comment from a dumb user"
Member since:


"From my point of view, it's a good safety measure on PCs, since 99% of people would never try to boot another OS anyway."

Can you explain why you think it's a good safety measure? Unless I've missed something, there would only be two ways to boot a malicious bootloader/OS:

1. The system is already compromised and rooted such that the attacker was able to overwrite the bootloader/OS. In this case, chances are very high that the attacker can do whatever he pleases already with or without secure boot.

2. The user boots from external bootable media like a cd/thumbdrive.

If secure boot is going to prevent 99% of bootable media from booting anyways (seeing as most of us won't be able to get them signed), then I question the need for disabling external booting via secure boot instead of simply disabling external booting outright by default?

"Just give people an option to unlock if they want, and make it so that you need physical access to the PC, and make it just hard enough to find so nobody could/would do it on accident."

I agree that the ability to disable secure boot would be one option. Better yet would be to allow owners to control the keys on their own systems such that they could actually use secureboot with alternative operating systems. There is no reason for this feature to be hard coded for use by microsoft/manufacturers (other than to shift control to them).

Edited 2011-09-22 07:31 UTC

Reply Parent Score: 2