Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Thread beginning with comment 490634
To read all comments associated with this story, please click here.
Oh Thom you spin a good yarn
by lucas_maximus on Sat 24th Sep 2011 19:01 UTC
lucas_maximus
Member since:
2009-08-18

http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-com...

There is the damn option to disable it.

In the screenshot below you will notice that we designed the firmware to allow the customer to disable secure boot. However, doing so comes at your own risk.


I dunno how much more black and white you guys need it.

If a manufacturer locks this down ... just don't buy from them.

BTW I have owned Laptops and Computers from Dell, HP, Acer, Asus, Apple and none of these have ever locked down the BIOS down.

Edited 2011-09-24 19:19 UTC

Reply Score: -1

Thom_Holwerda Member since:
2005-06-29

I suggest you actually READ the article before jumping to Microsoft's defence once again, because your post seems to indicate you did nothing even remotely resembling "reading".

Reply Parent Score: 4

lucas_maximus Member since:
2009-08-18

I read the blog post and you article which rallies the Linux crowd.

May I remind you I actually use OpenBSD ... and I buy my OpenBSD CDs.

As another has already said on this forum ... Motherboard manufacturers for OEM systems won't be as foolish as to do this.

I don't rally to Microsoft's defence ...

I was a Linux System Admin for 2 years.
I buy OpenBSD CDs to donate to the project.
I use an Android Phone.
I use Fedora 15 for my media box.
I use Windows 7 on My girlfriends laptop and my own desktop.

What I am fed up with ... is the constant Microsoft Bashing which is like the Zerg rush on every Website that is tech orientated.

I am a pragmatist and I use whatever works. Though I was initially worried about the announcement I waited patiently to actually know WTF was going on before getting upset.

If Microsoft do indeed threaten OEMs to remove the "disable Secure boot" option ... there will be in another anti trust case.

If OEMs stop you from disabling it ... then don't buy that hardware.

At the end of the day we are a fringe case and we are far more tech savvy than most ... I always check my OS compatibility when shopping for hardware ... and I use an OS that is far less popular than Linux (OpenBSD)

Edited 2011-09-24 21:00 UTC

Reply Parent Score: 0

RE: Oh Thom you spin a good yarn
by rklrkl on Sat 24th Sep 2011 19:34 in reply to "Oh Thom you spin a good yarn"
rklrkl Member since:
2005-07-06

Interesting how you didn't quote the Microsoft blog's statement:

"OEMs are free to choose how to enable this [Secure Boot] support..."

In other words, Microsoft are letting the OEMs decide whether to include a "disable secure boot" in the UEFI BIOS. It's a bit surprising that the UEFI standard didn't actually insist that the user should always be able to disable secure boot (I don't care if it's enabled by default, but I do care if it can't be disabled).

If Microsoft will indeed insist that the secure boot can't be disabled for OEMs to qualify for the Windows 8 certification logo, then *all* OEMs will do so and those machines won't be able use any other OS than Windows 8 or later. You can be guaranteed that OEMs won't advertise the fact that you can only run Windows 8 or later on their latest kit either, since that's surely a negative selling point?

As people have said, this will potentially impact Windows users too - no XP, Vista or Windows 7 on those new machines and bang goes third-party rescue CDs (you'll be forced to use MS'es signed rescue disks and no others).

There are surely anti-trust issues if Microsoft effectively force OEMs to only allow Windows to be installed on machines, even after the end-user has bought the machine and taken it home? It's a clear monopoly abuse because although MS might claim OEMs had a clear choice, the logo certification program insisting on secure boot not being able to be disabled is a major influence in the OEMs decision.

Reply Parent Score: 5

lucas_maximus Member since:
2009-08-18

In other words, Microsoft are letting the OEMs decide whether to include a "disable secure boot" in the UEFI BIOS. It's a bit surprising that the UEFI standard didn't actually insist that the user should always be able to disable secure boot (I don't care if it's enabled by default, but I do care if it can't be disabled).


So don't buy from those OEM that do. Simple.

There are surely anti-trust issues if Microsoft effectively force OEMs to only allow Windows to be installed on machines


Which is why they will leave in the option

Reply Parent Score: 1

TechGeek Member since:
2006-01-14

And some manufacturers have already stated that the option to disable will not be present. Many OEM's even now with just a regular BIOS do not allow users to change all the features that are present. Dell is pretty good, but that doesn't mean the option will always be there. Also, if Microsoft can mandate that OEMs include this functionality, what is to stop Microsoft from later mandating that the disable option be removed?

Case in point, I have a 1U server that has procs that include VT-x. The motherboard has a chipset that supports VT-x. The OEM set the BIOS to permanently disable hardware virtualization. Why? Because they could I guess? Because it was sold at a price point that they didn't want hurting sales of more robust expensive servers?

Reply Parent Score: 4

lucas_maximus Member since:
2009-08-18

Who has said the option to disable won't be present?

Reply Parent Score: 2

shotsman Member since:
2005-07-22


BTW I have owned Laptops and Computers from Dell, HP, Acer, Asus, Apple and none of these have ever locked down the BIOS down.


You forgot one key word. A very simple one. It is


YET

Reply Parent Score: 4

lucas_maximus Member since:
2009-08-18

That argument is stupid ...

e.g.

I have YET to do a commit a massacre ... therefore I might because I haven't yet ???

Most of these decisions are due to the corp policy.

Edited 2011-09-24 21:49 UTC

Reply Parent Score: 2