Linked by Thom Holwerda on Thu 3rd Nov 2011 19:34 UTC, submitted by lucas_maximus
Hardware, Embedded Systems A big issue right now in the world of operating systems - especially Linux - is Microsoft's requirement that all Windows 8 machines ship with UEFI's secure boot enabled, with no requirement that OEMs implement it so users can turn it off. This has caused some concern in the Linux world, and considering Microsoft's past and current business practices and the incompetence of OEMs, that's not unwarranted. CNet's Ed Bott decided to pose the issue to OEMs. Dell stated is has plans to include the option to turn secure boot off, while HP was a bit more vague about the issue.
Thread beginning with comment 496220
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Ok, let's be fair
by Alfman on Sun 6th Nov 2011 22:32 UTC in reply to "RE[4]: Ok, let's be fair"
Alfman
Member since:
2011-01-28

ilovebeer,

"1. It's not Microsoft's responsibility to cater to Linux users wants."

Overlooking possible anti-trust violations, you're absolutely right, however this simply does not dismiss our concerns.

"2. ... more and more hardware is supported with each iteration of the Linux kernel alone, not to mention out-of-kernel drivers."

Out of the box Linux compatibility is a strength... But 1) this isn't just about linux, 2) how does this justify locking down the keys to favor microsoft?


"3. If you choose not to buy or build a system that suits your needs, it's your own fault and your own problem. Vendors aren't to blame, Microsoft isn't to blame, just you."

This only holds if the restrictions are made clear at the point of sale. My point about fragmentation of the alternative OS ecosystem still holds. And in any case it still doesn't justify secure boot being designed to lock out the owner's control over keys.

"4. Nothing you've said is based in reality, truth, or fact. In other words, you're just trying to spread unjustified FUD."

I'm asking questions like everyone else because I am concerned about the migration to closed computing. Please quote specifically what you believe to be unjustified FUD. If you don't have the answers either, then why do you seek to dismiss my questions?

"1. There is absolutely nothing wrong or illegal with Microsoft or system vendors protecting their interests."

You can say that about any business with questionable ethics, however it doesn't answer our questions nor does it ameliorate our concerns. Even assuming these restrictions are entirely legal, it does not absolve them of public criticism.

"2. If a user does not consider their needs and research their options, picking one that best suits those needs, then yes it's absolutely their own fault. What's ridiculous is that you think users have no personal responsibility."

Like I said, you can blame the user as much as you like, but you can't deny that it is anti-competitive and potentially kills off one of the primary modes of adoption for alternate operating systems. Therefor it is a legitimate concern.


"...the fact that you have several other options available to you aside of buying 'Designed for Windows 8' systems. If the systems turn out not to be suited for your use, DON'T BUY THEM."

Again, even if you are right, it doesn't answer our questions and it doesn't dismiss our concerns at all. The secure boot spec still deserves criticism for being anti-competitive. As much as you want to see this through microsoft goggles, this is bigger than them. It's about recognizing that consumers benefit from open computing, and recognizing that incremental attempts to lock us out of our own machines have detrimental cumulative long term consequences, regardless of who instigates it.

Edited 2011-11-06 22:44 UTC

Reply Parent Score: 2

RE[6]: Ok, let's be fair
by ilovebeer on Mon 7th Nov 2011 01:36 in reply to "RE[5]: Ok, let's be fair"
ilovebeer Member since:
2011-08-08

Overlooking possible anti-trust violations, you're absolutely right, however this simply does not dismiss our concerns.

We don't know what the secure boot facts are yet and therefore no anti-trust issues are in play. Regardless, it's the OEM who will decide how secure boot behaves, not Microsoft.

how does this justify locking down the keys to favor microsoft?

This is not fact, it's baseless speculation. Until the facts are presented, be cautious how much you let your mind wander.

This only holds if the restrictions are made clear at the point of sale. My point about fragmentation of the alternative OS ecosystem still holds. And in any case it still doesn't justify secure boot being designed to lock out the owner's control over keys.

I absolutely believe any such restrictions should be made clear at the point of sale. Regardless, key management restrictions don't need to be justified. IF it turns out owners won't have control of this, so what. The user is buying a prebuilt system with a specific design and intent. If that's not in agreement with the users needs, the user should not buy the system. You can't escape this simple fact.

I'm asking questions like everyone else because I am concerned about the migration to closed computing. Please quote specifically what you believe to be unjustified FUD. If you don't have the answers either, then why do you seek to dismiss my questions?

I have no problem with people asking questions. However, those questions should at least be based in reality with factual supporting evidence so the questions have some sort of valid basis. To make baseless wild accusations is reckless at best. It serves only to spread fear, not focus on real world world issues.

You can say that about any business with questionable ethics, however it doesn't answer our questions nor does it ameliorate our concerns. Even assuming these restrictions are entirely legal, it does not absolve them of public criticism.

Again, your questions thus far have had no basis in reality. They're the product of imagination, nothing more. You can dream up as many nightmare scenarios as you like but you can't expect anyone to take them seriously if you can't provide any actual evidence there's real world concern.

As far as criticism, ... Yeah, go for it, no problem there. As long as you understand the difference between an opinion and making baseless accusations.

Like I said, you can blame the user as much as you like, but you can't deny that it is anti-competitive and potentially kills off one of the primary modes of adoption for alternate operating systems. Therefor it is a legitimate concern.

It is not Microsoft's job, nor the OEM's job, to provide Linux migration paths. OEM's opting to add "Designed for Windows 8" systems to their product offerings does not take away the users ability to purchase or build a non-"Designed for Windows 8" system. Choice has not, is not, and will not be removed from the equation.

Again, even if you are right, it doesn't answer our questions and it doesn't dismiss our concerns at all. The secure boot spec still deserves criticism for being anti-competitive. As much as you want to see this through microsoft goggles, this is bigger than them. It's about recognizing that consumers benefit from open computing, and recognizing that incremental attempts to lock us out of our own machines have detrimental cumulative long term consequences, regardless of who instigates it.

Concerns are fine but for them to be taken seriously they should have a basis in reality. Yet again, something your concerns don't have.

I agree, a secure boot spec should be thoroughly reviewed and criticized. And you should accurately address those who are actually implementing it, which is not Microsoft.

I don't wear Microsoft google... I simply don't share your not-based-in-reality paranoia. I focus my attention on fact while you focus your attention on whatever your imagination has conjured up. I want to talk about things that actually exist, and you want to talk about things that don't exist. The only way we'll see eye-to-eye is if your fantasy becomes reality, or you just come back to reality.

Reply Parent Score: 1

RE[7]: Ok, let's be fair
by Alfman on Mon 7th Nov 2011 05:57 in reply to "RE[6]: Ok, let's be fair"
Alfman Member since:
2011-01-28

ilovebeer,

You're still avoiding all of the questions. You say we shouldn't speculate over what hasn't happened yet, but that just reaffirms my point that these things are open questions. Also, regardless of how things play out, it is completely reasonable to criticize the spec today for excluding the owner from the chain of trust.

Even for OEMs that do want to allow owners to have control, there will be no universal mechanism for owners to load platform keys, since it's absent from the spec. This creates administrative problems for enterprises who prefer to manage their own keys.

On the topic of whether many OEMs will implement owner key controls outside the scope of the spec, that's undetermined. Sure, we could wait-and-see, and then complain afterwards - but that's not a favorable outcome. My opinion is that we should try to put public pressure on them right now before they ship.

Reply Parent Score: 2