Linked by Thom Holwerda on Thu 3rd Nov 2011 19:34 UTC, submitted by lucas_maximus
Hardware, Embedded Systems A big issue right now in the world of operating systems - especially Linux - is Microsoft's requirement that all Windows 8 machines ship with UEFI's secure boot enabled, with no requirement that OEMs implement it so users can turn it off. This has caused some concern in the Linux world, and considering Microsoft's past and current business practices and the incompetence of OEMs, that's not unwarranted. CNet's Ed Bott decided to pose the issue to OEMs. Dell stated is has plans to include the option to turn secure boot off, while HP was a bit more vague about the issue.
Thread beginning with comment 496263
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: Ok, let's be fair
by Alfman on Mon 7th Nov 2011 05:57 UTC in reply to "RE[6]: Ok, let's be fair"
Alfman
Member since:
2011-01-28

ilovebeer,

You're still avoiding all of the questions. You say we shouldn't speculate over what hasn't happened yet, but that just reaffirms my point that these things are open questions. Also, regardless of how things play out, it is completely reasonable to criticize the spec today for excluding the owner from the chain of trust.

Even for OEMs that do want to allow owners to have control, there will be no universal mechanism for owners to load platform keys, since it's absent from the spec. This creates administrative problems for enterprises who prefer to manage their own keys.

On the topic of whether many OEMs will implement owner key controls outside the scope of the spec, that's undetermined. Sure, we could wait-and-see, and then complain afterwards - but that's not a favorable outcome. My opinion is that we should try to put public pressure on them right now before they ship.

Reply Parent Score: 2

RE[8]: Ok, let's be fair
by ilovebeer on Mon 7th Nov 2011 15:48 in reply to "RE[7]: Ok, let's be fair"
ilovebeer Member since:
2011-08-08

You're still avoiding all of the questions. You say we shouldn't speculate over what hasn't happened yet, but that just reaffirms my point that these things are open questions.
I'm not avoiding the question, I'm ignoring it because it has absolutely no basis in reality. I see no point in catering to anyones imagination when you can focus on reality and actual facts instead. There are better things to address than far-fetched speculation and/or flat out nonsense.

Also, regardless of how things play out, it is completely reasonable to criticize the spec today for excluding the owner from the chain of trust.
Of course. I agree as I've already told you.

On the topic of whether many OEMs will implement owner key controls outside the scope of the spec, that's undetermined. Sure, we could wait-and-see, and then complain afterwards - but that's not a favorable outcome. My opinion is that we should try to put public pressure on them right now before they ship.

Panic when you have reason to panic. Be fearful when you have a reason to be fearful. But, don't make that your default position on everything -- you'll only become a paranoid loon.

As far as putting pressure on OEMs, good luck. Not that they care about a handful of people bitching, but if it makes you feel better ... sure!

Reply Parent Score: 1

RE[9]: Ok, let's be fair
by Alfman on Mon 7th Nov 2011 18:06 in reply to "RE[8]: Ok, let's be fair"
Alfman Member since:
2011-01-28

ilovebeer,

"I see no point in catering to anyones imagination when you can focus on reality and actual facts instead. There are better things to address than far-fetched speculation and/or flat out nonsense."

I asked you to point out specifically what I said that was misleading, and you refused to even do that. I don't get why you are so motivated to drown out my questions themselves. Are they that inconvenient for your world view?


"Of course. I agree as I've already told you."

Good, finally some agreement.

"Panic when you have reason to panic. Be fearful when you have a reason to be fearful. But, don't make that your default position on everything -- you'll only become a paranoid loon."

Is it really that paranoid to believe that many OEMs may implement secure boot *by the spec* without a custom mechanism for owners to control the keys? This is not delusional FUD, it seems quite probable.

"As far as putting pressure on OEMs, good luck. Not that they care about a handful of people bitching, but if it makes you feel better ... sure!"

If there's any chance that this could make the difference between normal dual booting and pain in the ass dual booting, then it's well worth it in my opinion.

Reply Parent Score: 2