Linked by Thom Holwerda on Thu 31st May 2012 11:11 UTC
Fedora Core "Fedora 18 will be released at around the same time as Windows 8, and as previously discussed all Windows 8 hardware will be shipping with secure boot enabled by default. [...] We've been working on a plan for dealing with this. It's not ideal, but of all the approaches we've examined we feel that this one offers the best balance between letting users install Fedora while still permitting user freedom." Wait for it... "Our first stage bootloader will be signed with a Microsoft key."
Thread beginning with comment 520102
To read all comments associated with this story, please click here.
d3vi1
Member since:
2006-01-28

The only thing that they missed is that it's not x86 that we're worried about. In x86 the vendor should provide a non-secure-boot option in the firmware. In ARM we have the real mess that we need to solve and precisely ARM is the one that they're skipping. My guess is that the only decent/generic ARM hardware on the market will be the Windows hardware. Droid and iOS ARM hardware will be mostly inaccessible to Fedora, so for a decent fedora or ubuntu tablet you'll still need the Windows tablets. On the Server side though, I'm not really worried about the ARM part.

Reply Score: 1

WereCatf Member since:
2006-02-15

In x86 the vendor should provide a non-secure-boot option in the firmware.


I feel like I have to point out that the spec actually does NOT mandate this. The manufacturer can implement such a non-secure-boot option, but they are not required to. And if they aren't required to do that, well, feel free to guess how many manufacturers will do that.

Reply Parent Score: 5

rr7.num7 Member since:
2010-04-30

"In x86 the vendor should provide a non-secure-boot option in the firmware.


I feel like I have to point out that the spec actually does NOT mandate this. The manufacturer can implement such a non-secure-boot option, but they are not required to. And if they aren't required to do that, well, feel free to guess how many manufacturers will do that.
"

The spec doesn't mandate it, but Microsoft does. According to Windows 8 Hardware Certification Requirements:

MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv.

Reply Parent Score: 4

AnythingButVista Member since:
2008-08-27

EDIT: rr7.num7 beat me to it but stil...

Apparently the Electronic Frontier Foundation seems to disagree. In one of their recent articles they mention:

"In response to warnings and legal steps from the free software community, Microsoft agreed to require "Windows 8" certified x86 and x86-64 hardware vendors to offer a way to turn off this "secure boot" option that locks out user-modified OSes."
Quote taken from https://www.eff.org/deeplinks/2012/05/apples-crystal-prison-and-futu...

So the total lockout would be for ARM hardware only.

Edited 2012-05-31 17:53 UTC

Reply Parent Score: 3