"Earlier this week Apple fired Scott Forstall, the architect of its iOS platform, and handed his duties over to the company's chief industrial designer, Jonathan Ive. Ive and Forstall had an infamously chilly working relationship, and one of their biggest disagreements was over the role of so-called 'skeuomorphic' design in Apple's products. Forstall, like his mentor Steve Jobs, favored it; Ive disliked it. To many observers, Forstall's forced exit looks like a vindication of Ive's stance. But if he wants to continue Apple's enviable trend of innovation, he'd be a fool to throw the baby of skeuomorphism out with Forstall's bathwater." Hoped for a thorough article on the benefits of skeuomorphism - got the age-old and intrinsically invalid excuse 'because it sells'. Windows isn't he best desktop operating system because it sells so well. Lady Gaga isn't the best artist because she sells a lot of records. This argument is never valid, has zero value, and adds nothing to what should be an interesting discussion.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-08-11
Secure boot is mandatory on both x86 and ARM. Devices must be sold with it enabled to secure boot windows, but with x86 MS was compelled to require devices to have a platform specific override mechanism so owners can decide what to boot.
If you can turn it off, it isn't mandatory. OEMs are not required to turn it on, so it isn't mandatory.
Member since:2011-01-28
BluenoseJake,
"If you can turn it off, it isn't mandatory. OEMs are not required to turn it on, so it isn't mandatory."
I'm not sure how you are deducing that OEMs are not required to turn it on? OEMs are obligated to turn it on as stated in the windows 8 client system requirements:
http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256.a...
"Mandatory. Secure Boot must ship enabled Configure UEFI Version 2.3.1 Errata B variables SecureBoot=1 and SetupMode=0 with a signature database (EFI_IMAGE_SECURITY_DATABASE) necessary to boot the machine securely pre-provisioned, and include a PK that is set and a valid KEK database. The system uses this database to verify that only trusted code (for example: trusted signed boot loader) is initialized, and that any unsigned image or an image that is signed by an unauthorized publisher does not execute. The contents of the signature database is determined by the OEM, based on the required native and third-party UEFI drivers, respective recovery needs, and the OS Boot Loader installed on the machine. The following Microsoft-provided EFI_CERT_X509 signature shall be included in the signature database:"
There is alot more information there. They disable unauthorised main-board flashing. They say over and over again the ways a user cannot bypass secure boot without disabling it.
"Mandatory. No in-line mechanism is provided whereby a user can bypass Secure Boot failures and boot anyway Signature verification override during boot when Secure Boot is enabled is not allowed. A physically present user override is not permitted for UEFI images that fail signature verification during boot. If a user wants to boot an image that does not pass signature verification, they must explicitly disable Secure Boot on the target system."
They even go so far as prohibiting OEM system tools from being secure booted.
"Mandatory. UEFI Shells and related applications. UEFI Modules that are not required to boot the platform must not be signed by any production certificate stored in "db", as UEFI applications can weaken the security of Secure Boot. For example, this includes and is not limited to UEFI Shells as well as manufacturing, test, debug, RMA, & decommissioning tools. Running these tools and shells must require that a platform administrator disables Secure Boot."
As we know, MS was heavily criticised for banning all other operating systems on computers where they hold a monopoly, so they added a clause for disabling secure boot on non-arm systems.
"Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. A Windows Server may also disable Secure Boot remotely using a strongly authenticated (preferably public-key based) out-of-band management connection, such as to a baseboard management controller or service processor. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure Boot must not be possible on ARM systems."
I'm posting this in the hopes that the information is useful to you, but I recognise this isn't the right place to be debating secure boot. On the next secure boot article that comes up, I'll probably be there 
Edited 2012-11-04 22:42 UTC
The third and final WWDC product I want to talk about is - of course - OS X 10.9 Mavericks. While iOS 7 was clearly the focus of this year's WWDC, its venerable desktop counterpart certainly wasn't left behind. Apple announced OS X 10.9 Mavericks, the first OS X release not to carry the name of a big cat.We already talked about iOS 7 yesterday (after a night of sleep, it's only looking worse and worse - look at this, for Fiona's sake!), so now it's time to talk about the downright stunning and belly flutters-inducing new Mac Pro. As former owner and huge, huge, huge fan of the PowerMac G4 Cube - I haven't been this excited about an Apple product since, well, I would say the iMac G4. This is the Apple I used to love.
Apple held its big keynote event thing at WWDC earlier this evening, but since I was away with friends I've had to read up on it later in the evening. The company announced iOS 7, OS X 10.9 Mavericks, and they gave a preview of the new Mac Pro. Especially the Mac Pro impressed me, and while iOS 7's new Holo/Metro-inspired theme looks messy and garish to me, I do commend Apple for finally breaking the mold. This news item will focus on iOS 7 - I'll dive into the Mac Pro and OS X 10.9 tomorrow (it's late here now).
And yes, the PRISM scandal is far, far from over. More and more information keeps leaking out, and the more gets out, the worse it gets. The companies involved have sent out official statements - often by mouth of their CEOs - and what's interesting is that not only are these official statements eerily similar to each other, using the same terms clearly designed by lawyers, they also directly contradict new reports from The New York Times. So, who is lying?This story is getting bigger and bigger. Even though most Americans probably already knew, it is now official: the United States government, through its National Security Agency, is collecting the communications and data of all American citizens, and of non-Americans using American services, through a wide collaboration with the large companies in technology, like Apple, Google, Microsoft, Facebook, and so on. Interestingly enough, the NSA itself, as well as the US government, have repeatedly and firmly denied this massive spying on Americans and non-Americans took place at all.Ah, patents - the never-ending scourge of the technology industry. Whether wielded by companies who don't actually make any products, or large corporations who abuse them because they can't compete in the market place or because they're simply jerks, they do the industry a huge disservice and are simply plain dangerous. According to The Wall Street Journal (circumvention link), president Obama is about to take several executive actions to address patent trolls - which may seem like a good idea, but I am very worried that all this will do is strengthen the positions of notorious patent system abusers such as Apple and Microsoft.
With version 13.05, the developers of the Genode OS Framework take measures to ensure that Genode continues to scale well with a growing number of users and the steadily broadening platform coverage. Further highlights are the improved SoC support for Exynos 5, OMAP4, Raspberry Pi, i.MX, and new components for realizing headless systems.At the D11 conference, Apple CEO Tim Cook once again took the stage to be interviewed by Walt Mossberg and Kara Swisher. While most of the interview can be replicated by picking and reading 10 random Apple fanblog stories - there were still a number of very interesting things that warrant some closer scrutiny.
So, the Xbox One disaster continues. Microsoft's policy for dealing with the used games market has reportedly leaked - and it's a clear and direct attack to destroy the used games market. Prices for used games will be set at the retail value of a new game, and retailers have to hook into Microsoft's computer systems and comply with Microsoft's terms and conditions.At an event earlier today, Microsoft unveiled the next Xbox - the third model, but confusingly named Xbox One. The big focus was TV, integrated Kinect, and all the other stuff we all expected to be forced down our throats. I think it took them 25 minutes to actually come to what should be the core of the story: gaming. Nothing groundbreaking in the gaming department, except for how Microsoft intends to handle the used games market and borrowing games from friends: pay up, buddy!
Member since:
2011-01-28
BluenoseJake,
"Only WinRT devices have mandatory secure boot, any devices based on x86 can be unlocked, and I think the default is unlocked."
Secure boot is mandatory on both x86 and ARM. Devices must be sold with it enabled to secure boot windows, but with x86 MS was compelled to require devices to have a platform specific override mechanism so owners can decide what to boot.
Unfortunately secure boot wasn't really designed to be used by owners or 3rd party platforms, so there is no standardised way to boot alternate operating systems other than disabling secure boot entirely, which is a shameful oversight by the secure boot engineers.
Edit: Was not my intent to drag this thread completely off topic, just wanted to point out that secure boot is enabled by default, it would not make sense to have it disabled from the manufacturer.
Edited 2012-11-03 18:18 UTC