Linked by Thom Holwerda on Mon 4th Feb 2013 22:10 UTC
Google "People are, unsurprisingly, upset that Microsoft have imposed UEFI Secure Boot on the x86 market. A situation in which one company gets to determine which software will boot on systems by default is obviously open to abuse. What's more surprising is that many of the people who are upset about this are completely fine with encouraging people to buy Chromebooks. Out of the box, Chromebooks are even more locked down than Windows 8 machines." Good point.
Thread beginning with comment 551445
To read all comments associated with this story, please click here.
Do Microsoft Respond Like This?
by segedunum on Tue 5th Feb 2013 00:22 UTC
segedunum
Member since:
2005-07-06

http://mjg59.dreamwidth.org/22465.html?thread=856257#cmt856257

I can understand why they're using Secure Boot like this given what they want the Chromebook to actually be. Wiping user data when someone (could be you, could be someone else) installs another system on it is something you actually want to happen and you certainly do if you're an organisation with remote workers with these machines all over the place.

The tricky part here is differentiating between a legitimate person who wants to modify his/her system and someone malicious with a stolen machine and keeping the actual security usefulness of Secure Boot intact for the end user.

I have never seen an answer from Redmond on that topic.

The notion that Chromebooks are more locked down that Windows 8 machines is bollocks.

Reply Score: 4

mjg59 Member since:
2005-10-17

Windows 8 systems and Chromebooks both default to only running signed software. Windows 8 systems and Chromebooks both permit you to disable all signature validation. Windows 8 systems permit the end user to choose to use their own keys instead of the vendor ones. Chromebooks don't. The user doesn't have the freedom to deny unwanted software from running on their system. It's a valuable freedom that Google don't currently provide, and it's completely fair to say that the Chromebooks provide less user freedom as a result.

Reply Parent Score: 6

vapier Member since:
2011-12-07

is there a GUI to replace keys ? no (although there are scripts to do so). is it possible to wipe/replace the keys ? yes -- toggle the hardware write protect. thus you are provably wrong.

is the bios source released for *any* device shipping windows 8 ? pretty sure not. how about any mobo out there where the target is windows ? no ? how about chromebooks ? ignoring the first 3 devices, the code is published for devices since released (coreboot & u-boot and the embedded controller [ec] that manages the keyboard/battery/etc...).

so go ahead, download the source, build it & embed whatever keys you want, and flash the device. now you have a fully secure system where only you own the keys.

sadly, the article is simply trolling.

Reply Parent Score: 0

segedunum Member since:
2005-07-06

Windows 8 systems permit the end user to choose to use their own keys instead of the vendor ones.

No, they don't. That is purely at the behest of the hardware manufacturer and you've provided nothing to back up that Microsoft will enforce this in any way. Stop repeating this crap.

You will be reporting on manufacturers not implementing modifiable key systems in no time, mark my words. The only reason you can disable Secure Boot now is because of the bootable software that users and companies still need to be able to run on current hardware.

Chromebooks don't. The user doesn't have the freedom to deny unwanted software from running on their system.

That's a curious way of putting freedom and a very curious way of painting what Microsoft is doing with this.

Edited 2013-02-05 21:55 UTC

Reply Parent Score: 3