Linked by Thom Holwerda on Mon 4th Feb 2013 22:10 UTC
Google "People are, unsurprisingly, upset that Microsoft have imposed UEFI Secure Boot on the x86 market. A situation in which one company gets to determine which software will boot on systems by default is obviously open to abuse. What's more surprising is that many of the people who are upset about this are completely fine with encouraging people to buy Chromebooks. Out of the box, Chromebooks are even more locked down than Windows 8 machines." Good point.
Thread beginning with comment 551457
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Do Microsoft Respond Like This?
by mjg59 on Tue 5th Feb 2013 00:55 UTC in reply to "Do Microsoft Respond Like This?"
mjg59
Member since:
2005-10-17

Windows 8 systems and Chromebooks both default to only running signed software. Windows 8 systems and Chromebooks both permit you to disable all signature validation. Windows 8 systems permit the end user to choose to use their own keys instead of the vendor ones. Chromebooks don't. The user doesn't have the freedom to deny unwanted software from running on their system. It's a valuable freedom that Google don't currently provide, and it's completely fair to say that the Chromebooks provide less user freedom as a result.

Reply Parent Score: 6

vapier Member since:
2011-12-07

is there a GUI to replace keys ? no (although there are scripts to do so). is it possible to wipe/replace the keys ? yes -- toggle the hardware write protect. thus you are provably wrong.

is the bios source released for *any* device shipping windows 8 ? pretty sure not. how about any mobo out there where the target is windows ? no ? how about chromebooks ? ignoring the first 3 devices, the code is published for devices since released (coreboot & u-boot and the embedded controller [ec] that manages the keyboard/battery/etc...).

so go ahead, download the source, build it & embed whatever keys you want, and flash the device. now you have a fully secure system where only you own the keys.

sadly, the article is simply trolling.

Reply Parent Score: 0

mjg59 Member since:
2005-10-17

Once you're at the point of breaching your warranty and fiddling with the hardware, many things become more tractable. I suspect you'd have no trouble in modifying the keys on a Windows RT device, for instance.

Reply Parent Score: 2

segedunum Member since:
2005-07-06

Windows 8 systems permit the end user to choose to use their own keys instead of the vendor ones.

No, they don't. That is purely at the behest of the hardware manufacturer and you've provided nothing to back up that Microsoft will enforce this in any way. Stop repeating this crap.

You will be reporting on manufacturers not implementing modifiable key systems in no time, mark my words. The only reason you can disable Secure Boot now is because of the bootable software that users and companies still need to be able to run on current hardware.

Chromebooks don't. The user doesn't have the freedom to deny unwanted software from running on their system.

That's a curious way of putting freedom and a very curious way of painting what Microsoft is doing with this.

Edited 2013-02-05 21:55 UTC

Reply Parent Score: 3

mjg59 Member since:
2005-10-17

The FSF agree that this is a worthwhile freedom. It shouldn't be possible for any vendor to have more control over a system than you - that means that if the vendor can limit which software the system will run, you should also have that ability. The laptop I'm currently using gives me that ability. A Chromebook doesn't.

But still, let's find out how willing Microsoft are to enforce this. Find an example of a machine that doesn't let you install your own keys and I'll make sure Microsoft know about it, then we'll see what happens from there.

Reply Parent Score: 2