Linked by Thom Holwerda on Mon 4th Feb 2013 22:10 UTC
Google "People are, unsurprisingly, upset that Microsoft have imposed UEFI Secure Boot on the x86 market. A situation in which one company gets to determine which software will boot on systems by default is obviously open to abuse. What's more surprising is that many of the people who are upset about this are completely fine with encouraging people to buy Chromebooks. Out of the box, Chromebooks are even more locked down than Windows 8 machines." Good point.
Thread beginning with comment 551572
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: One little difference
by mjg59 on Tue 5th Feb 2013 21:51 UTC in reply to "RE[4]: One little difference"
mjg59
Member since:
2005-10-17

All the Windows 8 certified systems (including cheap ones) that I've looked at implement key management, either through an explicit UI or via returning the system to Setup Mode. You're the one claiming that the majority of manufacturers will ignore this requirement. If so, you should be able to buy pretty much any cheap Windows 8 certified motherboard and prove that it doesn't have this functionality. How about this: pick a random Windows 8 certified board off Newegg and link it here. Buy it and test it. If there's no way to install your own keys, I'll pay for it.

Reply Parent Score: 2

RE[6]: One little difference
by segedunum on Tue 5th Feb 2013 22:06 in reply to "RE[5]: One little difference"
segedunum Member since:
2005-07-06

Heh. Let's put it this way, if there was any confidence in this then Linux distributions wouldn't be getting themselves key-signed by Microsoft, would they?

You will be reporting the demise of pretty much all key management on all but high-end systems on your blog in future and I will happily be around to point you back to this........ I haven't heard anything from you about how Microsoft is going to enforce this. Motherboards will have Microsoft's key and that's all that matters.

The only reason Secure Boot can be disabled is because of the massive amount of bootable software users and companies use and still need to use on their hardware - namely previous versions of Windows, imaging software and VMware - which will be dropped off the face of the map at a later date.

Chromebooks implement Secure Boot in the way that they do because it's more difficult to differentiate a legitimate user who has physical access and someone more malicious. I can understand it because of their function, but I hope Google will find a way to do it in future. Secure Boot on PCs will marginalise software you can boot and make hardware ridiculously expensive.

You also sail right over Windows on ARM which is a platform that has no such legacy problems for Microsoft and where you get absolutely no quarter given whatsoever. That's where we will end up.

Edited 2013-02-05 22:18 UTC

Reply Parent Score: 2

RE[7]: One little difference
by mjg59 on Tue 5th Feb 2013 22:17 in reply to "RE[6]: One little difference"
mjg59 Member since:
2005-10-17

There's no reason for a distribution to get itself signed by Microsoft if they're happy documenting how to handle key enrolment on every different firmware implementation. Many distributions aren't happy having that as a requirement.

I take it that you're not willing to take me up on my offer? You're the one who said that this functionality would only be included on the most expensive boards. If you're right, you get a free motherboard and the satisfaction of proving me wrong. If you're sure you're right, this should be a great opportunity.

Reply Parent Score: 2