If a tech has to do that all he needs is either a CD with a signed bootloader (not that difficult to create for a tech), or he just disables Secure Boot for the duration of testing. Secure Boot will not keep a technician from doing his job, it will also not keep the trained attacker with physical access to the machine from whatever he wants to do, but it will keep malware from infecting the boot process and the "normal" employee from just booting a Knoppix or WinPE CD to circumvent company policy or compromise the system.

1 members found this post helpful.

If the PC isn't a windows 8 PC, and thus doesn't have the Windows 8 logo, the tech may not be able to disable secure boot. Of course, most systems will have the Windows 8 logo.

A PC does not have to come with the Windows 8 OS to have the Windows 8 logo. In fact, the logo is not really referring to the whole PC (when it comes to Secure Boot), but only to the options available in the firmware of the motherboard. Usually motherboards are delivered without OS. This is of course different with laptops and machines with mainboards that are specifically manufactured for one OEM, like Dell.
You also can be sure that a company that want to use Secure Boot with a non-Microsoft OS (or disable it) will buy machines that have these options available. They don't go out buy machines randomly, usually companies have some type of evaluation process.

And thus add a working system to landfill just because it won't run the next version of MS pile of crud.

That is what is wrong with it.

Just because a machine is bought with Win8 on it doesn't mean it always will. Hand-me-down computers work just fine - but if you READ the license, hand-me-down systems DON'T come with a license to use the OS. You are supposed to buy it again.

And that purchase is (or can be) unaffordable (or like XP, unavailable) to to the recipient.

Thus making more electronic junk which tends to have hazardous substances.

What do you mean with that?

Please explain.

I thought it was obvious.

I have four machines that were originally purchased for use with windows for other people. When they were no longer supported by MS, then they were headed for the landfill.

I got them and put Linux on them because I knew there was nothing wrong with the systems. They run fine, and are (well were, they are over 10 years old now) good usable systems with Linux.

Secure boot as implemented/required by MS prevents doing this by only allowing windows to boot - and the inability to put MY certificates on such systems means I can't use them to boot MY trusted software, unless I disable secure boot. And on systems I CAN'T disable secure boot means I can't put Linux on them, thus headed for the landfill.

Not at all.

Why? If those machines are ten years old they came with XP and XP is still supported. If a ten years old machine came with Ubuntu you can be sure that without upgrading the hardware you won't be able to run a current Ubuntu on it. This is the way it goes in IT, software becomes more demanding over time, just because there are more resources available. this is not Microsoft specific.

If manufacturers want to get the Windows 8 Logo certification, which is obviously wanted by Microsoft, they have to implement the options to disable Secure Boot and to manage your own keys. So Microsoft prevents you from nothing (in fact they are encouraging manufacturers to give you the options you want), manufacturers that don't want to get the certification for whatever reason do.
So you have to blame the manufacturers in the first place, not Microsoft.

in the us, you have a right to sue if you are willing to pay court fees and possible counter-suit if you don't recieve judgement as a plaintiff. doesnt mean that the other party broke the law or did anything illigal.

this may be related to the patriot act (which is a corrolary to the dmca) which makes people who supercede any computer encryption (such as modding cell phones, ripping dvd's, ...) into military combatants.

that law has recently been renewed to allow installing alternate roms on devices and ripping dvd's for education purposes.

/ianal

XP is no longer being sold except for systems that have already been built with it - and a 10 year old system wont run current XP...

And those machines work just fine in what I have targeted them, so no landfill. And I do know how to put a linux on it that will work - that is one of the benefits of Linux from Scratch.
I still have a 486 that can do routing for 10Mbit networks. Think that will run current XP?

No they aren't. MS has only stated that for Window 8 (they do still have to support Windows 7, so secure boot MUST be disabled for that...)

For ARM is is mandated that they NOT BE ABLE TO DISABLE secure boot.

As I said, SPECIFIED and REQUIRED by MS.. so Microsoft is to blame.

I may be a bit paranoid, but:

In a few years I fully expect (unless another anti-trust suite stops them) to drop the "able to disable secure boot" on X86. Likely as soon as they can drop the Windows 7 support. After that they can revoke the certificate used for booting via secure boot for those systems - thus making it impossible to create/update systems based on them...

The past history of MS is full of crap they have done to "partners" and "competitors" all over the world to preserve, and extend their monopoly. This is just their first way of trying to extend it into the ARM market.

Hi,
Not a responsible company, if disposed of improperly they can be fined for that type of dumping.
No, what is wrong with is that some people are not fully aware of proper disposal rules and restrictions
That will depend on the 'EULA'. If OEM then yes you will need to re-license.
Not always true, you will have to dig to find the OS but it can be done legally and sometimes affordable.
Which when handled properly by licensed recyclers then no issue. What I am against is the companys that move hardware to third world or countries that do not have regard for human safety when handling electronic hardware disposal. Now that should be something local, state & federal agents should be handling by closer contacts & inspections.

Hi,

First, I think you should research a bit before making statements you have been making. Too much 'FUD', lack of understanding and misinformation.
Not if you use SP1 for a 10 year old system then do updates. Of course if the system is not 64 bit then using a current Xp 64bit on a 10 year old machine may require you to jump through more hoops/. Doable on proper hardware. I still do this with licensed XP on older equipment with proper license.
Not a current but you could install SP1 an do the update process in order to bring too a supported Xp level. Fine that you are able to recycle older equipment to extend the service life.
Again you do not know nor understand the 'UEFI' protocol nor how 'secure boot' is handled for equipment. Nor how the certification process is done for a user with Microsoft. Read a bit to inform yourself.

Microsoft based ARM. Rooting ARM can be done on other manufactures devices. Of course 'Apple' has locked their devices, but 'Apple' is unique in the type of equipment provided to their users. You can 'root' but at the risk of warranty for equipment.

Not on all systems, you still need to read the license agreement. Read the protocol, 'UEFI'.

I think you are relying on to much 'FUD'. Research and certify information before passing it on. That way you will be informed.

Here again, You do not understand the 'UEFI' protocol and the 'Secure boot' set for that protocol. Thre are too many active Win/7 computer user base to drop Win/7. Win/7 is in the position that Win/Xp has been for the past decade(plus). You do not understand the License again, read the 'EULA' for Win/7 and read up on 'UEFI' then realize your misinformation concerning 'Secure boot'.
As I stated above, you do need to research more and be specific. Microsoft is a company that must profit for their share holders. Fines and judgements are not something a company needs to bear. Sure, earlier years Microsoft did some bad business practices. Proof is that people think that Microsoft does this presently on a blanketed basis. They have teams of lawyers & bean counters who know the limits and tricks to keep the company profitable legally.

My biggest complaint is that many users (Gnu/Linux included) is that most rely on and pass on 'FUD' to assure their hatred for Microsoft. Research & verify!

Of course not, it was never intended to. It also won't run current Ubuntu. This is just a nonsensical argument, sorry I have to say that.

Of course they have only stated that only for Windows 8. May be because it is the Windows 8 Logo certfication, not the "pick a random future Windows version" certification.

True on ARM devices. They do it exactly as Apple and almost any manufacturer for Android devices. Yet I wait to see the people blame them. Double standard?

So basically you say: I don't have any facts, I say all that only based on my personal opinion?
Do that on your blog, a technical forum is about facts.

As stated, other companies already do this sort of task to prevent other OS's. Secure boot if one reads about and understands it is not as big an issue. You have a choice to buy it or not. You have to realize that very few people in the world know about computer. They don't want to know. They don't join LQ even. They just want their computer to work. If you read up on secure boot, you will find it useful just like the billions of changes that have been made to linux over the years. Remember when such a notion as running as a limited user and not root was crazy talk? Remember when using antivirus and antimalware was nutty?

Hi,

I have added this to hopefully help others to understand and relate to the information as we still have world members who use WinXP with Gnu/Linux dual boot or VM usage.

WinXP release information;Of course the WinXp updates are still supported. Just no new release except for the Netbook/Notebook hardware. Users still can use Win/XP on proper equipment. 10 year old equipment that fits the model can be used.
EDIT: Forgot to add: Windows XP Service Pack 3 Overview
HTH!

The aim wasn't to run any specific distribution. It was specific to running MY kernel that I compile for that specific target. It doesn't have to be a distribution. Linux can run for specific target environments in 16 MB of memory even, and on a 486 - the DSL distribution for example.

No - Apple isn't a monopoly trying to take over every other vendor.
I clearly stated what followed was opinion (paranoid even). It has been the history of MS that developed that opinion.