Win2012 wants Secure Boot - damn?
 

Hi

I just saw here (slide 2 of 4) that Windows 2012 will require a UEFI bios and especially "Secure Boot" to be enabled.

I don't want to write right now the exact details - all I want to mention is that when I read that my first thoughts were "aaahhh, not again that s**t".

What are your thoughts?

No, it doesn't. It no longer requires Secure Boot to be optional. OEMs will have the option of allowing Secure Boot to be turned off, whereas before they were required to allow it to be turned off.

My thought? Lame move on the part of MS.

Mmmhh, so "Secure Boot" will be mandatory?

Yes.

http://arstechnica.com/information-t...out-a-reality/

Uhm... that's what you said in the first place... AARRRGGH CORPORATE DOUBLESPEAK MY LOGIC CIRCUITS HURT

It will be mandatory to ship with Secure Boot enabled. It will be optional to allow the user to turn it off.

Obviously it has nothing to do with security and everything to do with anti-competitive vendor lock-in. I knew this would happen
even those many didn't believe me.

"Secure Boot" translates to "Secure Market Share."

Quite the refutation of the "companies don't care about the Linux desktop because it has 'only' 2 market share" argument, isn't it.

If Microsoft didn't care, they wouldn't do this.

Secure Boot is designed to prevent pre-boot malware.

It has nothing to do with "locking out" other operating systems -- Ubuntu, Fedora & OpenSUSE will all install a Secure Boot compliant system.

It is even possible to create your own keys, enrol them into the firmware (BIOS) and sign the kernel image & boot loader/manager to acheive a Secure Boot set up that is completely independent of the Microsoft licence.
http://kroah.com/log/blog/2013/09/02...d-linux-kernel

Not when Windows 10 machines are released. Well, to be more precise, it is not guaranteed that it will be possible to create one's own keys on a Windows 10 machine as M$ are removing that requirement for vendors to be able to mark their equipment Windows compatible.
I am sure some vendors will continue to play fair but some may be paid by M$ to lock down secure boot and some may find it cheaper to do so.
So, this isn't "the sky is falling" but it is a slightly worrying move.

I wonder if secure boot prevents computers to get infected with the Equation Group malware. Something tells me it doesn't :rolleyes:

It depends on how that malware works. If it makes changes to the bootloader or kernel then it shouldn't work with Secure Boot enabled.

Well, according to Wikipedia, the Equation Group malware "infects the hard drive firmware, which in turn adds instructions to the disk's master boot record that causes the software to install each time the computer is booted up." So I guess this means secure boot should -- in theory -- prevent the malware from running. In any case, I wouldn't risk my neck for it :)

If I bought a system that didn't allow me to disable secure boot, I'll complain to the customer/tech support people and tell them I don't like using windows and I only use linux. If they refuse, I'll just get my refund.

I believe if you plan to use inux only a system from system76 or zareason is best.

The problem is that it removes the possibility for non highly computer-savvy people to try alt OSes. Not even a live cd.

Apart from Ubuntu, Fedora & OpenSUSE live CDs all of which will boot and install a working system with Secure Boot enabled...