Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Please, people, before ranting get your facts straight. Microsoft is not stealing your hardware, in fact any x86(_64) hardware that is Windows 8 Logo certified must have the options to disable Secure Boot and to add and remove keys to the databases at the user's will, so they are actively enabling the owner of the hardware to have total control.
It is that simple: You have a problem with Secure Boot or just don't have a need for it? Then just disable it, you have that possibility if you look out that you are buying Window 8 Logo certified hardware, but you may lack that possibility if you don't.
Except for ARM phones, of course, where you can't disable it. So, it's NOT that simple. The trend it clear. They will eventually lock out x86 as well. Or maybe x86 will just disappear and you'll be surprised to find yourself locked-in.
...any x86(_64) hardware that is Windows 8 Logo certified must have the options to disable Secure Boot and to add and remove keys to the databases at the user's will...
And why exactly must x86/amd64 hardware have the option to disable Secure Boot?
ARM hardware for Windows 8 must have Secure Boot and there is no way of disabling it.
Another thing to consider is the fact that M$ originally planned to lock in x86 as well, but Intel and AMD wouldn't have it. Instead of saying it will never happen, I would consider ourselves lucky to have companies that still stand up against this evil. How much longer tho ?
Except for ARM phones, of course, where you can't disable it. So, it's NOT that simple. The trend it clear.
The trend is clear, Apple is trying to take over the desktop with vendor lock in, they have already started with locking their ARM phones and tablets. In the ARM space almost everybody does it, but people complain only about Microsoft doing it on their ARM machines with about what, 2% market share?
Quote:
Originally Posted by comet.berkeley
And why exactly must x86/amd64 hardware have the option to disable Secure Boot?
Because it is made mandatory by the Windows 8 Logo certification program for x86(_64).
Quote:
ARM hardware for Windows 8 must have Secure Boot and there is no way of disabling it.
Because it is made mandatory by the Windows 8 Logo certification program for ARM that Secure Boot must not be disabled .
Quote:
Who makes these rules?
It is the Windows 8 Logo certification. Who do you think makes those rules?
Quote:
Originally Posted by H_TeXMeX_H
Another thing to consider is the fact that M$ originally planned to lock in x86 as well, but Intel and AMD wouldn't have it.
That sounds interesting, do you have a link for me?
With it's monopoly power, Microsoft forces machine makers to have Secure UEFI in the BIOS for Windows 8.
And they force all open source vendors to get a Microsoft signature in order to boot under Secure UEFI.
This change makes it harder to "dual" boot Linux/BSD/etc with Secure UEFI turned on.
This is one more reason for new users to stay away from Linux/BSD/etc.
Linux should never have to depend on Microsoft in order to boot up a system.
This is bad for Linux.
Is it bad? Or could it be good? If the option of dual-booting is removed, those who truly want to use Linux or BSD may have more incentive to switch, instead of clinging to the comfort of Windows, while also using (or should I say testing) Linux. So it can be argued that not being able to dual-boot could harm Linux, and it can also be argued that it could help. Who is right?
It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.
But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature. The first hasn't happened yet, so we have no real idea how likely the second is. However, it doesn't seem awfully unlikely that Microsoft would be willing to revoke a distribution signature if that distribution were being used to attack Windows.
Quite literally. I will never buy anything which has been locked down.
I am thankful that my new laptop doesn't have "secure boot"... although this was more luck than skill, since I didn't do that much research before buying it. Four weeks ago I didn't even know that "secure boot" existed.
Next time, though, I will be doing my homework throroughly to ensure that whatever I buy doesn't have "secure boot" or anything remotely resembling it. I don't care if this "feature" can be disabled or not. I'm not buying it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
