Microsoft claim that the customer is in control of their PC. That's true, if by "customer" they mean "hardware manufacturer". The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC.
Microsoft claim that the customer is in control of their PC. That's true, if by "customer" they mean "hardware manufacturer".
Isn't that always the case? Today I'm not guaranteed the ability to do secure boot. Today I'm not guaranteed the ability to use certain types of RAM or certain types of video cards or certain types of data adapters (e.g., Thunderbolt), or have touch support, or etc...
But what the customer is in control of is the ability to pick a PC which conforms to what they want, or the ability to build it.
There's never been a guarantee that a specific computer will allow a customer to do whatever they want. All secure boot disabling is is simply one more item in the matrix. And almost all these items are defined by each individual OEM.
The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor
This I hadn't heard of. So with UEFI secure boot you're saying that you likely won't be able to change graphics cards? I hadn't heard that.
There are two things I've not heard from Red Hat on this issue:
1) The (in)validity of the approach in terms of addressing the problem/need for secure OS boot.
2) An alternative approach for achieving the same result.
The practicality of the situation is this: in evaluating a trade-off between running Win8 securely on a PC/device vs. being able to install another OS on said device, the significant majority of users are going to forego the other-OS-install capability.
If RedHat is right, does that mean you would not be able to install Windows 7 on a Windows 8 certified PC? I imagine that could be very annoying to corporate IT departments that don't want to upgrade to Win8 (at least not right away) but still need to buy new hardware.
That's the real question... if you can turn it off, there isn't much of a problem. However, if you turn it off to install Linux, can you turn it back on to dual-boot Windows 8? If you can't, how many people will just stick to Windows?
[+] [-] sciurus|14 years ago|reply
Microsoft claim that the customer is in control of their PC. That's true, if by "customer" they mean "hardware manufacturer". The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC.
[+] [-] kenjackson|14 years ago|reply
Isn't that always the case? Today I'm not guaranteed the ability to do secure boot. Today I'm not guaranteed the ability to use certain types of RAM or certain types of video cards or certain types of data adapters (e.g., Thunderbolt), or have touch support, or etc...
But what the customer is in control of is the ability to pick a PC which conforms to what they want, or the ability to build it.
There's never been a guarantee that a specific computer will allow a customer to do whatever they want. All secure boot disabling is is simply one more item in the matrix. And almost all these items are defined by each individual OEM.
The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor
This I hadn't heard of. So with UEFI secure boot you're saying that you likely won't be able to change graphics cards? I hadn't heard that.
[+] [-] darkduck|14 years ago|reply
[+] [-] jroseattle|14 years ago|reply
1) The (in)validity of the approach in terms of addressing the problem/need for secure OS boot. 2) An alternative approach for achieving the same result.
The practicality of the situation is this: in evaluating a trade-off between running Win8 securely on a PC/device vs. being able to install another OS on said device, the significant majority of users are going to forego the other-OS-install capability.
[+] [-] ldite|14 years ago|reply
[+] [-] lawtguy|14 years ago|reply
[+] [-] RexRollman|14 years ago|reply
[+] [-] mbreese|14 years ago|reply
[+] [-] unnivs|14 years ago|reply
[deleted]