• Thought Windows 8's support of Secure Boot was bad? Microsoft will allow OEMs to not allow users to
    38 replies, posted
[url]http://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/[/url] [quote=Ars Technica]Those of you with long memories will recall a barrage of complaints in the run up to Windows 8's launch that concerned the ability to install other operating systems—whether they be older versions of Windows, or alternatives such as Linux or FreeBSD—on hardware that sported a "Designed for Windows 8" logo. To get that logo, hardware manufacturers had to fulfil a range of requirements for the systems they built, and one of those requirements had people worried. Windows 8 required machines to support a feature called UEFI Secure Boot. Secure Boot protects against malware that interferes with the boot process in order to inject itself into the operating system at a low level. When Secure Boot is enabled, the core components used to boot the machine must have correct cryptographic signatures, and the UEFI firmware verifies this before it lets the machine start. If any files have been tampered with, breaking their signature, the system won't boot. This is a desirable security feature, but it has an issue for alternative operating systems: if, for example, you prefer to compile your own operating system, your boot files won't include a signature that Secure Boot will recognize and authorize, and so you won't be able to boot your PC. However, Microsoft's rules for the Designed for Windows 8 logo included a solution to the problem they would cause: Microsoft also mandated that every system must have a user-accessible switch to turn Secure Boot off, thereby ensuring that computers would be compatible with other operating systems. Microsoft's rules also required that users be able to add their own signatures and cryptographic certificates to the firmware, so that they could still have the protection that Secure Boot provides, while still having the freedom to compile their own software.[/quote]
Bait [t]https://a.pomf.se/ynnfrj.png[/t]
makes sense for phones, manufactures do it anyway so what's the deal
[QUOTE=Scratch.;47371376]Bait [t]https://a.pomf.se/ynnfrj.png[/t][/QUOTE] That's for Windows Mobile 10. "Win10 Desktop" says that OEMs will have the choice to disallow the user from disabling Secure Boot, which is what the fuss is about.
[QUOTE=wickedplayer494;47371411]That's for Windows Mobile 10. "Win10 Desktop" says that OEMs will have the choice to disallow the user from disabling Secure Boot, which is what the fuss is about.[/QUOTE] And OEMs that decide too will be known so consumers just buy a device that doesn't have secure boot
I also can't be arsed to type [URL="https://a.pomf.se/ztmtvy.png"]this[/URL] out again It's from /g/, expect anything besides quality posts [QUOTE=wickedplayer494;47371411]That's for Windows Mobile 10. "Win10 Desktop" says that OEMs will have the choice to disallow the user from disabling Secure Boot, which is what the fuss is about.[/QUOTE] Then if you plan on installing a linux distribution that does not have a signature, don't buy from an OEM that locks them
[QUOTE=fruxodaily;47371398]makes sense for phones, manufactures do it anyway so what's the deal[/QUOTE] well it really isn't okay for anyone to sell me a piece of hardware and dictate what software i put on it
[QUOTE=bitches;47371436]well it really isn't okay for anyone to sell me a piece of hardware and dictate what software i put on it[/QUOTE] when it comes to phones you got no choice, apple does it, some android manufactures do it and Microsoft has done it desktops + laptops i understand tho
[QUOTE=Scratch.;47371431]I also can't be arsed to type [URL="https://a.pomf.se/ztmtvy.png"]this[/URL] out again It's from /g/, expect anything besides quality posts [B]Then if you plan on installing a linux distribution that does not have a signature, don't buy from an OEM that locks them[/B][/QUOTE] thats entirely the issue here though? dont really see how its clickbait considering they are literally saying that OEMs will be able to force secure boot and it'll screw people that want to install non secureboot operating systems on that hardware. would it better if nobody reported on this at all?
[QUOTE=Scratch.;47371431] Then if you plan on installing a linux distribution that does not have a signature, don't buy from an OEM that locks them [/QUOTE] I know I'm preaching to the choir here, but ugh. most laptop manufacturers and retailers offer little to no information about the BIOS. And for gifts, a person might receive a nice laptop and want to install Kali, but the person buying the gift had no idea to check how it boots. The phone scene is already shitty as it is with hardware locks; I naievely bought an LG android phone, thinking I would get updates and be able to root it because people online can do it. But the Canadian version is fully locked down and never updated. Hardware locks suck and need to go away.
Yet another reason to self-build. Fuck that noise. [editline]a[/editline] But even then laptops are fucked over.
[QUOTE=willtheoct;47371480] most laptop manufacturers and retailers offer little to no information about the BIOS. And for gifts, a person might receive a nice laptop and want to install Kali, but the person buying the gift had no idea to check how it boots.[/QUOTE] nitpicking, but this won't be a problem [url]https://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/[/url]
Yeah sorry no. It's my computer it's my rules. If I want Secure Boot turned off [i]it is going to be turned the fuck off.[/i] Any laptop that refuses to give me this option is a laptop I wouldn't accept if you paid me to take it from you. Desktops I don't give a shit about since I build my own anyway, I am the OEM and can give myself ultimate freedom over that, but laptops I can't build myself and I do have my eyes on a few. I probably won't bother turning SB off unless it causes any problems, something I don't forsee it doing since I don't do anything that'd trigger it anyway, but on principle alone I demand the ability to do so. If I can't flick that switch I won't buy your shit, go fuck yourself.
Microsoft was offering a nice carrot in the form of all those free upgrades...I was waiting for the stick to show up.
-misread
[QUOTE=TestECull;47371564]Desktops I don't give a shit about since I build my own anyway, I am the OEM and can give myself ultimate freedom over that[/QUOTE] .....Provided there is a mobo with legacy. Which may not be a reality in 10 years.
[QUOTE=willtheoct;47371664].....Provided there is a mobo with legacy. Which may not be a reality in 10 years.[/QUOTE] The future will either be scary, or everyone will say 'what the fuck' and start fixing broken systems
Grandma protector. Not an issue, move on.
[QUOTE=Used Car Salesman;47371570]Microsoft was offering a nice carrot in the form of all those free upgrades...I was waiting for the stick to show up.[/QUOTE] TBH it's not that big of a deal. If you want to dual boot either buy the OS separate from the OEM, buy a PC with Windows 7/8 and upgrade when it becomes available or just use a virtual machine.
This worries me as ~the it guy~ since some of my tools absolutely require legacy support, and I get the feeling that I'm going to have a lot of units in repair that I'll no longer be able to run them on.
Considering how Microsoft is making Windows 10 ROMs for android devices, just go the other way around if you want both experiences. Get an Android device, plop Windows along side it. There's not all that many Windows mobile devices anyway, it would seem to be a win-win just getting an Android device to begin with.
[QUOTE=Used Car Salesman;47371570]Microsoft was offering a nice carrot in the form of all those free upgrades...I was waiting for the stick to show up.[/QUOTE] Oh yeah because using the free upgrade will suddenly enable secure boot on your computer?
[QUOTE=Used Car Salesman;47371570]Microsoft was offering a nice carrot in the form of all those free upgrades...I was waiting for the stick to show up.[/QUOTE] And here we have an example of reading the title and nothing else, not even the other posts in the thread.
So what's the problem here? This is a requirement for Windows certification, an OEM can still ship "uncertified" hardware, MS aren't going to pass up an OEM sale just because it's missing the "made for W10" sticker. OEM is basically the only place Windows makes money. And besides, if that slide is correct, it's not even a problem for desktop/ laptop users, it's an optional requirement that some OEMS might go for if they think it'll help their customers, y'know, the guys who buy HP shit because it works? Not the guys who build their own PCs and actually would consider using alternate operating systems?
[QUOTE=Used Car Salesman;47371570]Microsoft was offering a nice carrot in the form of all those free upgrades...I was waiting for the stick to show up.[/QUOTE] This has nothing to do with the free upgrades in the slightest.. This is simply an option for OEMs to take, and honestly I doubt any (decent) OEM will take the option as there is [B]literally[/B] no benefit to the OEM to forcing SecureBoot.
oemg, how could they do this to us
until you flash the bios to disable it
[QUOTE=01271;47371771]Grandma protector. Not an issue, move on.[/QUOTE] If this was real it would kill a large number of linux distros.
It's going to be dirt cheap HP's, if they feel like it. No manufacturer is going to do this on their direct-sale models. It would be a death sentence, the PC components community can hold a grudge forever.
[QUOTE=Scratch.;47371508]nitpicking, but this won't be a problem [url]https://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/[/url][/QUOTE] You're still fucked if you wanna develop kernel shit yourself. Oh you laptop you bought some time ago has permanent UEFI? well sux2beu, buy a new computer if you want do dabble with the core of the system. This is why is should permanently be required to be a option, except for government or corporate cases where security is a must. And we're talking cases where they destroy the whole laptop when it's decommissioned in order to protect data safety, not just the harddrive. So only specialty cases, and not for that shitty HP you gonna buy for granny.
Sorry, you need to Log In to post a reply to this thread.