OEMs Allowed To Lock Secure Boot In Windows 10 Computers

[Speedbird]

What relevance does that have to Secure Boot? Can you please tell me your argument again because I don't understand how it is relevant at all.

 

 

Because of complicated workarounds which has a chance of bricking your phone, and breaking when updating it.

 

 

That remains to be seen.

 

 

Hmm I see. If that's the case then this will "only" be an issue for laptops.

I brought up the MSDM table just to show that UEFI is moddable.

And this will be an issue in prebuilt desktops too. But I would suggest custom built anyway.

[LAwLz]

I highly doubt it.

Smartphones arent desktop pcs.

They are much more restrict , just look at apple.

Desktop pcs allow you to access much lower levels and have more flexilbility.

They can TRY to do that shit but the market will not respond favorably and they will lose money.

Like nvidia did with the locked voltage on laptops , people were pissed.

Stressand effect will kick them in the ass and they will regret ever fucking pondering about that.

I have seen the opposite happen far too many times to be as optimistic as you are.

You are also using circular logic. "Smartphones are more restricted because they are restricted". We did see people get really mad when more and more restrictions were added to smartphones but after a while it just became the accepted standard.

[zappian]

I have seen the opposite happen far too many times to be as optimistic as you are.

You are also using circular logic. "Smartphones are more restricted because they are restricted". We did see people get really mad when more and more restrictions were added to smartphones but after a while it just became the accepted standard.

 

 

Except the people that buy smartphones are more casual users while people that build desktop pcs like to fiddle with things and will get pissed when something gets locked.

Look what happened when nvidia started locking voltage and settings on oc for laptops.

People got mad , they took a step back.

We are talking about totally different demographics and devices.

[AlexGoesHigh]

you guys know that microsoft allows devs to certifies their code to be compatible with secure boot right? http://blogs.msdn.com/b/windows_hardware_certification/archive/2013/12/03/microsoft-uefi-ca-signing-policy-updates.aspx, yeah some details are a bitch like no support for stuff under gplv3, but its not a wall of china type of thing, is more of a border roadblock scenario, yeah is still scummy, but is not exactly as you guys make it sound like

[zappian]

you guys know that microsoft allows devs to certifies their code to be compatible with secure boot right? http://blogs.msdn.com/b/windows_hardware_certification/archive/2013/12/03/microsoft-uefi-ca-signing-policy-updates.aspx, yeah some details are a bitch like no support for stuff under gplv3, but its not a wall of china type of thing, is more of a border roadblock scenario, yeah is still scummy, but is not exactly as you guys make it sound like

 

I have personal experience with this.

I was working on a pc and BY DEFAULT it was locked to windows 8 because of secure boot.

Insert bootable media of another OS say windows 7 or linux distros or whatever and he ignores it.

Its confusing for me and now imagine for the average computer user that has little experience with these things.

[AlexGoesHigh]

I have personal experience with this.

I was working on a pc and BY DEFAULT it was locked to windows 8 because of secure boot.

Insert bootable media of another OS say windows 7 or linux distros or whatever and he ignores it.

Its confusing for me and now imagine for the average computer user that has little experience with these things.

the way i understand it, is that devs have to work with this, once the implementation is complete and into whatever thing that uses a bootloader, its going to work like normal, like zero user input required, i think some linux distro already support it, recent ubuntu distros use shim to work with secure boot though it seems to be hit or miss depending on the hardware http://askubuntu.com/questions/493409/is-disabing-secure-boot-needed-for-ubuntu-14-04-dual-boot-with-windows-8-uefi

[JLCitadel]

So my question is why? There has to be some logical reason, at least from their standpoint, for doing this. Surely this wouldn't just be decided on a whim.

 

Easy answer, they're adopting any 'partial' customers and phasing out the competition. In actuality it's a genius marketing strategy, between making windows 10 free to upgrade, even for those with cracked copies. Then having people who buy pre-builts locked with it.

 

This essentially makes everyone who owns windows legally or illegally and those less tech savy/wealthy (to custom build) permanently their customers, while phasing out the competitors from prebuild modders.

[zappian]

Easy answer, they're adopting any 'partial' customers and phasing out the competition. In actuality it's a genius marketing strategy, between making windows 10 free to upgrade, even for those with cracked copies. Then having people who buy pre-builts locked with it.

 

This essentially makes everyone who owns windows legally or illegally and those less tech savy/wealthy (to custom build) permanently their customers, while phasing out the competitors from prebuild modders.

 

 

Microsoft right now.

[LAwLz]

Except the people that buy smartphones are more casual users while people that build desktop pcs like to fiddle with things and will get pissed when something gets locked.

Look what happened when nvidia started locking voltage and settings on oc for laptops.

People got mad , they took a step back.

We are talking about totally different demographics and devices.

Oh please... 90% of people who build their own desktops are very casual as well. Like I said before, people got mad when for example Samsung implemented the KNOX counter but do you see anyone even talking about it anymore? The Internet has the attention span of a gold fish. If some manufacturer sticks to locking secure boot then there will be an outrage for a few months, their sales won't drop that much (because the vast majority of their sales are from prebuilds or people who build but don't care) and then everyone will accept it.

 

There is a massive overlap in the demographic of PC builders and smartphone users.

 

I am not saying it is a conspiracy. I am saying similar things have happened several times before and you are naive to think that it won't happen again.

Maybe you can explain to me why they made this change unless someone is planning on using it? Or maybe you think they changed their policy just for fun?

[Sauron]

I just hope it doesn't become a thing on laptops... I wouldn't buy a prebuilt desktop anyway, but for laptops there's not much of a choice...

[BashZeStampeedo]

the way i understand it, is that devs have to work with this, once the implementation is complete and into whatever thing that uses a bootloader, its going to work like normal, like zero user input required, i think some linux distro already support it, recent ubuntu distros use shim to work with secure boot though it seems to be hit or miss depending on the hardware http://askubuntu.com/questions/493409/is-disabing-secure-boot-needed-for-ubuntu-14-04-dual-boot-with-windows-8-uefi

 

This was "fine" as long as the consumer had the choice to disable the feature, and load up whatever boot device they wanted. But if in order to be Win10 certified, a prebuilt will need to disallow that choice, then it's no longer "fine". Not even cellphones and tablets are so restrictive that you cannot load up your own OS if you so choose... heck, even Apple systems let you boot Linux if you wish, without you or the developers having to have Apple's pre-authorized permission just for the privilege (not that I expect Apple to abstain from doing so for long, if MS is allowed to get away with this).

[Nexxus]

Not liking this one bit and this is from someone who solely uses windows...whos to blame for this? Microsoft? or mobo manufacturers? 

[LAwLz]

Not liking this one bit and this is from someone who solely uses windows...whos to blame for this? Microsoft? or mobo manufacturers? 

Microsoft for forcing manufacturers to not only include it but also have it enabled by default.

The manufacturers for not including an off switch (if they don't do it).

[AlexGoesHigh]

This was "fine" as long as the consumer had the choice to disable the feature, and load up whatever boot device they wanted. But if in order to be Win10 certified, a prebuilt will need to disallow that choice, then it's no longer "fine". Not even cellphones and tablets are so restrictive that you cannot load up your own OS if you so choose... heck, even Apple systems let you boot Linux if you wish, without you or the developers having to have Apple's pre-authorized permission just for the privilege (not that I expect Apple to abstain from doing so for long, if MS is allowed to get away with this).

you missed the point of my post, which is to say that secure boot can be supported by other bootloaders if their are certified, because on that askubuntu thread the top response says that you can install ubuntu with secure boot on but there are some caveats right now for it to work, at most, secure boot is just making linux devs make GRUB 3, or something to replace GRUB 2, to boot in newer hardware, because if it was a straight fuck you all from microsoft they wouldn't allow certification, yes its annoying and seems unnecessary but is not a 100% block like this thread is making out to be, also apple just ditched bootcamp support for windows 7 on the recent macbook air and pro refresh, 

[alicskysareblue]

 

http://tech.slashdot.org/story/15/03/20/2039251/oems-allowed-to-lock-secure-boot-in-windows-10-computers

 

TLDR?

Screw Linux and other operative systems , with the original bios in some computers you will only be able to use windows 10 .

YOU WONT BE ABLE TO INSTALL ANY OTHER OS.

I was able to turn off secure boot on the prebuilt i was working on for a client but now the gates of hell are open

this is untrue, secure boot has a white list, so in order for  linux to boot up it has to be whitelistedm currently (as far as I know) ubuntu and red hat are supported, I would also assume debian and Suse to be supported as well.

 

PLEASE fact check before you make a claim like this.

[BashZeStampeedo]

you missed the point of my post, which is to say that secure boot can be supported by other bootloaders if their are certified, because on that askubuntu thread the top response says that you can install ubuntu with secure boot on but there are some caveats right now for it to work, at most, secure boot is just making linux devs make GRUB 3, or something to replace GRUB 2, to boot in newer hardware, because if it was a straight fuck you all from microsoft they wouldn't allow certification, yes its annoying and seems unnecessary but is not a 100% block like this thread is making out to be, also apple just ditched bootcamp support for windows 7 on the recent macbook air and pro refresh, 

 

No, I understood just fine. I just don't agree that MS should be in charge of what is allowed to boot on a commodity PC, if the OEM also wants it to be certified for Windows (which is the next logical step in the progression here). MS should not be in control of what my prebuilt is allowed to run, nor any other company. It doesn't matter how fairly and quickly they keep the list of sanctioned OSes up-to-date, or how easy updating the BIOS is to update the whitelist.

 

Apple's Bootcamp support isn't important as long as I can install whatever OS I wish on the device and dual-boot anyway. It is an addition of pure convenience to begin with. By contrast this UEFI requirement for certification is an artificial restriction, and if it cannot be disabled then it is no longer worth the alleged benefits of Secure Boot in my estimation.

[Nexxus]

Microsoft for forcing manufacturers to not only include it but also have it enabled by default.

The manufacturers for not including an off switch (if they don't do it).

tsk tsk on both parties.

[AlexGoesHigh]

No, I understood just fine. I just don't agree that MS should be in charge of what is allowed to boot on a commodity PC, if the OEM also wants it to be certified for Windows 10. MS should not be in control of what my prebuilt is allowed to run, nor any other company. It doesn't matter how fairly and quickly they keep the list of sanctioned OSes up-to-date, or how easy updating the BIOS is to update the whitelist.

 

Apple's Bootcamp support isn't important as long as I can install whatever OS I wish on the device and dual-boot anyway. It is an addition of pure convenience to begin with. By contrast this UEFI requirement for certification is an artificial restriction, and if it cannot be disabled then it is no longer worth the alleged benefits of Secure Boot in my estimation.

the benefit and purpose of secure boot is to block malware, other that that, i agree that ms being a gatekeeper for what can be installed on the hardware is unnecessary, my point is just that it seems everyone is going mad without knowing there can be a whitelist and that linux devs are going to make a compatible bootloader, because leaving aside the bullshit of gatekeeping secure boot is not a bad idea 

[kpreg]

can you even reset windows with this? sorry if this sounds dumb, haven't had my coffee yet today

 

 

then you'd be honored with the privilege of the ask toolbar and a free McAfee uninstallable 30 day trial

[BashZeStampeedo]

the benefit and purpose of secure boot is to block malware, other that that, i agree that ms being a gatekeeper for what can be installed on the hardware is unnecessary, my point is just that it seems everyone is going mad without knowing there can be a whitelist and that linux devs are going to make a compatible bootloader, because leaving aside the bullshit of gatekeeping secure boot is not a bad idea 

 

I see. I agree, though I do think that "being mad" is the correct response for this, once someone knows the issues well enough. I don't think it's the right solution for this problem, and feel that MS is steamrolling ahead with it despite others' upset for no reason other than that they can.

[AlexGoesHigh]

can you even reset windows with this? sorry if this sounds dumb, haven't had my coffee yet today

 

 

then you'd be honored with the privilege of the ask toolbar and a free McAfee uninstallable 30 day trial

it means you can't install uncertified software (as in operating systems or different bootloaders, not you chrome or whatever that runs in the os) to the computer doesn't mean you can install something a number of times, so yes you can install it whoever you want though i dunno if its going to work with 7 and below because those aren't certified since this wasn't in place on that time

[Misanthrope]

the benefit and purpose of secure boot is to block malware, other that that, i agree that ms being a gatekeeper for what can be installed on the hardware is unnecessary, my point is just that it seems everyone is going mad without knowing there can be a whitelist and that linux devs are going to make a compatible bootloader, because leaving aside the bullshit of gatekeeping secure boot is not a bad idea 

 

I have a question since you seem to have a firm grasp on this subjects: Subsequent versions of the implementation require a new white listing process? Because someone with the resources Microsoft has can easily kick the ball away for everyone else so to speak, supporting a new version of it to coincide with a major release like Windows 10. The system henceforth, can easily be abused to just go "Oh everybody else needs to go get white listed and code for this new version, Meanwhile New Windows 10 free for all! Right now, this summer in fact (since Gabe Newel committed to a November release we can know jump ahead of him) At least that's what I'm thinking but I don't know exactly how hard is for people to get recertified so to speak. 

 

Seems to me like this is a system aimed at one of Linux core vulnerabilities which is it's fragmentation and inability to quickly response vs a centralized entity like MS

[RexinOridle]

Why I avoid prebuilts part I .

 

But too bad we aren't building any notebooks anymore.

[LAwLz]

the benefit and purpose of secure boot is to block malware, other that that, i agree that ms being a gatekeeper for what can be installed on the hardware is unnecessary, my point is just that it seems everyone is going mad without knowing there can be a whitelist and that linux devs are going to make a compatible bootloader, because leaving aside the bullshit of gatekeeping secure boot is not a bad idea 

Secure boot is a good idea, but ONLY if the consumers has full control over it. With this change we might not have control anymore.

I agree with Linus Torvalds is completely right about this.

 

It's a shame that we are now moving towards these "horribly horribly bad things" he spoke about.

[AlexGoesHigh]

I have a question since you seem to have a firm grasp on this subjects: Subsequent versions of the implementation require a new white listing process? Because someone with the resources Microsoft has can easily kick the ball away for everyone else so to speak, supporting a new version of it to coincide with a major release like Windows 10. The system henceforth, can easily be abused to just go "Oh everybody else needs to go get white listed and code for this new version, Meanwhile New Windows 10 free for all! Right now, this summer in fact (since Gabe Newel committed to a November release we can know jump ahead of him) At least that's what I'm thinking but I don't know exactly how hard is for people to get recertified so to speak. 

 

Seems to me like this is a system aimed at one of Linux core vulnerabilities which is it's fragmentation and inability to quickly response vs a centralized entity like MS

honestly i researched this topic after this thread pop'ed up because it doesn't make any fucking sense to make a hardware "standard" that only works with windows and that's it (or rather that the hardware can be controlled by the software vendor), right now microsoft seems to be the one giving certs to compliant software and once you have a cert it works with the current implementation of secure boot which so far is the same since its release in 2011, these are the requirements to be certified which i linked 2 pages back, so far it notes a change to the process but doesn't said approved software need to re submit, my guess is that depends on what they do with a newer version of secure boot, maybe it will support current certs, maybe not, idk it could go both ways, i'm learning a bit towards that it might since its already approved software

 

also secure boot itself isn't microsoft pure work, its a feature of the UEFI standard, though microsoft is the most involved with this, the more i read about it the more convoluted it gets due to legal shit and what not, right now for linux the best fix is to use an independent bootloader with its own key that can be used by other distros,