Main Area and Open Discussion > General Software Discussion

It's official - Linux Foundation Secure Boot System Released

<< < (2/5) > >>

40hz:
Can someone distill the implications here? I've got my own take, but it may be skewed as I don't really like being controlled...
-Renegade (February 09, 2013, 11:34 AM)
--- End quote ---

Distilled and in 25 words or less: I'm afraid your take is likely to be 100% correct. 8)

------------------------

Hmm...Wonder how long it's going to be before somebody innovative (like Gigabyte) introduces a true dual-boot mobo that you can soft switch to boot either via UEFI or traditional BIOS.
 :tellme:

f0dder:
Hmm...Wonder how long it's going to be before somebody innovative (like Gigabyte) introduces a true dual-boot mobo that you can soft switch to boot either via UEFI or traditional BIOS.-40hz (February 09, 2013, 01:18 PM)
--- End quote ---
"Legacy boot" == BIOS.

They're already there - I doubt you're going to find a retail motherboard without that functionality.

40hz:

They're already there - I doubt you're going to find a retail motherboard without that functionality.
-f0dder (February 09, 2013, 01:49 PM)
--- End quote ---

I'm interested in one that can more easily toggle between than the current ones seem to be set up to do.

Right now it seems to be handled more like a setting - as in something that doesn't normally get selected each time you fire it up.

Although that may also be because I just haven't seen a mobo that does it that way yet. ;D

Jibz:
I am not sure I quite understood how exactly this works yet, but off the bat it sounds like a compromise such that:

A) Techy people can go through some hoops to continue booting whatever Linux they like on their machine, stopping them complaining

B) Non-techy people have little chance to try anything but Windows on their machine, stopping Microsoft worrying

f0dder:
I'm interested in one that can more easily toggle between than the current ones seem to be set up to do.-40hz (February 09, 2013, 02:20 PM)
--- End quote ---
Right, you want it as a boot-time hotkey kinda thing, rather than a flip-flop in the firmware configuration?

Dunno about that - doesn't seem too important to me. If you often need to dualboot between a legacy OS and a secureboot OS, you're probably enough of a power user that you don't need SB, so just turn it off... but OK, we might not be able to legacy-boot Windows in the future. OK, that's a valid concern.

So, why not just shim-secureboot the legacy OS? (Or "real-secureboot" it after installing the right keys in your firmware)? You can leave SB enabled, and boot both whatever-restricted Windows as well as whatever other OS you've installed keys for? Sure, it's more work than now, but it's doable.

As long as Microsoft sticks to the things they've promised, and outlined in their current Windows certification documents. And that ___is___ a big if, IMHO - and I don't take that for granted.

A) Techy people can go through some hoops to continue booting whatever Linux they like on their machine, stopping them complaining-Jibz
--- End quote ---
Yup, on x86 anyway - ARM is locked.

And it's not that bad, hoop-wise (for now!). First off, even if you turn off Secure Boot, Win8 will keep booting as happily as it did with SB enabled - you'll just have a bit less system protection. (There's no guarantee that it'll keep behaving this way, though, and one could imagine DRM requiring SB enabled).

Toggling SB on/off depending on booted OS is somewhat annoying if you dualboot and change booted OS a lot. If that's a realy annoyance to you, keep SB enabled, and use a 3rd party SB-signed bootloader (like the Shim I've mentioned a gazillion times by now), and you won't have to disable SB even when booting legacy OSes. You'll be eschewing some safety by not booting a chain of fully trusted drivers, but that's fine with us developer types. And of course there's going to be linuxen around that actually do have a fully verified boot chain.

B) Non-techy people have little chance to try anything but Windows on their machine, stopping Microsoft worrying-Jibz
--- End quote ---
People who are brave enough to attempt installing <whatever> alternative OS - or even booting from a LiveCD - should have no trouble doing the additional tiny step of disabling Secure Boot (or trying a linux distro that has a signed bootloader). I really do not see the problems for this usecase.



Once again, however, I'll have to add the disclaimer that this is how things are looking right now, with the current Win8 logo certification guidelines, et cetera ad nauseam. We should all be weary and wary - but at the same time, we should stick to facts.

Navigation

[0] Message Index

[#] Next page

[*] Previous page