I'm not contradicting anything. I'm pointing out that the supposedly evil secureboot that was supposedly a giant conspiracy to prevent Linux from ever being installed on new hardware didn't actually stop Linux from being installed on new hardware. And that freedom to install Linux had nothing to do with this hack* either. Meanwhile, I'd love to kick out the bloated locked-down Android installation that's on my phone but I can't do it. And no, even "rooting" a phone in an unreliable manner to slap on another Android image isn't good enough just like having to hack and "root" a Windows PC to go from Windows 10.1 to some other minor variant of Windows wouldn't exactly make that an open platform either.


* Which incidentally is being massively overhyped: Microsoft's signing key did not leak out and that stupid website doesn't post the supposed "golden key" at all. Instead, they just discovered a bypass in the secureboot process that was put in to enable debugging where the secure boot process just says: What the heck, I'm in debug mode so I'll load this code whether it's signed or not. That's vastly different from actually having access to Microsoft's private key.

lewl I saw that coming; I knew, that this going to happen, one way or another, from the very day I learned about the signing.

I kind of loosely followed https://wiki.gentoo.org/wiki/Sakaki%...ng_Secure_Boot

I don't think everything from that link worked for me though, i.e. efi-updatevar didn't like my UEFI, so I just copied public keys into my EFI partition, rebooted into UEFI imported them from there. Another change is that I didn't keep backup of microsoft key, so if you do this you can skip a lot of steps in that tutorial.

The scripts for generating keys and signing bootloaders are: http://pastebin.com/fDXg3SYW (you might need to adjust some paths but it should not be too hard)

Back then Secure Boot was an issue for both camps, as most UEFI firmwares weren't (many still aren't) able to turn it off without a firmware upgrade first to a later version, so whatever was new had to stay locked to Windows for a year or so.
Many many UEFI don't accept custom keys, so you can only disable it alltogether.

THat said, yes, it clearly was a way to get more control over what could run in UEFI systems, why does MS have the master key? Because they were the ones you had to pass through to get "official" keys

Nah, we had malware in MBR area on HDDs, but they won't touch UEFI boot process because they like fair play.

Secure Boot should have been like the one on Android (or embedded anyway) if it was for Microsoft. Point is, OEMs and hardware manufacturers weren't that OK with it so it never went like that.

Btw, This is great news for running custom roms on Windows Phones.

For us, this is really a non-problem. Unless you can't replace or disable the Microsoft key in the UEFI menu, or were using one of these Microsoft-issued keys.
You can still install your own trust chain if you could, and it won't be altered.

That said, it opens a whole new world of custom OS installations on some of the most locked down Microsoft products (phone and RT).
I would be interested in knowing whether the Xbox one is affected or not. This could get really interesting.

How can something be secure if something called "The golden key" even exists

Actually it references the cracking scene. Cracked games had a "cracktro" like this one.

I had to scratch my head for a minute on that one, website looked perfectly ok, no trippyness, just a bunch of text, the way the internet was meant to be.
Then I noticed the unobtrusive blue bar at the bottom of the screen... oh right, "Scripts Currently Forbidden".

Seriously dude, you need to use noscript plugin. It makes the internet a WAY happier place.

So... you're trying to be sarcastic? News for you: sarcasm doesn't work over the internet, because nobody can see your intonation and facial expression.

How unreliable is it to run "fastboot oem unlock" or "fastboot flashing unlock" (new form)?
Oh right, you have a locked out SAMSUCK. Why would you even BUY a SAMSUCK? Its not as if there aren't a billion websites telling you that they're crippled crap with bloat.
Buy a GOOD phone, unlock the bloody thing, and build a boot image from AOSP source with TWO patches and ONE extra file;
(1) System core patch: https://github.com/seSuperuser/AOSP-...tem_core.patch
(2) sepolicy patch: https://github.com/seSuperuser/AOSP-...sepolicy.patch
(3) "su" binary located at /sbin/ built from: https://github.com/seSuperuser/Super...peruser/jni/su

Then you install superuser application as any other application, either built from source (same repository as the su source) or from play store: https://play.google.com/store/apps/d...uperuser&hl=en

So do tell me... where are the "hacks"? Where is the "unreliability"?