Announcement
Collapse
No announcement yet.
New SecureBoot Concerns Arise With Windows 10
Collapse
X
-
duby229, don't bother with that troll. He obviously cannot be educated so everything you write to him will be in vain.
Originally posted by Maxim Levitsky View PostHave heard of Intel Boot Guard? Evil laugh..
I told from day one that this will happen.
The next steps on that slope are:- Hardware vendors must include Secure Boot function.
Critics are placated with an option to disable it and the possibility for users to install their own keys. ✓ - Secure Boot must be enabled by default ✓
- Optional Boot Guard technology is introduced to prevent firmware modification ✓
- Secure Boot can become mandatory if the hardware vendor chooses so ✓ << we are here
- Ability to install user keys in UEFI becomes optional
- Hardware vendors must enable Secure Boot permanently
- Boot Guard becomes mandatory
- Ability to install user keys in UEFI becomes forbidden
Originally posted by Maxim Levitsky View PostOpen source silicon is the only way around this madness but it won't happen soon I afraid.
Comment
- Hardware vendors must include Secure Boot function.
-
But what if the best motherboards are locked and you want to use OS you want? from my point of view only solution would be replace chips that has locked crap inside or steal source/keys/specs from company.
If hardware becomes like dictatorship then we must fight with ways that makes companies afraid of locking out users. No more some softy internet petitions, physical fight is only viable option.
Comment
-
-
Originally posted by Sonadow View PostGenerally I think business-class notebooks will get the option so that sysadmins can use cloning software to image the machines. I already had problems with cloning Win 8 machines in my company with established software such as Acronis, Commodo and Ghost, all of which were addressed when I disabled SB for the cloning process, then subsequently enabled after the cloning was done.
On another note, I have a feeling OEMs may remove the option to disable SB, but retain the option to load custom certificates. If that is the case, distributions will need to make sure that they ship the cert together with the image so that it can be enrolled in the SB database.
Most likely mobo makers will have Win8/10 certified boards so if that's the case I'd make sure I can at least load a custom cert and also make sure a signed kernel is used. Looks like distros will have to soon make sure their live cd's have a signed kernel in order for them to boot.
Comment
-
Originally posted by DeepDayze View PostI would most likely check on whether a particular mobo supports disabling SB especially for Win10. If not I will look elsewhere.
Most likely mobo makers will have Win8/10 certified boards so if that's the case I'd make sure I can at least load a custom cert and also make sure a signed kernel is used. Looks like distros will have to soon make sure their live cd's have a signed kernel in order for them to boot.
Comment
-
Originally posted by tuuker View PostIf we do not act now then in future every machine must have "approved" and even connected to internet to work.
If the x86 PC market were to become a closed ecosystem we all may need to move to ARM or another alternative architecture in order to still have Linux freedom. In any event I am keeping my older systems running as long as they can
Originally posted by nanonyme View PostAfaik most major distros already do SB signing. It's these tiny forks and mini projects that may end up taking a hit if SB can't be disabled anymore
Comment
-
Originally posted by chithanh View Post- ...
- Boot Guard becomes mandatory
- Ability to install user keys in UEFI becomes forbidden
Comment
Comment