Nothing to see here

It is a $99 key with money going to Verisign no Microsoft

Its likely to fall under anti competitive laws if OEM's don't include the option to turn it off.

A few questions:

Microshaft is supposedly leaving it up to the OEMs to decided whether or not to permanently lock "secure"-boot to always ON.. So lot of people say "It isn't microsoft's fault if you can't disable SB, it is the OEM's fault"............

Non-rhetorical Question: How likely do you guys think it might be that microsoft gives some type of incentives (probably financial) to OEMs that choose to disable the option to turn OFF "secure"-boot?.. Is that likely to happen? Or is that idea just kind of crazy and conspiracy-sounding?

An other Question: Some one said that we can just use BIOS for as long as possible, but I was wanting to use GPT on my next install.. Can BIOS use GPT some how? Or do you have to have UEFI to use GPT?..


Also, this thread is the first time I have heard of Intel Boot Guard.. That sounds evil as hell.. (I have always bought only AMD stuff, so probably why I have never heard about that until now).. That would piss me off if I can't install coreboot on some thing only because it would have Intel Boot Guard..
Honestly, I know intel contributes to linux code some times, but the way they act has always made me very wary of them.. (Like how they pay OEMs lots of money to only use intel CPUs and not use AMD....very underhanded tactic)..


In a way, it is very naive of microsoft (and maybe intel) to think that they can just force every one to use only windows by locking down the hardware.. If any of the linux users are like me, they will never use windows.. I haven't used windows since xp.. And seeing how windows has turned in to such a giant train wreck with their latest versions......I could never go back to that crap.. I have made literally hundreds of bash scripts on my computer, that do all sorts of convenient automated jobs for me, and some of them run often using cron.. windows batch programs don't even have 1% of the power that bash scripts have......I would have to do every thing manually on windows.. Screw that crap..
Point is: I would be damned to the lowest echelons of hell before I would ever use windows again, and I am sure there are many other linux users that feel the same way.. By making linux impossible to use on computers won't just magickally make all linux users switch to windows.. We will not just disappear.. If I can't use linux any more, I am going to have a lot more free time on my hands....Time enough to protest in front of some redmond-based buildings, or time enough to keep hacking away at hardware until I can get it to boot linux..


I want to state again (like other people in this thread have): We really do need some type of open hardware to start being produced by some one (any one), even if isn't the fastest and greatest at first..
My ultimate fantasy would be a future where people can 3D-print out all of their open computer hardware.. OEMs would become obsolete.. Motherboards/etc blueprints would just constantly be updated by the community just like how linux kernel is managed now, and any time you need a new motherboard or some thing, just print one out..

It does seem like a good time to (nicely) remind your OEM of choice that maintaining the ability to install and run a different OS on each of their SKUs is a critical requirement for an influential segment of their customer base.

Not arguing at all, John, but it's such a damn small segment of their customer base, do the OEMs really give a shit? The way I see it is the workstation people and enterprise users won't even think twice about some (another) $99 fee for this or that...they're used to that and it's all a write-off anyway. But beyond that...I mean, seriously. Is ASUS or Gigabyte really going to maintain a separate SKU for desktop Linux, or any of their laptops, just to accommodate the Linux hobbyists?

How to boot GPT disks indirectly when not using UEFI

This is sometimes simple: a boot partition on another device using the old ms-dos partition format. Any old junk drive can be used, or even a flash drive. Be sure to flag one partition "bootable." For the basic case of the machine POSTS but simply won't boot a GPT partition, this is all you need. One the kernel is loaded, everything else is just a data disk.

Unfortunately, there are some BIOS firmwares that will hang on attempting to detect a GPT disk. In really ugly cases you might have to boot from the MBR voliume,. then hotplug the GPT drive. In this case the whole OS except most of the big data directories on /home should be on the MBR (msdos) formatted drive. Make a bunch of symlinks in /home that point to directories on the big disk, they will break on boot but unbreak when the big drive is mounted. This is similar to how I handle a 3 disk RAID that I prefer to let spin down when I am just using the Internet or a game and don't want to waste 30 watts spinning the 6TB RAID voliume. The exception is I don't have to boot with the disks removed, though I certainly can. I would never want booting to depend on every drive coming up, there are just too many of them!

If you install a hotplug drawer for the big drive, you can boot with the cover loose and /home will come up with the symlinks broken. Have the drive listed in /etc/fstab so it always comes up to the same mountpoint and the links will become active when you close the cover, let the disk come up, and run sudo mount -a to force it to mount.

Get InstaPundit on the case and sit back and eat the popcorn as you watch OEMs suddenly care. Seriously if you get Reddit and 4Chan... well I guess 8chan now to email-bomb them of course they're going to care.

If they had to make a new SKU for Linux users that would be a tougher sell, but in this case I think we're just saying "don't remove the ability to disable SecureBoot".

If you use the word "hobbyists" the eyes will glaze over and they'll think "go get a Sinclair", but the point I've used is that you tend to find a lot of Linux users among sys admins, system architects, and pretty much everything in between -- so while the "Linux for personal use" segment may be small I do believe it is influential beyond what the numbers would suggest. I haven't checked recently, but last time I looked there was also relatively more Linux use in universities & colleges, and that is industry shorthand for "the people who will be making buying decisions a few years down the road".

AFAICS the biggest problem OEMs have with the Linux market is that it's so damn hard to measure because you can't do the nice simple "count the OS sales" think that works for Windows or "count the HW units" that works pretty well for MacOS. The fact that OEMs are still struggling to configure Linux preload SKUs that actually match what Linux users want to buy is a problem too, but we don't need to solve that problem for this particular issue, we just need to get OEMs to not take the SecureBoot option OUT of their BIOS images.

One more possibility: same board may have more than one UEFI image

There might be one more workaround: the same basic board might be sold by more than one vendor with more than one BIOS. For instance an "enthusiest" board may exist that uses the same chipset, SATA controller, etc. All would be signed with the same the northbridge key if we are dealing with boot guard and it came from the same manufacturer, unless they get really crazy and use a different key for every fucking BIOS. Using an external device to force-flash the enthusiest BIOS onto the consumer board might work, possibly disabling some functions like onboard networks, onboard SATA, etc that may be different. If the board will then POST, it can be unlocked assuming the enthusiest BIOSs continue to support unlocking all features. Drop in expansion cards for anything that got knocked out and you are good to do. If the board is "bricked," well, you used an external device to flash it and can flash the orignal UEFI or anything else back onto it the same way. The board cannot be so easily bricked for good, because it need not POST to be flashed this way.

So, Just say NO to M$ !

This is why NO ONE should purchase Microsoft Surface anything...
And if you do/did, then you're an Ediot !

John, you are still an AMD employee, no? Will it be possible to say, work with AMD's relevant departments and send a memo or note out to OEMs saying that AMD will like it if the option remains standard in all machines? Or even better, maybe work out something with the Intel guys to the same effect?

With all the work Intel is sinking into the kernel and in Mesa, I am very certain they too don't want to see notebooks using their hardware locking out alternative systems just because OEMs want to save some chump change now that Microsoft has chosen to let them decide for themselves whether the option remains or not.

Personally, for me SecureBoot is not much of an issue because my work can shuffle between both Windows and Linux seamlessly, so if I am locked out from using Linux I can always fall back to my SurfaceRT or a Windows notebook to get my job done without any hiccups, but given the choice i'd like to have the freedom to use both as and when desired.