Not a chance. End user has to have the rights to do whatever he wants with his computer. M$ can eat dirt if they want, but nothing more.

This is complete nonsense, and factually incorrect. Please stop spreading FUD, you are completely wrong here.

People confuse secure boot with "my system is safe", which is not what it intends to do. Secure boot will not prevent viruses, or people pwning your system.

But it does cause your system to stop operating in case the system has been found to be compromised (unless, as you point out, the firmware itself, or secure boot is compromised). UEFI Secure Boot will certainly help to protect against boot sector exploits (not to mention that EUFI basically does away with the MBR magic).

No it was intended to be a vendor lock-in mechanism with the excuse that it would prevent unprotected code from booting. If MS had simply admitted what it was instead of making up an excuse for its existence I doubt it would be as heavily targeted today as it is.

MS created the excuse and now it is only a matter of time until secureboot is completely compromised with the largest selection of boot viruses the world has ever seen. It would -not- have happened if secureboot never existed. This means that the next generation of viruses are going to be largely OS agnostic. They wont need an OS to function.

MS is just completely retarded. Everything they do blows up. This isnt going to be any different.

I have not yet heard from something like that.

Intel is one of the companies working on UEFI, and therefore UEFI Secure Boot. As I said, ARM Secure Boot is something completely different as far as I know.

UEFI Secure Boot has nothing to do with Windows 8, which is what gets people confused.

I've called "UEFI Secure Boot" by a more descriptive name before: "UEFI Validated Boot". In effect, your system isn't secure at all, but at least parts of the boot sequence were *validated* during the boot process. Consequences are:

- something modifies kernel code during boot? you're pwned
- something runs in unprivileged mode? you're pwned
- something modifies your kernel file? you won't be able to boot
- something attempts to upload a trojan driver? you won't be able to boot or possibly load that driver

Second, NOTHING, absolutely NOTHING prevents a hardware vendor from shipping a system with UEFI Secure Boot enabled with e.g. Linux and NO Microsoft keys, and instead their own keys or someone elses keys. (hell, YOU can even do this).

(again, I'm not talking about ARM here)

UEFI/secureboot is complete vendor lock-in crap.
I've been using computers for decades, and I program for a living. I like to think that I know my way around a computer.
I still had to follow a guide + it took about 2 hours just to get windows 8 off my laptop and linux onto it. I had to actually disable UEFI and fallback to legacy BIOS because I couldn't install anything else.

Absolutely ridiculous.

This is just speculation. Nothing more. You're not helping.

I'm sure this is a legitimate complaint. There will be many users with this problem. Bottom line is that you succeeded.

What system was this? Did the vendor provide documentation to you? Did you contact the vendor support line?

Except that it is MS that issues keys. If I can use... say Redhats key (that was issued from MS).... for a livedvd that I publish, what would prevent a bootloader virus from using the exact same key?

And that is my point. It isnt speculation. Its fact.

To clear things up

OFC UEFI SecureBoot doesn't have anything directly to do with Win8, because Intel developed it in the first place. But now comes the magic: Guess which software company forces its hardware-partners to use their keys in order to keep their Windows 8-license? I hope you didn't struggle to find this out.

And to be realistic, surely everybody can be his own key-publisher, but his imposes two fundamental problems:
- No hardware vendor goes Linux only (and I am not talking about sporadic Linux-machines)
- How much sense does this make, when everyone is free to author those keys? The end-users doesn't care and if the system hadn't been broken already, it would still suffer from fundamental problems in regards to actually securing the system.

I might have been not clear enough, but I know of the non-security of SecureBoot. Most attacks don't even focus on modifying the bootloader, and even if you tried, it is very hard to actually achieve something with it. The days are over when you wrote viruses to just break someone's computer by messing up his MBR.
Today, when you write a virus, you want to set up a botnet. And setting up a botnet is easiest by sneaking into a system without changing too much (speaking of boot parameters) and staying in userspace.

Talking of userspace, this is where Microsoft lacks today: Windows didn't change fundamentally in regards to their security: I guess, instead of working on security more thoroughly they rather focus on cementing their monopoly in the interest of a feigned "security" to shut the users up.