Stories
Slash Boxes
Comments

SoylentNews is people

Windows 10 May Make the Secure Boot Lock Out a Reality for Alternate OSs

posted by martyb on Saturday May 30 2015, @01:52AM   Printer-friendly
from the Embrace-Extend-Extinguish dept.

ticho writes with an Ars Technica report:

At its WinHEC hardware conference in Shenzhen, China, Microsoft talked about the hardware requirements for Windows 10. The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down.

The presentation is silent on whether OEMs can or should provide support for adding custom certificates.

[Original Submission]

 
This discussion has been archived. No new comments can be posted.
Windows 10 May Make the Secure Boot Lock Out a Reality for Alternate OSs | Log In/Create an Account | Top | 55 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Nerdfest on Saturday May 30 2015, @02:49AM

    by Nerdfest (80) on Saturday May 30 2015, @02:49AM (#189955)

    This is really pushing the bounds of abuse of monopoly again.
    Boy, I wish someone saw this coming.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 5, Interesting) by frojack on Saturday May 30 2015, @03:10AM

    by frojack (1554) on Saturday May 30 2015, @03:10AM (#189966) Journal

    I suspect you are thinking too small.

    This plan has to originate higher up than Microsoft. After all, software running before boot time was never a common avenue of attack.
    However, if you wanted to make sure a secure system was never installed, this would be the way to do it.

    Who would have an interest in making sure a compromised from the factory OS was always on the machine?

    --
    No, you are mistaken. I've always had this sig.

    • (Score: 4, Touché) by opinionated_science on Saturday May 30 2015, @05:17AM

      by opinionated_science (4031) on Saturday May 30 2015, @05:17AM (#189990)

      The fact is the safest way to boot any machine is to compile from source and then sign with your own key.

      Of course, getting a safe compiler....

      This soft of anti-competition measure is to be expected and why Microsoft cannot be trusted for ANYTHING...not that I did before. Let's not start about Oracle...

    • (Score: 2) by Runaway1956 on Saturday May 30 2015, @02:01PM

      by Runaway1956 (2926) Subscriber Badge on Saturday May 30 2015, @02:01PM (#190104) Journal

      You know that you're paranoid, right/

      Of course, the fact that you are paranoid doesn't mean that they aren't out to get you!

      Let's say that I can't agree or disagree with you, but that idea is definitely food for thought. An agency that presumes to capture, catalog, and archive all the metadada on all communications in the nation may very well have instituted this scheme.