Stories
Slash Boxes
Comments

SoylentNews is people

Windows 10 May Make the Secure Boot Lock Out a Reality for Alternate OSs

posted by martyb on Saturday May 30 2015, @01:52AM   Printer-friendly
from the Embrace-Extend-Extinguish dept.

ticho writes with an Ars Technica report:

At its WinHEC hardware conference in Shenzhen, China, Microsoft talked about the hardware requirements for Windows 10. The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down.

The presentation is silent on whether OEMs can or should provide support for adding custom certificates.

[Original Submission]

 
This discussion has been archived. No new comments can be posted.
Windows 10 May Make the Secure Boot Lock Out a Reality for Alternate OSs | Log In/Create an Account | Top | 55 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Saturday May 30 2015, @09:04AM

    by Anonymous Coward on Saturday May 30 2015, @09:04AM (#190037)

    Yes, it does make a practical difference. It is a pain in the arse to sign all your boot code. Maybe you could install someone else's key that most distros then use, but if it widely available to be used for signing it won't make good security, and at that point you might as well turn it off.

    Yes secure boot does really make it more secure, but the risks are minimal for me anyway, and thus the benefits of having it disabled are outweighed by the risks of having it disabled.

    To clarify I'm just referring to my own risk/benefits, I recognise that it can be an overall benefit to many users and am not trying to argue otherwise.

    And it increases the barrier to entry reducing the number of new users willing to give it a try.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1  

  • (Score: 2) by maxwell demon on Saturday May 30 2015, @11:01AM

    by maxwell demon (1608) on Saturday May 30 2015, @11:01AM (#190060) Journal

    It is a pain in the arse to sign all your boot code.

    Then someone should write an utility that makes it easy. I don't see why the utility would need an user interface more complicated than

    signboot bootloader privatekey destination

    where the first argument is the name of the unsigned boot loader file, the second names the file containing the private key, and the final argument specifies where to write the signed bootloader.

    --
    The Tao of math: The numbers you can count are not the real numbers.