Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't quite understand from those links how Microsoft does that, what is Secure Boot, what are Linux shops and what does Microsoft do to kill them?


If you haven't been following this story as it developed over the past year and a half, microsoft corporation has leveraged their existing dominant position in the desktop OS market and mandated that OEMs include microsoft's encryption key in their motherboards, to the exclusion of all other encryption keys, as a prerequisite to their logo certification program.

What is sad though is that antitrust regulators worldwide have looked at this practice and saw nothing wrong with it.


You forget to mention that secure boot can be disabled. And that there are Linux distributions that can handle secure boot.

To quote the Linux Foundation: "Linux and other open operating systems will be able to take advantage of secure boot if it is implemented properly in the hardware. This document is intended to describe how the UEFI secure boot specification can be implemented to interoperate well with open systems and to avoid adversely affecting the rights of the owners of those systems while providing compliance with proprietary software vendors' requirements." http://www.linuxfoundation.org/publications/making-uefi-secu...


> "You forget to mention that secure boot can be disabled."

Correct. But the steps to do so vary wildly from motherboard to motherboard and are not documented anywhere.

In fact, one of the things HispaLinux requested is that OEMs provide clear documentation of the technical steps required to disable SecureBoot.


Yes, I agree (although you cannot really blame Microsoft for this). But, to be honest, someone who is able to install Linux should also be able to roam through the Bios (which he/she should do anyway to check the settings, e.g. confirm the boot sequence). Plus, as far as I understand it, Linux can actually profit from secure boot, right?


You responded to:

  | what is secure boot
with:

  | microsoft corporation has leveraged their
  | existing dominant position in the desktop OS
  | market and mandated that OEMs include microsoft's
  | encryption key in their motherboards, to the
  | exclusion of all other encryption keys, as a
  | prerequisite to their logo certification program.
If I did not know what SecureBoot was, I would still be in the dark.


I don't understand. This seems multiple times worse than the previous things Microsoft has been fined for so how can they see nothing wrong with it?


1. It's actually trying to solve a real issue (viruses installing themselves in the boot loader so that they load before the operating system).

2. EFI Secure Boot was designed to allow for multiple keys, not just the 'one true Microsoft key.'

3. It's the OEMs that are creating crappy implementations, and not documenting how to disable Secure Boot. These are not things (at least officially) mandated by Microsoft. [Though one could make an argument that Microsoft should mandate that these things be documented instead of just stating that 'the ability to do X should exist.']




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: