-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maybe I've missed something here. If a generic "MS signed shim" is available what value does this add? Wouldn't such a shim make booting anything alternative possible?
On 02/28/2013 01:35 PM, Tom H wrote: > On Wed, Feb 27, 2013 at 6:48 PM, zxq9 <z...@zxq9.com> wrote: >> On 02/28/2013 12:53 AM, Dale Dellutri wrote: >>> On Wed, Feb 27, 2013 at 6:27 AM, zxq9<z...@zxq9.com> wrote: >>>> >>>> There is a silver lining. The board makers themselves are out >>>> to sell boards and laptops and tablets and can be reasoned >>>> with. My company is an extremely small player in the hardware >>>> field but we've had positive response from vendors when >>>> inquiring about having our own keys included on boards >>>> alongside Microsoft's when doing bulk orders. We haven't had >>>> to go that route yet so I'm unsure how much of a pain that >>>> would actually be to manage (doesn't appear much more >>>> difficult than managing repository keys though, for example), >>>> but this leaves the door open for even tiny computing >>>> companies and larger IT departments to arrange for their own >>>> "secure" boot keys to be pre-installed by the board >>>> manufacturers and not violate Microsoft's requirements, even >>>> on ARM. That said, since we don't do showroom marketing >>>> anyway neither we nor our suppliers have a need to put >>>> little "Windows8 Ready" stickers on anything they ship to us >>>> anyway. >>> >>> Doesn't this lower the eventual resale value of the laptop? >>> Doesn't it restrict the laptop to run only what either MS wants >>> or what you installed? >>> >>> I buy refurbished laptops and install Fedora, but I might want >>> to try *BSD or Ubuntu or something else in the future. Doesn't >>> the "silver lining" restrict that with these UEFI laptops? >> >> It does indeed lower the overall value to the buyer -- which is >> why we're not satisfied with the concept of "secure boot", even >> if a board maker puts our keys on the device: we want to sell >> hardware, and providing a device the user can do whatever he >> wants to independent of us is a more competitive selling position >> than selling, essentially, a "locked" device. >> >> This is not a good move for the industry for this exact reason. >> Of course, laptop makers think this means they will be able to >> sell one device per instance/OS a user wants -- but especially in >> the consumer space this is wishful thinking. >> >> If standard UEFI situation ever moves from "user disable-able" to >> "always on by default" then every device sold will essentially be >> a locked device that requires jailbreaking to work properly. >> Offering unlocked devices is far more competitive -- but the >> dialogue of the industry has made a mystical security claim that >> lay users don't understand and magically transformed >> vendor-jailing of devices from a usability impediment into a >> must-have feature. > > I wouldn't be surprised if SB became "un-disable-able" in the next > few years. We'd then have to use an MS-signed shim to boot, as is > now the case with the default Fedora and Ubuntu SB setups. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQEcBAEBAgAGBQJRL7IrAAoJEPQM1KNWz8QadQ8H/jQCPdNYn48NF7d4gMApltt2 q23jgD12vksdM0hzhxbMaJhHJGBTNtatgambocYLNr4IcgjrAFlVvwXHLErpNA6c qx2vMSG4SDKUCetI6lJ30oC8Z0O0oaWzcXlPd1LTrL8eLOqIgh0h2+QFhI5TaaW5 RFNRCS+rSG+QwindFwuA0yIDGTiwJNOW0Orod+/+tuLl2u8WrJZi1leYnsb0qVRh esoshMH8cHHxlgLQztM4TvEC5AqhgroxdUYsIi/7JCAX5qFyc5icPvI+cX28mv5J htJwwDuNI/atCYOL+Htf+1nBgDM/wf6MV0ft2D/xB6ZkCvmGN7/zyTDkDgelXLo= =Fl7J -----END PGP SIGNATURE-----
<<attachment: reb.vcf>>