Will Secure Boot Cripple Linux Compatibility?

MojoMax writes "The advent of Windows 8 is drawing ever nearer and recently we have learned that ARM devices installed with Windows 8 will not be able to disable the UEFI secure boot feature that many of us are deeply concerned about. However, UEFI is still a very real danger to Linux and the freedom to use whichever OS you chose. Regardless of information for OEMs to enable customers to install their own keys, such as that published by the Linux Foundation, there are still very serious and as yet unresolved issues with using secure boot and Linux. These issues are best summarized quoting Matthew Garrett: 'Signing the kernel isn't enough. Signed Linux kernels must refuse to load any unsigned kernel modules. Virtualbox on Linux? Dead. Nvidia binary driver on Linux? Dead. All out of tree kernel modules? Utterly, utterly dead. Building an updated driver locally? Not going to happen. That's going to make some people fairly unhappy.'"

"Freedom"

[bonch]

Would someone interested in Linux on these particular tablets be able to order one from a vendor with Linux (or no operating system) pre-installed? I couldn't find information on whether or not OEMs are restricted from selling pre-installed Linux versions of the tablet. The SoftwareFreedom website says "any ARM device that ships with Windows 8 will never run another operating system, unless it is signed with a preloaded key or a security exploit is found that enables users to circumvent secure boot." The phrase there is "ships with Windows 8," which suggests to me that Custom Boot-enabled versions could ship without Windows. Admittedly, I have a hard time seeing it as a freedom issue, as these are just tech gadgets at the end of the day. I'd rather it was framed as an inconvenience argument, not a freedom one.

Re:"Freedom"

[hedwards]

Tablets won't be able to be fully certified by MS if they don't have secure boot enabled with no way of disabling it. There may be some manufacturers that opt to have a second line for Linux, but I doubt that will be very common. The problem is one of logistics it's not that much cheaper to have a second line that supports Linux, you have to support it and QA it. But, if you just ship hardware that's supported by Linux then you lose no money on that and sell more units. Of course MS is the party here that's misbehaving.

The issue is that ultimately, they're selling these devices that can't have other OSes installed without cracking them, that's inherently a freedom issue.

Re:"Freedom"

[Microlith]

So is Apple

Apple does not sell its OS to 3rd party hardware vendors and dictate how to lock down the device.

nothing is stopping Linux tablets from coming to market, in fact there are lots of them out there now

There are, but how long until MS ramps up the pressure to push Android out of the market via legal and possibly illegal means?

If you buy a 'Designed for Windows 8' device it's no different than buying an iPad with regard to the operating system.

Sure it is. The vendor is being forced by the OS supplier to set the device up in a way that precludes alternatives, and leveraging their monopoly platform to do it.

I doubt there are many people out there who bought an iPad and are complaining that they can't install Linux on it (me included), so why should it be any different for these 'Designed for Windows 8' devices?

Yeah, minorities should ALWAYS be ignored. Only the masses should ever get what they want, everyone else can go fuck themselves. Right?

Re:"Freedom"

[Darinbob]

It's a freedom argument. If I purchase a device then it is MINE. I should be able to control it, take it apart, paint it a different color, give it to my kids, etc. And this freedom means I should be able to put my own software on it without permission from some bozos in Redmond.

Pre-installed Linux is only halfway there. It means I can't change the linux if I want to, or put on BSD, etc. Stop treating these devices like stupid consumer gadgets. Ok, they probably are going to be just that in practice, but that doesn't mean they should be forbidden to be more than hipster jewelry.

Re:"Freedom"

[MrHanky]

So taking away your freedom to tinker with a gadget you own is an inconvenience issue, not a freedom issue? I think it's more than rather inconvenient that you no longer own the objects you buy. It's a property issue, not an inconvenience.

Re:"Freedom"

[Darinbob]

Because when you buy a device you should be allowed to modify it. It is your private property at that point. It doesn't matter how many stupid people only use them to show off to friends, if even one single person in the entire world wants to be able to modify their personal property in a way that causes no harm to others then it is their right to do so.

Re:"Freedom"

[Sir_Sri]

Other way around. These are linux (andriod) tablet makers being paid by MS to make a Windows version. Just like phones, these will be samsung galaxy tabs, acer iconias etc. with a minor refresh/rebrand to run windows. Not windows tablets being done the other way around.

The gadget market is very different from the desktop market anyway. Right now it's an iPad market, with some other hangers on. Whether MS can change that is an open question, but it's not like you can put linux on your iPad, and it has 90% of the market right now.

Re:"Freedom"

[Microlith]

And they only have to lock it down if it's 'Designed for Windows 8'

Everything will be "Designed for Windows 8" if it runs Windows.

and if it's ARM, if they don't put on that Windows 8 sticker then they don't have to do anything.

And Microsoft also doesn't have to sell them licenses they can put on devices that don't meet the guidelines.

And i'm sure Google will just rest on their laurels and just let Android die.

Google may continue to fight but all MS has to do is hinder and slow it.

if you didn't want Windows 8 you wouldn't buy a device designed for it, unless of course you're an idiot.

Go find me a motherboard or graphics card that don't have the logo. Go on, do it. I doubt you can.

What the hell. Not a few years ago restrictions like this were acknowledged as being bad. Now people can't rush fast enough to defend lock down like this, especially with Microsoft pushing it.

Re:"Freedom"

[sjames]

Of course you're free to take a walk in your own front yard, just watch out for the tiger pits we put in. And the bear traps. OH, and the unmarked minefield. But we have done absolutely nothing to stop you from taking a nice walk in your own front yard.

Re:"Freedom"

[Microlith]

The Windows logo no longer indicates a platform advantage

Sorry, no. It's a HUGE platform advantage, because they can place the same logo on tablets and desktops. The catch with the Windows 8 tablet is the software is available only via the store. This is great for Microsoft, because they can say "buy the software for Windows 8 on our store, and you can use it on both your desktop and tablet!"

So they link the desktop monopoly to the tablet space, and leverage it to extend their reach into another.

A manufacturer can still make an ARM device that runs Windows and allow Linux as well -- they just can't put the Windows logo on it.

Can they? I deeply suspect that Microsoft will make OEMs agree that any and all tablets running Windows will meet the logo requirements, or they won't get the OEM agreement they want (IE no Windows for your tablets.)

The problem is stupid consumers who demand to see that logo.

And that's exactly what Microsoft is banking on. Oh and finding some way to drive Android out of the market.

Re:"Freedom"

[Microlith]

It's hard enough that no one outside of people with access to high end rework labs and the ability to repair damaged PCBs and reball SoCs is going to be able to do it. So claiming that "it's possible" with that degree of difficulty and barrier to entry is at best a sad, sad joke.

Re:"Freedom"

[hedwards]

There is no requirement that you dominate the market to be guilty of antitrust violations. Agreements between companies to lock out other companies to this extent are going to be in violation of antitrust regulations. This isn't just an exclusivity agreement between the companies, this is an exclusivity agreement that also involves the end user and prevents access to the device by other companies.

If MS contracted them to build the devices that would be a completely different situation. That's well established and Apple, for one, has been doing that for decades. What isn't well established is the practice of withholding certification if the product is capable of running a competitors product.

Re:"Freedom"

[Microlith]

No it won't.

Do you seriously think that MS is going to let a vendor ship Windows on a device without their logo on it? Doubtful.

the manufacturers don't have to sell them with Windows either, they could sell them with Linux.

We've said that with PCs as well. Look where that went.

Hinder and slow it? Android dominates MS in the tablet market as it is.

Yeah, which is precisely why Microsoft is doing their little patent protection racket against every Android vendor in the market. They want to weaken Android and raise the cost of using it so that the vendors give up.

The tablet market is already saturated with devices that don't have the Windows logo.

Go do it. I asked you to go find me core system hardware that doesn't have the Windows logo on it.

Yeah look at how the ipad has destroyed the world with its lockdown

Sure, it's causing bullshit lock down and walled gardens to spread.

Re:"Freedom"

[symbolset]

This disease has an easy cure. Just don't buy it. You don't want a Windows tablet anyway. Nobody does.

Re:"Freedom"

[Microlith]

Why not? How can they control who buys Windows?

Easily. Where do you buy licenses for the ARM version of Windows 8?

But in this case Android tablets already exist and are extremely popular.

They are, but how popular will they be if Microsoft starts subsidizing the tablets to undercut Android, while pressing the "it runs Windows 8 just like your desktop!" angle?

And that's resulted in the destruction of Android and booming market dominance of Windows Phone...if you live in a reality that isn't this one.

Hey, give them time. They're just getting started with their rampage.

Windows owns 90%+ of that market, naturally that's what hardware manufacturers want to tap into, that is NOT the case with tablets.

Yeah, Windows owns 90% of the desktop market. And now you can get it on your tablet too!

And those are really destroying the world, look at how the world hates them!

The "world" is largely unaware of how computers function as a whole. But it's gotten people like you to come out and defend their spread.

those who do just choose the alternatives.

While such alternates are available. Microsoft is working hard to ensure they cease to be.

Re:"Freedom"

[Darinbob]

There are some cases where secure bootloaders are valid. Ie, so that only owners can modify their devices instead of just anyone who has physical access (electricity meters), rented or leased equipment (broadband routers), and so forth. Sometimes the device requires a level of trust as part of its design and the owners insist on knowing that the firmware has not been tampered with, such as encrypted routers.

Additionally there is often a market need to create a secured device to prevent or discourage third party sales or hacking. I've seen this activity common in medical equipment where there can be an active trade in in Russia or China of buying old machines and reimaging them and there's no opportunity to sue (yes a murky issue as you buy software features separately from hardware, but the end-user is legally forbidden from putting their own software on in many countries). If I go in for radiation therapy treatment I want to know positively that the hardware/firmware/software has passed FDA scrutiny.

The issue here with Microsoft and Apple is that they are huge players in the market and they're not doing this to just niche devices. With MS specifically they have a known guilty track record of antitrust activity. MS isn't going to require signing of all third party apps, they specifically want to make sure there is no competition for the operating system

It would be better overall to allow the consumer to turn on and off the trust levels on the devices. If the operating system boots up and notices that it's not on a secured system then it can just warn the user instead of refusing to boot. This way you can make things more secure without denying the consumer their right to use the equipment in any manner they want.

Re:"Freedom"

[SuricouRaven]

"Why not? How can they control who buys Windows?"

Because they sell it! If they don't make an OEM licence available, then the tablet isn't going to ship with windows, and they won't make the OEM licence available to any manufacturer who doesn't get the sticker. The only other way they might be able to put windows on a tablet would be buying a retail licence, but that'll likely cost more than every other component of the tablet put together.

Re:"Freedom"

[Anne+Thwacks]

Tablets won't be able to be fully certified by MS if they don't have secure boot enabled with no way of disabling it.

IANAL, but this would appear to contravene European laws on restrictive trade practices. I can see another monopoly related court case on the horizon, and a possible way for Europe to pay of its bankers.

Simple solution

[NeoTron]

Don't purchase any of these ARM powered devices which run Windows 8.

Re:Simple solution

[taniwha]

Oh no - you should purchase them .... but them return them because they don;t work with Linux

Re:Simple solution

[kj_kabaje]

come on mods!! That's funny. :-)

Re:Simple solution

[SeaFox]

No, he's being serious. If you buy then and then return them opened, the store can't resell them as brand new and lose money.

What this really affects

[exomondo]

It seems to me this only affects a subset of devices that don't even yet exist. If what you want to do is run linux with virtual box and other assorted unsigned kernel modules then why would you be buying a 'Designed for Windows 8' ARM device? You wouldn't, just like you wouldn't buy an iPad to do those things. You would buy an x86 device, or an Android device, or an ARM device that is not 'Designed for Windows 8'.

Re:What this really affects

[ClioCJS]

Myopic.

Reminds me of when drug testing started to take hold in the 1970s - "If you don't want to drug test, you can choose to work at a job where you don't." Except generally, assholism comes with built-in scope creep. Now you can't get a job at Home Depot pushing carts without having machines inspect your personal fluids to determine your off-work behavior. The simply "if you don't like X, then go elsewhere" so-called 'solution' is a fallacy, and always has been. It's a way to avoid a problem; it does not fix anything, or prevent a problem from getting worse.

Another great example - "Don't like crime in this city? Move to another city." Or "Don't like the shitty laws here? Move to another country." {And when the countries of the world unite to form a cartel of shitty laws worldwide -- for instance ACTA -- they will be far harder to fight.}

Re:What this really affects

[ClioCJS]

The same entitlement complex that those who enforce anti-trust laws have.

Also, whoosh. My point went over your head based on your metaphor that does not represent the situation at all.

A more apt metaphor would be: What if new devices started using proprietary screwdriver bits? Maybe they get a kickback from the screwdriver bit industry, or manufacture the bits themselves to pad their profit (remember the outrage when the iPhone changed its screws?). The "if you don't want that tool, buy another tool" metaphor simply does not work. You cannot use their tool because they have changed it to be less adaptable. People can buy phillips and flathead screwed devices 'til the cow comes home, but there's enough mindless consumers and people that it would not change the bottom line enough for $CORPORATION to change their ways. After another company sees the money they make, they start using proprietary screws too. Eventually, it becomes an industry trend. You can either shell out for the proprietary screwdriver, or use none of these devices. Either way, your unwillingness to go with a bullshit 'feature' does nothing to stop that bullshit from creeping into every device in existence; you merely stuck your head in the sand.

YOU actually come off as the entitled one here, except that you feel entitlement for the faceless corporations that are only interested in your money, rather than for yourself and your own freedom of market choice. You somehow feel that if they were forced to offer something that costs the same to make, but allows people greater freedom, that somehow this affects your livelihood or your "feelings" on what a corporation should be allowed to do. Unless you're a CEO yourself, you're simply loving to learn the taste of the boots you lick. In fact, simply boycotting a product does not make its shitty features go away. And corporations were originally only allowed to continue existing if they served the public good; otherwise they died a mandatory, automatic death sentence. (That is, before those same corporations and their cronies re-wrote the law so that they have more rights than actual people. Privatize profits, socialize losses, no death penalty if you're a corp, and if you're a CEO you can kill someone and not go to jail because you're deemed more important than others.)

I mean, imagine someone saying "if you don't like the fact that airbags can decapitate your baby, then don't get a car with airbags". Do you think that stopped them from coming? Now I am in danger of responding to your bad metaphor with another metaphor, but my point -- which still stands -- is that simply avoiding something you don't like does not make it go away.

It's not a "simple solution". It is neither simple, nor a solution. It is not simple to reduce your freedom of choice, and it is not a solution in any way, shape, or form. A solution solves a problem. The problem still exists. You've done nothing.

"Don't like wars over oil? Then don't buy gas!"

"Don't like abortions? Then don't have one!" (This is a trick example, as I *love* abortions. But to someone who thinks abortions represent a problem {which is not me} -- this 'solution' does not actually solve the 'problem'.)

"Don't like the encroachment of civil liberties in the name of the drug war? Then don't do drugs (alternate: move to another country)."

"Don't like cops tasering people? Then don't mouth off to cops!"

Anyone who thinks this attitude constitutes a solution has a major cognitive logic defect.

Re:What this really affects

[ClioCJS]

It's actually more like: If McDonald's somehow had magical powers which kept me from putting ketchup (my preferred condiment for chicken) onto their sandwiches, even if it's my own ketchup, I own the sandwich, and were trying to do this at home -- I'd be all for preventing them from preventing that. It's not the same as forcing them to sell ketchup (or anything anybody demands) on every burger, which is how I'd characterize my perception of how you'd characterize the situation.

Re:Don't buy the incompatible hardware. Done.

I don't think /. comprises that much of the tablet market.

Re:Organized trolling campaign on Slashdot

[Tsingi]

Oh fuck off.

This is more than just a phone and tablet issue

[Calibax]

Right now, the ARM architecture equates to tablets and phones for many, maybe most people.

However, a number of companies (Qualcomm, NVIDIA, and others) have announced that they are developing ARM processors to challenge Intel in laptops and desktop systems. Probably they are going with ARM because Intel is being somewhat uncooperative (and maybe anticompetitive) by not letting them have licenses that would allow them to produce x86 compatible systems.

For these companies, having Windows on their ARM systems is vital. However, we shouldn't be short-sighted - restricting the ability for ARM systems to boot anything but Windows will (in the long run) benefit Intel, AMD, Via, etc. as much as it will benefit Microsoft by restricting which operating systems the upcoming ARM based systems can boot. They will either run Windows or they will run everything else, depending on the boot ROM in the system. Guess which most will chose.

Windows is Oranges in this case

[Zero__Kelvin]

You are comparing Apples(tm) and Windows(tm). What OS does Apple sell? What computer models does Microsoft sell? See the difference?

Re:Windows is Oranges in this case

[Zero__Kelvin]

"If the vendors want to build devices and brand them as Windows 8 ..."

So you think a consortium of vendors got together and asked Microsoft to create Windows 8, and make sure that it is the only OS that can run on their hardware and thereby reduce their market share potential?

Re:Windows is Oranges in this case

[Rennt]

Vendors were already going to make devices to run Windows 8, and everyone was happy. Microsoft specifically asked vendors to build a device that can only run Windows 8.

knoppix and other testing / recovery secure boot

[Joe_Dragon]

knoppix and other testing / recovery tools also need secure boot.

Does networking booting work with secure boot?

Ghost?

Hard Drive Diagnostics tools (self booting ones)

Dell Diagnostics tools (self booting ones)?

Acronis True Image

clonezilla?

Memtest86+ (better and more to the hardware then the windows memory test tool)

There is alot of stuff some still dos based that is need out side of windows.

Point missed ... entirely

[Zero__Kelvin]

"Except that it's not like that at all, you don't buy a hammer if what you need is a screwdriver ..."

You buy a screwdriver and use the handle to pound in nails when they stop making hammers because Microsoft uses their monopoly to drive hammer makers out of the market.

Re:Organized trolling campaign on Slashdot

[hairyfeet]

Don't feel bad bonch, I got accused of shilling for saying IE is shit. I still haven't figured out how saying something is shit is a positive endorsement for it, maybe its rapper lingo or something, hell if I know.

As for TFA watch how quickly i get modded down by FOSS zealots and their giant perceptual bubble, ready? Hey FOSSies, its just MSFT copying Apple again, so quit getting your panties in a wad, okay? you can't put anything on an iPad but iOS and this is THE EXACT SAME DEAL. There will be NO CHANGE when it comes to X86, in fact part of the "designed for Windows 8" specs state that they MUST allow the secure boot to be disabled, the only place its different is the ARM chips which as many have pointed out will probably be heavily subsidized by MSFT who don't want "Hey turn that $299 Windows 8 tablet into a $500 Android tablet!" posts all over the net 3 weeks after it comes out.

And I know this will piss you off, get ready for it....DON'T BUY IT...is that REALLY so hard? why the hell is it any business of yours what MSFT does with chips they contracted out for, or with OEMs they are paying to build their designs? it isn't like you don't have more choices than EVER before, you've got Apple, Google, RIM,, there is X86/64, ARM,MIPS, hell you got choices coming out your asses, so WTF are you bitching for? Vote with your wallet okay? But just because YOU don't like doesn't mean you get to tell ME or anyone else what device we should buy or what features it should have. If I was gonna buy one of these things, which I'm not BTW, I wanna try one of those $70 Android Indian pads the net has been buzzing about, but if I did and was actually gonna use this for real work I'd WANT it locked down, because if its one thing we've seen its that these things are giant targets for the malware guys! look at Android it seems like every other day we are reading of some exploit.

But in the end you have not a damned thing to bitch about in mobile. Android is switching between first and second place constantly, there are a bazillion different hacked droid ROMs out there you can play with, life is good man so why get your panties in a wad for a device you would NEVER buy in a million years anyway? And if you are buying Windows devices to get the trialware price breaks and then loading Linux YOU are a damned hypocrite and part of the problem, as there are many guys like System76 busting their asses trying to support you and if you don't buy from them and support Linux then you're just being assholes and have NO right to complain about the numbers showing Windows share being so high because you are part of those numbers!

But now you have no excuses, you can buy damned near any device you want running Linux, so vote with your wallet and let everyone else vote with theirs, okay? if the world likes what you have it'll win, if not then that simply means you aren't listening to the people and giving them what they want, simple as that. But bitching about Win 8 ARM not letting you boot Linux when most of you wouldn't piss on a Win 8 anything is just bitching for the sake of being a bitch and more than a little pointless, okay? Nobody is taking anything "away" from you if you would have never bought it in the first place, and ARM chips are about as different from x86 as night is to day, with ARM everything is custom chips whereas x86 will run any old thing. If you want freedom? you've got the droid, have fun, I'll be joining you when those $70 Droid tablets hit just for shits and giggles. But when MSFT is paying for a device let them design it however they wish.

I predict....

[Bravoc]

There will be a "jailbreak" or somesuch available for these within a matter of hours from when they hit the street.

Re:I predict....

[Microlith]

Just like the Motorola devices, whose boot chain is still unbroken and as a result hinders the ability for true 3rd party ROMs to appear?

MUST is overrated

[WaffleMonster]

I've been known to piss on requirements in specifications from time to time because they subvert my interests or they have effects I believe to be more harmful than helpful.

All secure boot does is give the computer some assurance whatever it is handing off control to can be trusted.

There is no technical way for UEFI or anything else to enforce signed drivers in the form of modules loaded dynamically at runtime. If the kernel is blessed by the computer these "requirements" are simply empty words on a page that can and will be ignored with impunity.

Re:Organized trolling campaign on Slashdot

[Microlith]

Hey FOSSies, its just MSFT copying Apple again, so quit getting your panties in a wad, okay?

Yup, we should just STFU and let the two biggest companies in consumer computing shut down all but each other as options in the market.

There will be NO CHANGE when it comes to X86, in fact part of the "designed for Windows 8" specs state that they MUST allow the secure boot to be disabled

But none of how that works is defined, so chances are each vendor will have a different way of doing it and when that happens, the likelihood of automating the process goes way down (if it was ever possible) and the barriers to entry go way, way up.

heavily subsidized by MSFT who don't want "Hey turn that $299 Windows 8 tablet into a $500 Android tablet!" posts all over the net 3 weeks after it comes out.

Of course not. They want to undercut Android and drive it out of the market. Prices will probably jump back up (but the security won't be relaxed) if they succeed.

And I know this will piss you off, get ready for it....DON'T BUY IT...is that REALLY so hard?

If Microsoft succeeds in their obvious goal of eliminating all other choices aside from Apple, nope, it won't be. Because there will be no choice.

so WTF are you bitching for?

Because a company with a powerful monopoly known for acting in anti-competitive manners is establishing requirements that make it extremely difficult, and in some cases impossible, for alternative software platforms to be used on these devices.

if I did and was actually gonna use this for real work I'd WANT it locked down

Sure, sure. I would too. But that's not what this hardware is being set up for. It's designed to keep a lid on you just as much as anything else.

why get your panties in a wad for a device you would NEVER buy in a million years anyway?

Well I won't knowing that it's been deliberately crippled. I do buy "designed for windows N" hardware now because until this point it didn't guarantee that I would be locked out or forced to perform contortions to put whatever OS I wanted on it.

there are many guys like System76 busting their asses trying to support you and if you don't buy from them and support Linux then you're just being assholes

They make nice large laptops, no tablets or cellphones. But yeah, I can't wait until my choice in hardware is reduced to a tiny handful of companies because Microsoft has manipulated the rest of it into being exclusive to them. That's fucked up and BROKEN.

But bitching about Win 8 ARM not letting you boot Linux when most of you wouldn't piss on a Win 8 anything is just bitching for the sake of being a bitch and more than a little pointless, okay

Gimme a fucking break. I'd buy a Windows 8 device... if it would let me do as I wished up to and including replacing Windows 8. But now I know that since I can't, no I won't. And I'll bitch that choices are being deliberately limited by an anti-competitive monopolist. To ignore the moves being made here is foolish in the extreme.

FIGHT HARD, O WHITE KNIGHT! MICROSOFT SHALL SURELY REWARD YE IN THE END!

Re:Organized trolling campaign on Slashdot

[WorBlux]

hell you got choices coming out your asses, so WTF are you bitching for? Vote with your wallet okay? But just because YOU don't like doesn't mean you get to tell ME or anyone else what device we should buy or what features it should have. If I was gonna buy one of these things, which I'm not BTW, I wanna try one of those $70 Android Indian pads the net has been buzzing about, but if I did and was actually gonna use this for real work I'd WANT it locked down, because if its one thing we've seen its that these things are giant targets for the malware guys!

First it's a matter of culture, which does and can effect every one of us. A culture where corporation control what you can or can't do with a computer is a culture detrimental to everyone. Second who has the keys? Locking your stuff up as long as you have a key is not problematic at all. What is is when the key is controlled solely by someone who is willing to sacrifice your interests and goals for the sake of their own.

This will only hasten their marginalization

[jimmydigital]

I'm sure they don't realize what they are doing... but they will in time. They (unlike apple) don't sell the hardware their software runs on. Therefore.. it's not under their control how many devices are in the market that can run an OS that is so locked down. At first there may be many... but those choices will taper off as sales of linux based devices will always be less expensive. That and people don't like windows on non desktop platforms and I seriously doubt they have done enough right with the next iteration of Windows to change that perception. So in the end.. this will resemble yet another failed Microsoft mobile platform and less like the next desktop OS for the future. In the mean time.. they will continue to shed 3rd party developers as this slow motion train wreck unfolds.

Re:Signed GRUB

[letsief]

Honestly, I think you have it backwards. I think its less that UEFI secure boot is most advantageous to Microsoft and more that it happens to be inconvenient to Linux. The open source community, for both good and bad reasons, has made a series of decisions that make a signed code model difficult to implement (and stomach).

Forgetting about who runs the signing service for a moment, do you have a better idea of how to solve security problems with boot firmware? It's one thing if you don't like the implementation of UEFI secure boot, but you seem to be suggesting that the entire concept behind UEFI secure boot benefits Microsoft. If that's true, what is the alternative?

I don't think Microsoft particularly wanted to run the signing service. It has already given them headaches, and it opens the door for a lot of potential problems with liability. But who else was going to run it? The UEFI Forum never gave any indication they were willing to run it when the specification was being written. Given they were the natural choice, I think it's pretty clear that means they explicitly didn't want to run it. Who else was going to run it? Verisign? I'm sure that would have gone over much better... Even if things did go that route, who was going to pay for it? If Microsoft funded it, which they probably would have had to, people would have just assumed Verisign was going to do whatever Microsoft told them to.

Red Hat and Canonical have never given any indication they were willing to run a signing service either. And people in the industry did ask them to. I'm not sure they ever explicitly said no, but they certainly never said yes either.