Slashdot Mirror

← Back to Stories (view on slashdot.org)

OEMs Allowed To Lock Secure Boot In Windows 10 Computers

Posted by Soulskill on from the feel-free-to-do-whatever-we-want-with-your-new-computer dept.

jones_supa writes: Hardware that sports the "Designed for Windows 8" logo requires machines to support UEFI Secure Boot. When the feature is enabled, the core software components used to boot the machine are verified for correct cryptographic signatures, or the system refuses to boot. This is a desirable security feature, because it protects from malware sneaking into the boot process. However, it has an issue for alternative operating systems, because it's likely they won't have a signature that Secure Boot will authorize. No worries, because Microsoft also mandated that every system must have a UEFI configuration setting to turn the protection off, allowing booting other operating systems. This situation may now change. At its WinHEC hardware conference in Shenzhen, China, Microsoft said the setting to allow Secure Boot to be turned off will become optional when Windows 10 arrives. Hardware can be "Designed for Windows 10," and offer no way to opt out of the Secure Boot lock down. The choice to provide the setting (or not) will be up to the original equipment manufacturer.

5 of 362 comments (clear)

  1. Re:Microsoft afraid of the YOTLD? by Lunix+Nutcase · · Score: 2, Informative

    Microsoft afraid of the YOTLD?

    Nah, couldn't be.

    Maybe in some alternate universe, but certainly not in this one.

    I don't buy prebuilts but any manufacturer that locks secureboot will no longer be recommended to any of my non-tech-savvy friends.

    So they'll lose what? 2 whole sales out of 10s of millions?

  2. Re:Slippery slope by TapeCutter · · Score: 4, Informative

    The problem is boot sector or BIOS malware is now a real thing that needs real defences. It's not some obscure academic attack any more.

    Boot sector attacks have been a malware vector since..well...forever, back in the DOS3.x days we had Norton disk doctor to remove them manually.

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  3. Re:I dub all unswitchable hardware: disposable by Lead+Butthead · · Score: 4, Informative

    ... to apply some unofficial, off-the-record pressure to the OEMs ...

    Pressure? Not at all. There'll just be a ... "discount" if you do. This has happened before, and it'll happen again. It's within M$'s nature to rub out its competitors by pressing every advantage; it can't help itself.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  4. Even worse than you think by Anonymous Coward · · Score: 3, Informative

    I just purchased four Dells with Windows 8.1 from NewEgg along with 8.1 Professional for each to use in a business. I swapped out the HDDs for SSDs and installed using OEM licensed, legitimate 8.1 Pro media. None of them will run Professional, instead defaulting to fully registered 8.1 Basic.

    They wont accept the Windows Product keys at all. Instead, they show completely different keys that must have been installed into the hardware. This occurs whether secure boot is turned on or off. I have a case number with MS to resolve this BS.

    I also bulit a PC from parts and installed using a fifth copy of 8.1 Pro. It installed correctly and jumped right onto the domain. This is not about "copyright infringement". It is about control and squeezing customers for as much money as they can get.

  5. Can't happen by 0123456 · · Score: 4, Informative

    When we pointed this out years ago, the Microsoft trolls told us to stop being silly, because it was optional and Microsoft would never, ever think of changing that. Why, the very idea!