← Back to context

Comment by cesarb

15 days ago

> but general-purpose computing is very much alive and kicking in laptops, desktops, and servers.

Two words: Secure Boot.

The only reason we still can run operating systems without Microsoft's approval on these devices, is that alternative operating systems like Linux were already popular enough when Secure Boot was introduced, so to prevent the risk of antitrust enforcement Microsoft allowed (and AFAIK required) that firmware has an option to disable Secure Boot or enroll your own keys, and Microsoft also signs the bootloader of several Linux distributions (as long as they meet some stringent requirements).

But this can change, since all of that is part of Microsoft's hardware requirements for running Microsoft Windows (which hardware makers must follow if they want their devices to run Windows). And it already has, at least twice: some ARM-based laptops were shipped without that option (the hardware requirements back then were that you must be able to disable Secure Boot or enroll your own keys on x86-based hardware), and a class of devices (the so-called "Secured Core" devices) comes with the "third-party" key, which Microsoft uses to sign Linux distributions, disabled by default. Nothing prevents it from being locked down even further in newer versions of Microsoft's hardware requirements, in the name of "security".

4 comments

cesarb

Reply
cjs_ac  15 days ago

For PC-class devices, there's an established market segment of buyers who won't buy anything that won't run a Linux or BSD OS. For smartphones and tablets, that segment is yet to form, because projects like postmarketOS are yet to deliver something that's suitable for use as a 'daily driver'. So PC manufacturers have commercial incentives to push back against Microsoft, but smartphone manufacturers have no incentive to push back against Google.

Also, current UEFI implementations allow for disabling Secure Boot. If that changes, we can discuss that when it happens, because I'm not terribly interested in getting all het up about imaginary things.

  • Aachen  15 days ago

    Doesn't seem all that imaginary to me. Having a bit of foresight — discussion before something bad happens — just seems like good sense rather than saying it's imaginary. We don't need a crystal ball to discuss possible scenarios and prepare options

  • heavyset_go  15 days ago

    First roll out of Secure Boot to consumers locked them out of installing Linux on their PCs. It's not imaginary, it's what actually happened.

ozgrakkurt  14 days ago

You can turn off secure boot, I’m really skeptical about potential issues it might cause, would be super cool if someone can explain how it can effect someone that doesn’t install random applications on their computer