Microsoft Responds To Linux Concerns Over Windows 8 and UEFI Secure Boot 389
CSHARP123 writes "A few days ago, Red Hat employee Matthew Garrett speculated that OEM machines shipping with copies of Windows 8 may lock out support for Linux installations. Garrett highlighted Microsoft's new Secure Build OEM requirements for Windows 8 systems. Microsoft chose to directly respond to confusion surrounding Windows 8's use of the UEFI Secure Boot feature on Thursday. Tony Mangefeste of Microsoft's Ecosystem team said, 'Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secured boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.'"
If you can't be bothered to RTF... (Score:5, Informative)
Just take a look at this image [msdn.com].
That's all you need to know.
In Summation: There is a genuinely good reason for enabling secure boot (malware prevention - genuine malware prevention, not just some underhand tactic that's masquerading as malware protection) and as long as your OEM isn't a dick, you should be able to disable it much like how you can disable features in your BIOS today. The decision to remove that ability is down to the OEM, not Microsoft.
Re:Translation (Score:5, Informative)
ACPI was not designed by Intel alone, Microsoft was also there. And let's remember what Microsoft tried to do [slated.org]:
From: Bill Gates
Sent: Sunday, January 24, 1999 8:41 AM
To: Jeff Westorinon; Ben Fathi
Cc: Carl Stork; Nathan Myhrvold; Eric Rudder
Subject: ACPI extensions
One thing I find myself wondering about is whether we shouldn't try and make the "ACPI" extensions somehow Windows specific.
It seems unfortunate if we do this work and get our partners to do the work and the result is that Linux works great without having to do the work.
Maybe there is no way to avoid this problem but it does bother me.
Maybe we could define the APIs so that they work well with NT and not the others even if they are open.
Or maybe we could patent something related to this.
Re:If you can't be bothered to RTF... (Score:3, Informative)
You know something? I completely, utterly and wholeheartedly agree with this.
What I'm trying to get at is that everyone is jumping on Microsoft for this, when really it has little to do with them (aside from mandating that UEFI secure boot be enabled by default). Microsoft could turn around tomorrow and say "no actually it's fine, we don't want secure boot by default" and the situation wouldn't be any different at all - OEMs could still enable it and remove the option to disable it.
Using your phone example - Google in no way demands that bootloaders be locked (and their own branded phones don't lock them), yet many manufacturers still do it. I really don't get why Microsoft keeps getting dragged into this when it's the OEMs you should be fighting.