Quote:
Originally Posted by haertig
It is beyond the average user to install a different OS. Microsoft is making sure of that by adding things with worthwhile sounding names like "trusted computing" and "secure boot". It just so happens that these little gems have the side effect of not allowing non-Microsoft OS'es to boot out of the box.
|
As someone deeply involved in the Linux world for decades now, on mainstream x86 platforms this is nonsense. Yes, the only signing key installed by default is an MS one, but a) MS has *as a requirement of Windows certification* that additional keys must be installable at user request b) Microsoft has signed a boot shim which maintains a root of trust up to GRUB (and resigned it with commendable speed whenever bugs in it are found and require new releases) and thus c) more or less all Linux distros install on freshly-purchased Secure Boot systems without incident. You're more likely to have problems with non-free firmware than with Secure Boot. Yes, Secure Boot *could* be used as an anticompetitive system very easily, but it's been well over a decade now and this hasn't happened: and given that in that time period MS has basically become a Linux company (with most of its profits coming from the mostly-Linux Azure) it is most unlikely ever to happen in future. If they did that they'd be shooting themselves in the foot and pissing off a lot of their developers and infuriating their own staff, and MS has never been prone to any of those things.
(It happens that I don't use Secure Boot much myself on my own dev machines, but that's because I'm an OS-level developer who's always rolling his own kernels, and for people like us often doing things to the lower levels of the system by hand Secure Boot often introduces exciting new ways to break boot if you make one mistake. For everyone else, mostly running distro kernels, those mistakes won't happen and Secure Boot is basically all benefit.)