From: stryder@telenet.be.invalid   
      
   On Tuesday 31 July 2012 03:53, Adam conveyed the following to   
   alt.os.linux.mandriva...   
      
   > Maurice Batey wrote:   
   >   
   >> On Mon, 30 Jul 2012 13:48:26 -0400, David W. Hodgins wrote:   
   >>   
   >>> [...] whether it has secure boot, enabled by default, with no way to   
   >>> disable it.   
   >>   
   >>    That's the big concern, yes indeed...   
   >   
   > Would a simple test be: find a store with the model(s) you're   
   > considering on display, reboot it (ctrl-alt-del), and either check   
   > through the hardware setup settings or try to boot it from an   
   > "unsigned" live CD?   
      
   Again, there is no reason to assume that independent motherboard vendors   
   would create their UEFI-based x86 motherboards without offering the   
   option to disable Secure Boot - the Free Software Foundations refers to   
   it as Restricted Boot, which in my humble opinion is exactly what Secure   
   Boot was designed to be.  Either way, motherboard vendors would be crazy   
   to /not/ offer that option, because they'd be losing out on a lot of   
   customers.   
      
   Of course, brand-name PCs which come sold with Windows 8 pre-installed   
   are a different thing.  Such brands will want to boast the "Designed for   
   Microsoft ® Windows (tm) 8" stickers on their machines, and that means   
   that they must have Secure Boot enabled.  As the machines are sold with   
   Windows pre-installed, one /could/ make the assumption that this is the   
   only operating system these machines will be used with, and as such the   
   brand-name computer manufacturer selling the Microsoft-ized machines   
   could decide to not support disabling Secure Boot.   
      
   They could, but it would be very stupid of them to do so - it could   
   seriously harm their reputation, and especially now that GNU/Linux is   
   becoming more widespread even on the desktop, given that certain   
   computer brands (like Dell) already sell consumer-grade machines   
   (including laptops) with GNU/Linux pre-installed - and in addition to   
   that, Microsoft's official recommendation seems to be that the option to   
   disable Secure Boot should be available - on x86, not on ARM! - even   
   though it is highly surprising that Microsoft would be so forthcoming.   
   But then again, maybe they were thinking of possible litigations if they   
   were to recommend the opposite.   
      
   Either way, all of the above is of course only important if you are   
   silly enough to purchase a brand-name PC which with Windows pre-   
   installed and the Microsoft-approved stickers on them.  Personally I   
   don't use any Microsoft stuff and I would much rather buy a machine of   
   which I know what's inside, and where I have a say on what goes inside.   
      
   Or, to put it differently and more tersely, I don't run Microsoft   
   Windows and I only buy machines which are custom-assembled for me from   
   selected components.   
      
   > BTW Windows 8 machines won't be shipping to the public until at least   
   > November, so I'd guess anything bought before then won't require   
   > "secure boot".   
      
   Secure Boot is only required for Windows 8 certification, i.e. if the   
   machine is to be sold with any "Designed for Microsoft Windows 8"   
   stickers on it.   
      
   > Meanwhile, I'm wondering how long it will be before some cracker finds   
   > and exploits some vulnerability in "secure boot", rendering it no more   
   > secure than any other boot.   
      
   They already have, by way of a "proof of concept" hack.   
      
   --   
   = Aragorn =   
   (registered GNU/Linux user #223157)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)