On Wed, Feb 27, 2013 at 6:48 PM, zxq9 <[email protected]> wrote: > On 02/28/2013 12:53 AM, Dale Dellutri wrote: >> On Wed, Feb 27, 2013 at 6:27 AM, zxq9<[email protected]> wrote: >>> >>> There is a silver lining. The board makers themselves are out to sell >>> boards >>> and laptops and tablets and can be reasoned with. My company is an >>> extremely >>> small player in the hardware field but we've had positive response from >>> vendors when inquiring about having our own keys included on boards >>> alongside Microsoft's when doing bulk orders. We haven't had to go that >>> route yet so I'm unsure how much of a pain that would actually be to >>> manage >>> (doesn't appear much more difficult than managing repository keys though, >>> for example), but this leaves the door open for even tiny computing >>> companies and larger IT departments to arrange for their own "secure" >>> boot >>> keys to be pre-installed by the board manufacturers and not violate >>> Microsoft's requirements, even on ARM. That said, since we don't do >>> showroom >>> marketing anyway neither we nor our suppliers have a need to put little >>> "Windows8 Ready" stickers on anything they ship to us anyway. >> >> Doesn't this lower the eventual resale value of the laptop? Doesn't it >> restrict >> the laptop to run only what either MS wants or what you installed? >> >> I buy refurbished laptops and install Fedora, but I might want to try *BSD >> or >> Ubuntu or something else in the future. Doesn't the "silver lining" >> restrict >> that with these UEFI laptops? > > It does indeed lower the overall value to the buyer -- which is why we're > not satisfied with the concept of "secure boot", even if a board maker puts > our keys on the device: we want to sell hardware, and providing a device the > user can do whatever he wants to independent of us is a more competitive > selling position than selling, essentially, a "locked" device. > > This is not a good move for the industry for this exact reason. Of course, > laptop makers think this means they will be able to sell one device per > instance/OS a user wants -- but especially in the consumer space this is > wishful thinking. > > If standard UEFI situation ever moves from "user disable-able" to "always on > by default" then every device sold will essentially be a locked device that > requires jailbreaking to work properly. Offering unlocked devices is far > more competitive -- but the dialogue of the industry has made a mystical > security claim that lay users don't understand and magically transformed > vendor-jailing of devices from a usability impediment into a must-have > feature.
I wouldn't be surprised if SB became "un-disable-able" in the next few years. We'd then have to use an MS-signed shim to boot, as is now the case with the default Fedora and Ubuntu SB setups.
