johnhudson wrote:In principle secure boot is a good thing; the immediate problem is the way MS proposes to implement it.
I do not entirely blame MS for this. It seems that if for example I want to replace a video card, the BIOS/UEFI will not accept it at boot time if the video card's public key is not already in its database, which it probably will not be if the PC is two years old and the card is new. This is between the video card maker and the BIOS/UEFI chip maker - nothing to do with MS. Windows (or Linux) is just one of several things involved at boot time that will need validation. MS's requirement is that the SecureBoot is enabled by default - they were hardly likely not
to require a new industry security standard to be implemented by default. I blame the standard rather than MS.
So UEFI is scarcely out on the street and major players like SUSE are already having in effect to patch it. That shows that it is a very bad standard indeed.
That link is interesting. Now there will be a database of public keys on your HD to which you can add eg to install Linux or that new video card, and then run some software to hash these into the BIOS/UEFI. Great. But doesn't this depart from the SecureBoot principle in that this is beginning to sound hackable by malware? Would we be no worse off if we simply turn off SecureBoot?
Since it is now clear that it is perfectly feasible to install a distro on a chromebook, the issue of needing to buy Windows computers to get cheap hardware may have gone away.
You have lost me there. You are telling me that I might not be able to use a PC any more so I should be satisfied with a Chromebook? To that hot place opposite Heaven with that idea.