This may be a scare or it may not but MSFT wants to lock out everybody:
Hi,
This is the first step, next will be “not to provide a proper signature for other OS’s”
It is inevitable Mr. Anderson 
Secure boot seems reasonable as the article states - thus do 1 of 2 solutions - buy Windows 10, use VMware for your Linux, or buy from a Linux only OEM.
For me, it will be simple. I won’t buy hardware with secure-boot that cannot be disabled.
I doubt that Microsoft is trying to lockout linux. It seems more likely that they are trying to lockout pirated versions of Windows. But piracy is their problem, not mine. I want hardware that meets my needs.
On Sat 21 Mar 2015 04:26:01 PM CDT, BSDuser wrote:
Secure boot seems reasonable as the article states - thus do 1 of 2
solutions - buy Windows 10, use VMware for your Linux, or buy from a
Linux only OEM.
Hi
I’ve had no issues with secure boot with either Windows 10 preview,
SLED 12 and openSUSE single boot and multiboot.
With SLED it’s an issue having to self sign fglrx so on this
laptop it’s disabled, the proprietary driver is needed to get the APU
boost states working.
The intel one works fine with windows 10 and openSUSE 13.2 and secure
boot.
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.38-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
I agree with this. And, it has nothing to do with “infecting a computer”, as they try to claim. I believe it is simply – as you state – trying to prevent piracy of their software, and not just Windows, but other software such as Office.
This wont change much, if anything this will give Microsoft another antitrust suit.
Let’s see if that will succeed.
Won’t fly in EU, this’ll be taken to court in no time and manufacturers will be forced to offer a secure boot disable.
My guess is that you will see some tablet computers with secure-boot locked in. They will probably be sold directly by cell phone companies. And it is those companies that want the ability to lock in their users.
There already are such tablets using ARM processors. The change in Microsoft requirements will allow Intel based tablets also.
I actually own a Windows 8.1 tablet that allows me to … well, literally run Linux on it. It’s an Intel Atom based tablet with an option to disable secure boot.
(Don’t shoot me, I got it for free :p)
Hi
Why disable it, it should still work…?
I had an HP All-in-one last year, it had the legacy option but greyed out, all you could do was UEFI secure/disabled…
The latest HP ProBook’s I have have the custom boot option, the only real issue is driver/kernel signing that will trip folks up…
Well one possible scenario would be if I wanted to install Android on it.
The case here is of course PCs being shipped with no option to disable secure boot, that’s the problem here. Not so much tablets or phones.
Hi
But that is not going to (currently…?) stop booting an alternative distribution/os that is secure boot enabled.
It’s not going to stop users upgrading, whether it be old legacy/mbr hardware or newer legacy/uefi from a installed upgradeable operating system.
It’s just about certification of the hardware to display a logo, no different than an enterprise linux/unix distribution shipped on certified hardware.
I think the last sentence sums up the real concern as to allowing OEM/User key enrolment/clearing etc.
But how will secureboot prevent piracy?
as far as i know, this is how kmspico works:-
step1>It changes the license key from retail to volume license.
step2>it tries one of the following three methods, whichever works fastest:-
a>it injects a dll to the activation component, and forces the computer to activate from localhost (127.0.0.1). this is done just-in-time, there are no permanent changes. every time the system completes booting, it autoruns the software using a registry call, and the software injects the dll and re-runs activation.
b>it that fails, it installs a windivert.dll library and packets originating from localhost are masked as if they were coming from an activation server.
c>if that fails, it installs a TAP driver and configures a virtual network adapter, activation packets are created from here.
as it’s evident from above, the files required to boot the computer are not affected by this process, the activation takes place after the system completes booting the kernel. how will secureboot prevent this?
MS tried everything to stop piracy, but every time they get a method working, the crackers spoil in within weeks.
This kmspico method has been functional since Windows 7. It works on 7, 8, 8.1, and now on 10 preview as well. I’m sure MS tried to find a way to stop this, but they have apparently failed so far.
Secure boot feels like they actually want to prevent people from trying unsigned operating systems. While people who know about computers will look for hardware on which it can be disabled, but a vast majority of folks using computers aren’t really into these things. They will get a Windows computer, and in course of time want to try a different OS, and forum members will tell them it doesn’t work on their hardware. Unfortunate turn of events. Nothing should be compulsory. People should always have the choice to disable a feature on their computer if they want to. MS should not try to make secure boot compulsory. Just my 2 cents.
That’s the problem - it requires your distribution to have secure boot enabled.
What if you want to install something like Hackintosh on your own bought hardware but suddenly you notice you can’t since there’s way to disable secure boot?
So if I have a laptop with secureboot turned on, and no way to turn it off, will it still run opensuse fine?
a few months from now when hardware manufacturers start shipping laptops with the Windows 10 logo, and no way to turn off secure boot, I could still purchase a random windows laptop and install opensuse on it? just need to make sure as i’ll be purchasing a laptop next Christmas, and I want it with Windows 10, but I also want to be able to dual boot with opensuse. thanks.
On Mon 23 Mar 2015 04:06:02 PM CDT, johnwinchester wrote:
malcolmlewis;2701120 Wrote:
> Hi
> But that is not going to (currently…?) stop booting an alternative
> distribution/os that is secure boot enabled.
>
So if I have a laptop with secureboot turned on, and no way to turn it
off, will it still run opensuse fine?
a few months from now when hardware manufacturers start shipping laptops
with the Windows 10 logo, and no way to turn off secure boot, I could
still purchase a random windows laptop and install opensuse on it? just
need to make sure as i’ll be purchasing a laptop next Christmas, and I
want it with Windows 10, but I also want to be able to dual boot with
opensuse. thanks.
Hi
Yes, I have a HP ProBook 4440s multibooting Windows 10 Preview and
openSUSE 13.2, openSUSE boot’s first via the BIOS custom boot option,
then can select windows 10 either via grub2 or from pressing the F9 key
and selecting Windows (my preferred method since I just boot into
openSUSE).
That’s why I pointed to the last bit of the article re keys. But the
current HP hardware I have allows a custom boot option.
I have used secure boot with elilo/SLED 11 Sp3 and grub with
openSUSE/SLED 12 without problems booting. Just an issue with the
ATI driver in SLED and signing the fglrx module, this does not affect
openSUSE as they tweak the kernel.
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.38-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
On Mon 23 Mar 2015 03:56:01 PM CDT, Miuku wrote:
malcolmlewis;2701120 Wrote:
> But that is not going to (currently…?) stop booting an alternative
> distribution/os that is secure boot enabled.
That’s the problem - it requires your distribution to have secure boot
enabled.
What if you want to install something like Hackintosh on your own bought
hardware but suddenly you notice you can’t since there’s way to disable
secure boot?
Hi
Probably best taken up with the distribution if they don’t offer, I’m
just happy openSUSE and our primary sponsor SUSE provide secure
boot… 
Note, again it boils down to ability to enroll and add keys whether
they be self signed or not. To me it’s not an issue about secure boot
as such and the ability to disable or not.
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.38-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
On Sun, 22 Mar 2015 23:46:01 +0000, MadmanRB wrote:
> This wont change much, if anything this will give Microsoft another
> antitrust suit.
Well, what I’ve read about it is that they’re leaving the decision to the
OEMs. So what’s more likely to happen is that some OEMs will be
determined to not be Linux- or BSD- friendly, and word will spread that
unless you want zero options other than Windows, you should avoid these
particular manufacturers.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C