Tasting the Ice Cream Sandwich
Posted May 20, 2012 17:48 UTC (Sun) by djao
In reply to: Tasting the Ice Cream Sandwich
Parent article: Tasting the Ice Cream Sandwich
Sure. But now it's required for ALL new PCs.
So, which new (Intel) PCs are incapable of running Linux because of secure boot requirements? Be specific please. Make, model, etc. The truth is, Intel PCs are just as Linux-capable as they always have been. You can always turn off secure booting on PCs. The spec even requires (largely in response to user protests) that the user can turn it off on PCs (Custom mode):
"MANDATORY: On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: 'Custom' and 'Standard'. --Windows Hardware Certification Requirements, May 9, 2012, p. 122"
(The above clause applies to complete computer systems. Theoretically, it would be possible for a component maker such as a motherboard manufacturer to ship a compliant computer component that had no way to turn off secure boot. But, given that such a part could not be used as part of a Windows 8 certified system, my guess is that the number of such parts in the marketplace will be next to nil.)
I am a heavy Linux user, and at one point I had serious concerns about secure boot as well, but the latest news coming out of Redmond is much better than feared. At worst one could say that secure boot lays the groundwork for future lock-in on PCs. While it's true that Microsoft's history has not been good, I think there is some room to give Microsoft the benefit of the doubt here. Malware really is a serious problem on PCs, even for Linux users (who have to deal with Windows botnets on their networks), and secure boot does have nonzero benefits in terms of stopping malware -- it guarantees in hardware that the kernel has not been compromised. As long as advanced users can turn it off (which they can), I see nothing but good coming out of this effort. Quite honestly, I want unskilled computer users to be subject to secure boot restrictions.
Unlike Intel, secure boot on ARM is indeed an issue of grave concern for Linux users, because there is no way to turn it off. Here, barring an unlikely successful legal challenge, our only option is to win in the marketplace, as you say. Fortunately, against all expectations, this is actually happening: Android is on a majority of devices, and outsells Microsoft on ARM by more than 10 to 1. And also, let's not forget where the true blame belongs: Apple is the company that pioneered lock-in on ARM devices.
That was before the era of virtual machines. You can't run 16-bit DOS programs on 64-bit Windows anymore, for example.
That is true, and perhaps a sign of change. I may have misspoken. What I meant to say is that the hardware-OS interface (e.g. BIOS calls) has enjoyed strong backwards compatibility even to the present day. This is what lets you run DOS on bare metal today. It's why x86-64 processors still boot up in 16-bit real mode. It is true that Microsoft is taking steps to break compatibility at the OS-software interface for old programs. This is in fact a huge change which may signal more to come.
to post comments)