Other long term problems [LWN.net]

Other long term problems

Posted Jun 6, 2012 0:03 UTC (Wed) by Fowl (subscriber, #65667)
In reply to: Other long term problems by smoogen
Parent article: Fedora, secure boot, and an insecure future

1) At this stage, on x86 systems, being able to disable secure boot is certification requirement. (MS makes money selling old versions of Windows!)

2) I would think they would go straight to TPMs.

4) This I'd like to know

(Log in to post comments)

Other long term problems

Posted Jun 8, 2012 10:44 UTC (Fri) by brouhaha (subscriber, #1698) [Link]

I would think they would go straight to TPMs.

I'm sure Microsoft would like to that; they were behind the whole Palladium/Trusted Computing Initiative stuff, but they've already gotten a huge amount of pushback over that in their past proposals. For now they're trying to placate OEMs and customers by pushing something that doesn't increase the direct cost of the hardware. It has lots of indirect costs, but it's much easier to sweep those under the rug.

In the long run, I expect that Microsoft will try to get processor vendors to put keys and hardware, microcode, or a first stage boot in the processor itself (i.e., built-in TPM), so that it isn't even possible to run an unsigned BIOS/UEFI/coreboot/whatever. By building this misfeature into the processor, they can make the incremental hardware cost essentially zero. This will split the processor market into Windows and non-Windows processors, and there will naturally be a price difference based on the production volumes of the variants. This means that non-Windows desktop processors will cost more than Windows desktop processors, but unless Microsoft makes significant inroads on mobile devices, the reverse might be true there. It is thus ironic that Microsoft is focusing the majority of their so-called Secure Boot effort on the mobile market.