Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Ubuntu details its UEFI secure boot plans
Posted Jul 4, 2012 2:56 UTC (Wed) by giraffedata (subscriber, #1954)
You don't qualify for the Windows 8 sticker without the ability to rekey and disable secure boot.
I don't think that's so. From what I can tell from various reports on the web, Microsoft defines a "custom mode" in which the user has the ability to rekey and disable secure boot, but it is optional for Windows 8 certified computers. And for ARM systems, it isn't even an option -- custom mode is prohibited.
For those where it's optional, I predict manufacturers will provide it, and other commentators seem to agree, but there is still an objection to the Windows 8 certification program because it's not easy enough to enter custom mode - the computer is required to ship in "standard mode" (boots only Microsoft-approved things) by default and you have to go into a machine setup dialog to do it (obviously, standard mode doesn't let an installer program just switch out of standard mode programmatically).
Posted Jul 4, 2012 3:07 UTC (Wed) by naptastic (subscriber, #60139)
Posted Jul 4, 2012 3:30 UTC (Wed) by raven667 (subscriber, #5198)
You might want to be more skeptical of some of the "various reports on the web", the sites you have been reading clearly aren't doing even the most basic of research and are probably not worth your time to read. Stick to LWN 8-)
Posted Jul 4, 2012 3:32 UTC (Wed) by mjg59 (subscriber, #23239)
'MANDATORY. On non-ARM systems, the platform MUST implement the ability for a
physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:'
Followed by a requirement that it be possible to clear PK, which guarantees you the ability to enrol whatever set of keys you want.
Posted Jul 4, 2012 4:08 UTC (Wed) by Fowl (subscriber, #65667)
On the other hand, it only requires the ability to disable secure boot, not re-key it.
Posted Jul 4, 2012 4:15 UTC (Wed) by mjg59 (subscriber, #23239)
Posted Jul 5, 2012 21:01 UTC (Thu) by jmorris42 (subscriber, #2203)
How many motherboards have you fought to make power management work on? How about the temp/voltage/fan sensors? Last I heard working ACPI is also a requirement for the Windows logo program.
Now add in the fact that Microsoft is almost certain to be quietly 'encouraging' motherboard makers to break this particular feature. Raise your hand if you don't think an OEM would instantly get into the double secret marketing co-op program and qualify for special pricing or marketing kickbacks for discouraging OS migration?
Posted Jul 5, 2012 21:05 UTC (Thu) by mjg59 (subscriber, #23239)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds