> But to bring this more on topic, I'm curious if you think that
> the goals of Secure Boot are good goals, and whether they're worthwhile.
I do indeed think that the end user having auditability at the boot-loader
level is a good idea and a worthwhile goal.
> Do you think these are good goals, and do you think there's some amount
> of inconvenience in running non-Windows operating systems that should
> be tolerated in pursuit of this goal?
This is absolutely not tolerable. Why Windows? Why not OSX, or Linux, or _?
This is precisely where I see Secure Boot possessing real danger. Its stated
goals are truly desirable and worthwhile ones, and they should be pursued.
However, it is absolutely unacceptable that any "amount of inconvenience in
running non-Windows operating systems" is introduced by a system that achieves
these stated goals. Secure Boot creates a false dichotomy between increased
security and loss of control of one's hardware.
Furthermore, it reinforces the precedent on ARM system of hardware-crypto
lockdown being acceptable.
And last and most unsettling, all that needs to be done to lock down x86
once Secure Boot is in place is to come up with a convincing
give-some-things-up-for-better-security argument for "relaxing" the
requirement that Secure Boot be disablable by the machine owner.