Garrett: Secure Boot and Restricted Boot

Re the risks and our outlook. I do understand that some phones aren't locked down, and this is a selling point in some segments. I can understand why you see this as progressive and hopeful. However, I think that's a short-term view of things.

Look at the long-term of computing. Over my lifetime, computers have become ever more closed and user-hostile. When I was very young, all computers had full programming information publically available, from peripheral hardware, to the CPU, to the software environment. Often these were supplied with the computer by default. Some computers even came with full schematics for the board and/or CPU, even the entire system. As time progressed, the programming information available became more limited. Vendors tried to restrict the information even more. Most systems today, even ostensibly "open" ones, tend to have many components that are not documented. Sometimes even CPU software programming interfaces are kept hidden. Further, vendors have even tried to control what software can be run at all, using a variety of schemes.

The phones you speak of that are not locked are still, from my perspective, extraordinarily closed systems. They often contain non-publically-documented CPUs and DSPs. We're in the position where a computer that is touted as being the BBC micro for this era, the "open" hackable computer for today's youth, the raspberry Pi, runs the "open" software only under the control of another, undocumented CPU that requires a proprietary blob to boot it.

From my perspective, "Secure Boot" - which we're agreed is "Restricted Boot" minus 1 bit of information (or policy as someone else put it), with that bit under control of the vendor - is another step down this path of ever more locked-down and inaccessible computing.

Your perspective clearly is more optimistic than mine though. ;)