Windows 10 announcement: certified hardware can lock out competing OSes



“Secure computing” means completely different things, if you’re a computer user versus a computer maker.


Ya mean I cant put OS/2 or DOS 3.0 on my nu computter?




What horrible phrasing. Saying that Microsoft intends this connotes something entirely different from saying that they are “making it a reality”. Sometimes, progressives without conviction are their own worst enemies.

1 Like

I’m not sure what you’re saying… can you clarify? Are you calling out something about the cited article, or about Corey’s summation? Are you more or less concerned about what’s being described than you were when you read the headline?


Since the phrasing I complained about wasn’t present in Cory’s summation, that would have made no sense. I was referring to the cited article.

Windows 10 to make the Secure Boot alt-OS lock out a reality

They are separate concerns. I think it’s a lame intention on Microsoft’s behalf. And I think it’s unfortunate that the headline is so jaded as to state it as fait accompli. The best reasons for journalism about exploitive practices are to encourage action. Framing it as a lost cause encourages inaction. It’s the difference between the problem one doesn’t have direct control over (Microsoft), and that which one does (the journalism about it).


If, over the years, Microsoft had put half as much effort into making their stuff work rather than preventing it from working, perhaps they’d have functional software by now.
… Or perhaps not.


Don’t buy certified hardware. Problem solved.

Edit: Or wait three days for instructions on how to de-certify certified hardware.


The BIOS code, or however they call it these days, let’s call it BIOSoid, is what checks the code signature of the OS loader. Tamper with this, and problem solved.

Of course this will be hindered, as this is a hole as large as a tunnel. Possibly by checking the signature of the code of the BIOSoid-loader by code locked under a layer of epoxy in some chip, too small to deal with using common means.

Maybe there will be some sort of a JTAG-like interface to access the TPM or whatever where the permitted keys are stored.

If the vendors were good for something, they would have some disable-this-crap jumper, accessible to the owner/possessor of the hardware.

…and, of course, to add three more insults to this injury, the NSA exploits will have the proper signatures…


This is absolutely much ado about nothing. What fraction of users ever install a new OS… 2%? 5%? In any event, it’s really small; I’ve certainly never done it, although I’ve thought about it. So for 90-something percent, this has no effect at all.

For the proud, nerdy few, how about you don’t buy the machines that are slaved to a particular OS? Even if a sizable fraction are hobbled, I don’t imagine Microsoft can exercise dictatorial control over 100% of the market. There’s going to be somebody out there still making boxes you can mod - and if I’m wrong, then your totalitarian fantasies have come true, and Windows is the least of our problems.

1 Like

Good advice for new machines.

Not so good for hand-me-downs, secondhands, and salvages. :frowning:


Those ones won’t have the lockout, will they? Unless you’re worried about time-traveling fascists, but they don’t have enough energon cubes to be a threat yet.


no easy way to boot self-built operating systems…

Made me laugh. Is that easy today? Show of hands - how many here have ever built an OS?

1 Like

The cutting edge of today is the old junk of tomorrow.

As one whose machines are often “pre-owned” and who hoards more scrap than a small-scale recycler, I can vouch for that.

You may like to think a bit into the future. Time flies.


Does Gentoo count?

In smaller scale, does configuring and compiling a custom kernel count?

Related: what about those various rescue/recovery CDs (or flash disks)? Sooner or later you get in trouble and will need to start the machine in a way that was unexpected. These situations are usually high in stress and low in time, so you want such methods to succeed.


“The road to hell is paved with good intentions.”


Or, as I liked to say to my ex:
“Perhaps we should choose a destination before we start driving.”


“Microsoft has announced a relaxation of its “Secure Boot” guidelines for OEMs, allowing companies to sell computers pre-loaded with Windows 10 that will refuse to boot any non-Microsoft OS.”

I don’t understand the use of the word “relaxation” in this sentence. To me it implies that the policy will not be strictly enforced, and yet the article appears to imply otherwise.


Yes, I also interpreted this to mean that OEMs would be allowed to sell devices with this exclusivity, which needs to be optional now. Which might be thought to beg the question of why there would be a push for allowing the exclusivity, when making it optional has worked well enough. And the article highlights the problem of the TPM - the Trusted Platform Module, that this effectively locks down a given system, and raises issues of what comprises a “trusted party”. It would take the users capability to cryptographically lock retail computers, and put it in the hands of others, such as Microsoft.


Depends on what you mean by build. If customizing and installing a linux distro (made by people like you and me) counts, then a large fraction of the people in high tech have, and not just software folks. In all of the sciences, linux is the de facto standard for people doing scientific computation.