I still think that letting one software vendor (IE Microsoft) have control over the proprietary keys to what alternative OS can be booted on a piece of hardware was a bad idea. And now along with Intel and AMD having their own management software running underneath the OS we have Microsoft adding their own 'security' processor baked into the hardware doing who knows what.
Lenovo's laptops caused a disturbance last week after a security engineer found himself unable to boot up a copy of Linux due to restrictions that are apparently insisted upon by Microsoft. Matthew Garrett, an information security architect, was keen to check out Lenovo's latest Pluton-equipped wares but found himself unable …
Monday 11th July 2022 17:27 GMT oiseau
Tuesday 12th July 2022 04:29 GMT Updraft102
Any OS vendor can create secure boot keys for use with their own signed bootloaders. MS is not the only vendor that can do that. It's just that the hardware OEMs likely would not care to include the keys for any OS they don't offer as a preinstalled or supported choice on their hardware. With that in mind, the various Linux vendors use the MS third party signed shim instead (with their own keys used as they go down the boot chain from that initial shim).
As long as MS does not demand hardware vendors enforce secure boot with no option to disable it, it's the hardware vendor's fault if there is no way to turn it off. Personally, I do have it enabled on my Linux machines where it won't interfere with anything; where it will, I disable it. My big problem at the moment is not with Microsoft, but the Linux kernel people. Linus gave in to the idiot(s) who decided that secure boot being enabled means kernel lockdown mode is used, which in turn turns off hibernation. The gist of it is that the hibernation file is stored unencrypted, so allowing a secure boot PC to hibernate could leave the keys to the store easily available to miscreants.
It simply is not true, though, to say that if you are going to occasionally use hibernation, there is no value in secure boot at all. All those times you didn't use hibernation even though you had the option, secure boot is still doing its job. Having it enabled does not imply it gets used all the time, of course, but even if hibernation is used, it raises the level of effort required to successfully exploit the boot chain if it is necessary to search for and find secure boot keys first. Linus held firm on this for a while, but I guess they wore him down.
For those of us who use UEFI-level full disk encryption... well, our swap partitions are encrypted with the system off, which is when the hibernation file is relevant, but you still insist that we can't use hibernation because some kernel devs I never met can't be certain my swap partition is protected (that's a "me" problem, not a "you" problem, kernel guys). They thereby require me to turn the security feature completely off instead, in the name of ensuring my security. Sounds almost Redmondian in its illogic.
I have one laptop that handles secure boot in a really neat way. I can use the options in the UEFI to select a bootloader as trusted, and from that point forward the UEFI will securely boot that bootloader. Bootloaders already signed with an OEM key don't need to be added to the whitelist, obviously, but this option makes it easy to enable secure boot for any bootloader that is not pre-approved.
Tuesday 12th July 2022 05:46 GMT RAMChYLD
> Any OS vendor can create secure boot keys for use with their own signed bootloaders.
Unfortunately that is also not necessarily true. As I've mentioned many times there are badly programmed UEFI BIOSes that would brick the computer the moment a key that isn't from Microsoft is injected into the secure boot keyring. In my case, the Ventoy key on an Gigabyte X470 Aorus Gaming 5. Injecting the Ventoy key causes the machine to immediately start exhibiting a bad slowdown (noticeable delay between keypress and response on screen), and upon reboot, the machine will never come to until the CMOS is cleared which results in all keys getting purged.
Tuesday 12th July 2022 10:36 GMT Anonymous Coward
re. bad idea
there are many bad ideas for end-users, which are great ideas for software and hardware vendors (perhaps you can never have a win-win, if one side of the 'deal' has the power to shift that balance, guess towards which solution).
Sorry for the bleeding obvious, you'd think that the product is meant to be great idea for... end user. Well, no, the product is merely a means to the end, the means being many end users, and the end is the great idea of greatER profits for software and hardware vendors. Nothing personal, just business :/
Monday 11th July 2022 16:41 GMT Franco
I'll wait till there's more info to pass full judgement, but Lenovo are (IMO) not overly trustworthy when it comes to what they do with their BIOS and who's fault it is. They've already stopped BIOS reconfig via script as they claim it's a security issue (which HP and Dell don't seem to agree with, in their opinion it's fine as long as you also secure the BIOS with a password when you do it) which means the little Enterprise market share they still have is going away very quickly. They've also been known in the past to not bother to support any flavour of Linux with their storage drivers and blame that on other people too.
Monday 11th July 2022 17:31 GMT oiseau
... also been known in the past to not bother to support any flavour of Linux ...
Which is the main reason I do not come near that crap.
Should I receive one (or similarly crippled) for my birthday/anniversary/xmas or whatever (doubtful but remotely possible) I'll quickly sell it at a discount to some WinFan and go purchase decent hardware with the cash.
Or maybe just blow it all on something worthwhile.
Like broads and booze.
Monday 11th July 2022 21:02 GMT Gene Cash
Lenovo are (IMO) not overly trustworthy
Let's see, there's:
* the Lenovo Service Engine that phoned home and installed bloatware
* the pre-installed Superfish malware
* the Lenovo Customer Feedback Program that shopped your info to Omniture daily
* the Lenovo Solution Center with TWO privilege escalations that allowed remote code execution
And that's just a quick Google.
I wouldn't touch 'em with somebody else's 10-foot barge pole.
Tuesday 12th July 2022 05:49 GMT RAMChYLD
And then there's the fact that they shipped one laptop in the past that does not allow disabling Secure Boot (fine, some Distros will still boot, but not all) and one particular laptop they decided to enable hardware FakeRAID, for which there are no drivers for Linux, without giving users an option to turn it off.
And yet FOSS influencers like Cory Doctrow still swear by them. Very odd.
Tuesday 12th July 2022 09:39 GMT Marcelo Rodrigues
Wednesday 13th July 2022 12:29 GMT Anonymous Coward
Seems like the fascination is embedded in the human psyche. I suspect many people who say they are offended by the sight - actually are being irresistibly attracted. It seems many morality laws are supported by people who are trying - often unsuccessfully - to control their own "dark" thoughts.
Monday 11th July 2022 21:03 GMT MrDamage
Monday 11th July 2022 18:04 GMT Adair
Tuesday 12th July 2022 13:03 GMT Charlie Clark
Re: So vendors are content ...
Well, when it is a requirement for the volume discount licensing program that saves them millions. The requirement is buried in the agreement which has to be kept confidential because it contains business "secrets" (Microsoft's anti-competitive behaviour). Considering that > 99% of all users will want to use the pre-installed Windows on the machine, it's difficult to understand why Microsoft continues with this strategy.
Tuesday 12th July 2022 17:56 GMT bombastic bob
Re: So vendors are content ...
Requiring, rewarding, or coercing Lenovo into blocking/hampering/disallowing Linux...
If it is FORCED by contract, ANTI-TRUST LAWSUIT
If it is COERCED by pricing, ANTI-TRUST LAWSUIT
If it is REWARDED somehow, ANTI-TRUST LAWSUIT.
ANY interference with competing operating systems, EVEN IF THEY ARE NOT PAID FOR, would be an UNFAIR BUSINESS PRACTICE and (in the USA) be subject to PROSECUTION under EXISTING ANTI-TRUST LAWS. (opinion, IANAL)
I just wanted to point this out. And YES, if Microsoft IS doing this, they SHOULD be SUED for it.
Maybe the EFF?
Monday 11th July 2022 18:35 GMT steviebuk
have they not been hit with a massive anti-trust suit again? Like back in the 2000 with IE which they lost. They are doing the same again with Edge and now this. Surely this is an anti-trust case screaming out.
I like Linux but don't use it but recommend it to people on a tight budget for laptops. Also recommended Lenovo as I like them despite the Chinese link (CCP will be in there somewhere now sadly) but no more. Will have to look elsewhere.
Very tempted by a Framework laptop. Microsoft are loosing control with Satnav incharge, especially with the buy now pay later debt creator they were going to bake into Edge (I assume that never happened as seen no word of it since)
Tuesday 12th July 2022 03:50 GMT Yet Another Anonymous coward
>have they not been hit with a massive anti-trust suit again?
Because they are sure that the current lot are dependant on Silicon Valley for funding
The lot who are going to take over in October are 'pro-business'
The big red flashing anti-trust light over Android and Apple mean that Microsoft can smile sweetly and say "why us?"
Tuesday 12th July 2022 04:34 GMT Updraft102
It is not an encouraging sign, but you can supposedly go into the UEFI setup and turn on MS third party module signing. The default setting only works with the MS key on Windows, but when you enable that setting, the Lenovo behaves like other PCs. I would not let having to change one setting dissuade me from buying a machine I like (though I must also add that I have never owned a Lenovo).
Monday 11th July 2022 18:49 GMT David 132
Well, he was doing it wrong.
The preferred, “approved” way to install Linux these days is on top of Windows using WSL. That way, Microsoft can ensure that you get the best possible Linux experience.
(I couldn’t decide whether to go with the Trollface icon, because I worried that people might think the above comment is serious…)
Monday 11th July 2022 19:23 GMT gerryg
Monday 11th July 2022 19:35 GMT SImon Hobson
Really, is anyone actually in the least bit surprised ?
Secure boot came in, and was originally easy to turn off - so "don't worry, you can turn it off and boot somehting else".
Then it became always on and this signed shim was needed.
This is simply the next step - put an extra obstacle in the way of someone performing unauthorised computation with the hardware they thought they had bought. Good god, anyone not running Windows must be some sort of criminal. At least, that would appear to be the approach being taken in Redmond.
Monday 11th July 2022 21:09 GMT morningtea
Am I the only one here who thinks SecureBoot is actually a good thing?
The massive mistake was to hand over CA responsibilities to Microsoft, not SecureBoot itself.
Manufacturers screw up the non-Windows experience in many ways these days, it seems, but they really are not always to blame. Sometimes it's the whole industry that's screwed up...
Tuesday 12th July 2022 07:02 GMT Anonymous Coward
You're right that the issue is that Microsoft appear to be the main CA for these certs and this is the big problem. But can't manufactures load other keys to into their secure boot key store, playing around on some older HP ProLiants recently I had to reload the secure boot keys to cope with HPE being a separate company. The tools that does this shows all the keys they've loaded and I noted that as well as the MS keys and the manufactures own keys, HP was loading keys for SUSE (but not Red Hat).
The PK (Platform Key) is from HP
/O=Hewlett-Packard Company/OU=Long Lived CodeSigning Certificate/CN=HP UEFI Secure Boot 2013 PK Key
The Microsoft and SUSE keys are then listed as key exchange keys
/CN=SUSE Linux Enterprise Secure Boot CA/C=DE/L=Nuremberg/O=SUSE Linux Products GmbH/OU=Build Team/emailAddressemail@example.com
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation KEK CA 2011
/O=Hewlett-Packard Company/OU=Long Lived CodeSigning Certificate/CN=HP UEFI Secure Boot 2013 KEK key
While the "whitelist" database contains the HP, Microsoft Windows and "other" keys and the SUSE keys.
/CN=SUSE Linux Enterprise Secure Boot Signkey/C=DE/L=Nuremberg/O=SUSE Linux Products GmbH/OU=Build Team/emailAddressfirstname.lastname@example.org
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows Production PCA 2011
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011
/O=Hewlett-Packard Company/OU=Long Lived CodeSigning Certificate/CN=HP UEFI Secure Boot 2013 DB key
There's tons of stuff in the blacklist database but I've never tried to turn any of this into something human readable.
Given that the main platform key is from the manufacture isn't it up to them to load the keys. Not that Microsoft aren't specifying to some extent which keys needs to be loaded, but it looks at least to some extent that it is possible for them to load other keys.
Tuesday 12th July 2022 04:43 GMT Updraft102
Secure boot is not always on unless the hardware vendor chooses for it to be. With 8.x on PCs, MS required secure boot be on by default, but there had to be an option to turn it off. With Windows 10, they removed the bit about there having to be an option to turn it off, leaving that choice to the hardware manufacturer. Windows 11 requiring secure boot does not mean that MS is demanding that hardware vendors get rid of the option to disable it.
Certainly I would avoid any PC that has always-on secure boot, but it's not Microsoft at fault for that. If MS changes its policy and starts demanding that, then they will be the bad guy, but that would provoke legal action for sure,
Tuesday 12th July 2022 13:46 GMT DuncanLarge
The problem with your assertion, that because MS has not decreed secure boot should never have an option to be turned off, that this means it is up to the manufacturer thus we will have options to turn it off, is that you assume that manufacturers see beyond the MS borders.
You have to realise that most MB manufacturers are lambs and MS play the role of Mary.
MS dominate the x86 desktop/laptop architecture. That is more than enough incentive to not have the off option, as MS windows requires secure boot thus why have an off option? (note that I didnt suggest the server market, that has a very different mix).
The option to turn it off will thus become "unsupported" by most MB manufacturers as they design their hardware to work with windows. They test their hardware to work with windows. They warranty their hardware to work with windows. And windows REQUIRES secure boot, so supporting and testing an option to turn it off is surplus and only will be utilised by a small minority anyway, some of which will do so by accident and create noise on the support desk.
Take the BIOS for example. The UEFI has essentially replaced the BIOS, for MOST operating systems, and certainly the main one. But the BIOS is still required by any number of older operating systems and older hardware that require the CSM in UEFI to function. Yet many UEFI's dont have a CSM anymore, why? Windows dont need it, thats why. And if the manufacturers even considered the Linux minority, even WE don need it. But does QNX boot on UEFI? Does DOS? Why did I mention DOS? Well there are plenty of DOS installs out there that can continue to do their DOSsy things controlling breweries etc on modern hardware, if only they can boot.
Backwards compatibility for the BIOS was recently sacrificed for the sake of reducing support requirements, because the majority (windows) does not need it and has not needed it for a long time.
So yes, I think your assertion that MB manufacturers will maintain and support the ability to turn off secure boot is wishful thinking at best. Only if it is mandated by LAW will such a feature be maintained, just like it was mandated by law that MS did not lock down the X86 TPM. Nothing stopped them locking down the ARM TPM, find me a ARM based windows machine that has the option to let a user control or even disable secure boot...
Lets not forget that MB manufactures only develop and test their UEFI boot process to SUPPORT WINDOWS. The UEFI specification is very clear as to how it works and how any OS can be booted but there are plenty of manufacturers who only test it boots windows and some that actually actively try to "correct" the Linux boot entry because it must be a corrupted windows boot entry, HP I'm looking at you. So if Linux isnt even properly supported by the UEFI boot process in so many cases, today, what makes you think secure boot will be any better?
Monday 11th July 2022 19:54 GMT Claverhouse
Tuesday 12th July 2022 00:15 GMT Kev99
Tuesday 12th July 2022 00:53 GMT DeathSquid
Tuesday 12th July 2022 12:47 GMT Plest
Re: A leopard never changes its spots.
They've done some good, they've handed out a few crumbs to the masses for free, VSCode is a nice simple IDE tool ( certainly not a pro tool for coding ) and they play FOSS advocate but there simply to find out what the competition is up to, however they're always going to be a wolf in sheep's clothing and take everything they do with a pinch of salt.
Tuesday 12th July 2022 01:48 GMT martinusher
I read just today that Q2 sales of PCs have plummeted. I must admit that I'd like a new PC but I don't want all of that corporate crap on it, I'm a great fan of KISS. The more things you put on a system to secure it the more attack surfaces you expose; eventually the PC becomes the point of the exercise with any user software being just an afterthought (user software? Surely that just means MS Office? There is no other user software...)
So I'll just limp along with whatever junk I can lay my hands on. It will probably work just fine, especially as its running Linux most of the time.
Tuesday 12th July 2022 12:52 GMT Plest
Every single PC I've owned since 1991, whether I built it myself or bought a boxed deal, the second the power goes on the CD/DVD/USB goes in and wipes the supplied Windows O/S. I've always got my Windows ISOs from MSDN, they're built for enterprises to start with a base, they don't have the crapware installed by some paid advertisers and the core builds expect you to tweak them.
I'm not pushing Windows or Linux, each person has to decide what they like, but one thing you never, ever do is run with the supplied crap-filled, bloated quagmire of a free copy of Windows on a PC from a shop. Buy it, plug in in, switch it on and wipe it clean, then do what you will.
Tuesday 12th July 2022 02:41 GMT Kevin McMurtrie
Tuesday 12th July 2022 03:57 GMT Updraft102
Tuesday 12th July 2022 08:30 GMT sreynolds
Tuesday 12th July 2022 08:57 GMT Anonymous Coward
M$....leopard, spots.......and so on
Once upon a time, BillG engineered MS-DOS so that DR-DOS would not run.
Yup.....M$ engineering a competitor lockout......who'd have thunk it?
So.....nothing really changes in Redmond, WA. It's still "Evangelism is War".....see: http://edge-op.org/iowa/www.iowaconsumercase.org/011607/3000/PX03096.pdf
That was January 2000......same leopard, same spots today!!
Tuesday 12th July 2022 12:55 GMT Plest
Re: M$....leopard, spots.......and so on
They got shareholders and our pension funds tied up in their stock, they're never going to change and anything they can do to increase profits they will do, no matter who it locks out and whomever they have to crap to get that cash rolling through the door and ther stock price rising ever higher.
Tuesday 12th July 2022 10:30 GMT Anonymous Coward
Linux was "an unsupported scenario'
plain English: banned. No, wait there! - strictly speaking, if you put a fence around your luvely garden, you don't 'BAN!!!!' anyone - you just make the fence high enough or the bars close enough so people can open the gate or climb it, by means of an MS ladder / key, right? Enter YOUR garde. Or 'associated space'. Nothing personal, just business. I mean, why would you spend money to support an 'alternative' scenario, while support means money, eh.
fast forward 25 years and many happy lawyers later, MS have agreed to change the scenario, only that they're no longer relevant to anything other than ancient history, but hey, victory for fair competition!
Tuesday 12th July 2022 11:59 GMT DuncanLarge
Well well well, who would have guessed.
I used to be quite a MS basher but have mellowed in recent years as Gates left, thus letting go of the reins and the FUD and Halloween documents were a fond nostalgic memory of a time when GNU/Linux was so scary and revolutionary to the big wigs, what with windows refund days etc, the creation of Open Source to help rebrand elements of Free Software to win over business execs that care about profit, saving money etc vs freedom.
Then Trusted Computing reared its ugly head, threatening to lock down computers to the point that they would be queried for their trustworthiness as a function of merely browsing to a website, and the big OS giants (OK, giANT) already had cornered the vast majority of PC use thus had no intention on trusting anything other than their own OS. It looked like there was a future where I, a Free Software loving Richard Stallman fanboy was thinking of hoarding "free" motherboards before the d-day of trusted computing made it impossible to run GNU/Linux. I was ready to buy as many boards and cpu's as I could to have spares all my life. I still have a hoard of old laptops recovered form the IT skip where I worked just for this reason. So what, if in 30 years my machine was going to be slow and unable to communicate over the trusted internet? I would be free to use a computer it for my own reasons, offline with spares to last decades.
Then Trusted Computing got its balls kicked in!
As the plans of the giant(s) lay on the floor clutching its nether regions the TPM came out as a mere shadow of what it was supposed to be. Apart from on ARM, MS rules there.
The TPM was required to be under full user control, even turned off if desired. No website today says "Your TPM is not enabled". Now the TPM is a useful cryptographic store and a very good random number generator which adds high quality randomness to Linux's random pool. The user can even create their own certificate chain and self sign anything they wish. As stated in the article, MS even supplied a cert for signing a shim for other OS's to use. Why? Well so that secure boot can be kept on, to help fight the virus', which is one of the reasons why a TPM was wanted in the first place, besides the ability to allow censorship.
But here we go, my old self, the MS bashing one, seem to be more active recently. Sure he was placated by MS loving open source this and that, bash in azure, WSL and more hints of a different MS but he is still a bit of a cynic. The recent announcement of the banning of sale of anything that can be seen as FLOSS on the MS store, with that pathetic attempt to explain it away, rattled him too.
Now we have it all over again. A dominating giant, creating a TPM replacement (why??), blatantly locking out other OS's. Eliminating competition. All very familiar territory. Sure a user can re-enable the third party cert, but for how long? Who is making it clear to MS that this cert, even if disabled, must be supported going forward as a requirement? Or are they merely just going to eventually say "this machine is designed for windows" and wipe their hands of any responsibility of maintaining compatibility when they finally delete the cert for "security reasons".
Microsoft used underhanded tactics against business and school children alike to become the dominant OS on the x68 platform. Competition was driven almost underground, and thats how GNU/Linux looked back then, as an underground breakthrough OS seemingly coming up from beneath the floorboards with MS execs jumping onto tables screaming like in a Tom and Jerry cartoon. Those days were fun but the execs stopped screaming and started learning up on extermination. Many years later, co-existence looks like the norm, MS being the main dominant choice and GNU/Linux the enthusiast one, which MS was happily bringing parts of into their own offerings.
It feels like the old days again, MS have embraced and extended, now they look like they are setting up the ability to extinguish. WSL may be the only way anything Linux like will run on such machines in the future.
Tuesday 12th July 2022 12:29 GMT UdoGoetz
Re: Well well well, who would have guessed.
Please don't freak out, there have always been options to buy well-supported Linux machines. The more we buy from these vendors, the stronger they will be when we need them. Just don't expect to get a cheap communist Laptop without shackles.
See my other post.
(I admit to having bought communist computers in the past, but I will defintely not do this again)
Tuesday 12th July 2022 14:16 GMT DuncanLarge
Re: Well well well, who would have guessed.
> there have always been options to buy well-supported Linux machines
But who makes the MB's that go into those machines?
In another reply to someone who asserted that we will always have the option to turn off secure boot I described the reality of the situation and it applies here.
No matter how many pre-built systems we buy that come with Linux, we will never tip the balance enough to guarantee such support in the hardware used to build these machines. Now, besides laptops, I avoid pre-built, I just upgrade bits as I go in my PC's but I will be affected there too eventually especially if I cant buy PC components anymore as the markets seem to be going (PC parts are increasingly regarded as enthusiast PC-builder stuff, as long as gamers buy such things we can too).
For a while we will have the ability to turn off secure boot or in this case re-enable the cert. Till the MB manufacturers remove support, say in 10 years at a stretch.
They will do this because they will need to save money and they wont want to employ someone who knows how to test stuff that isnt windows just to satisfy a minority of what are considered hobbyists?
MB manufacturers barely even supply a UEFI that can BOOT Linux. Thats because they test it on windows only, as long as the worlds main OS boots, requirements are satisfied. Some MB manufacturers actually supply a UEFI that corrects a linux boot option, because it is clearly a corrupted windows boot option, isnt it HP?
So if MB manufacturers cant be arsed to develop and test a UEFI to the specification, which would boot Linux happily, why do you think they will continue to support a little used feature, that of re-enabling the cert, if the vast majority of "real" customers dont need it. They already dropped the CSM that provided BIOS compatibility for so many other OS's that dont support UEFO not to mention hardware that need the CSM to hook in their BIOS. All of that was/is being dropped because windows dont need the CSM and heck neither do the tiny amount of Linux users out there.
Thus we would have to make our own motherboards and UEFI's, maybe we will find a way to reflash broken by design UEFI's with our own to gain control.
Chances are, we wont be using many x86 systems if this goes the way I see it trying to go. We all will be using RISC V systems.
Tuesday 12th July 2022 12:44 GMT UdoGoetz
+ Raspberry PI, which is by now more than good enough for libreoffice, for personal webserving, SVN server, personal file server etc. Also for light WWW surfing.
+ Fujtsu Servers based on SPARC are a powerful alternative to Intel and their ME backdoor. https://www.fujitsu.com/us/products/computing/servers/unix/sparc/
+IBM Power https://en.wikipedia.org/wiki/IBM_Power_Systems
We must actively use, buy or influence the buying of alternatives to the Wintel monopoly.
Tuesday 12th July 2022 12:56 GMT aerogems
Little Column A, Little Column B
It has long been the practice of OEM support reps to blame Microsoft/Windows for just about anything, and then for Microsoft support reps to pretty much do the same. Everyone points the finger at everyone else because SLAs are based on getting people off the phone within a certain amount of time, not about taking the time to actually solve the problem... you know, provide support.
So, my personal guess is that Microsoft is simply recommending a particular setting, but Lenovo is then misrepresenting it as a hard requirement. Probably not even the fault of whatever poor sod told this researcher that it was something Microsoft was insisting on. Likely that came from several rounds of the workplace version of the telephone kids game where someone asked someone who asked someone else and so by the time the question got to someone who knew the answer it likely didn't bear any resemblance to the original, just like the response that came back.
Or, it could be a case of the OEM screwing up either intentionally or not. I remember back when XP SP3 came out, HP systems with AMD CPUs were having issues. Everyone was quick to blame Microsoft for somehow targeting AMD CPUs, but turns out it was HP who got lazy and was using the same OS image for Intel and AMD CPUs, which worked fine until it didn't.
Tuesday 12th July 2022 13:58 GMT Anonymous Coward
>> A Microsoft spokesperson told The Register in January that using the tech with Linux was "an unsupported scenario."
Haha. They are either naive or probably just plain idiots.
If every machine goes (broken) Pluton... well, it can't; Linux 100% rules the increasingly connected world of cloud / servers and us engineers who write software for the servers tend to only want to do it exclusively on *nix running on our workstations and laptops.
It is getting to the point where crooked reactionary attempts like this from Microsoft are... just a bit embarrassing for them.
Tuesday 12th July 2022 14:28 GMT DuncanLarge
Tuesday 12th July 2022 18:36 GMT karlkarl
WSL currently translate to "use a Linux VM". This will never be an option because the virtualizer does not expose the actual hardware (and certainly not Microsoft's basic Hyper-V). That's why developers don't do this currently. The majority never will.
Older hardware is good. Until they need to buy us newer hardware to get more work out of us. Ultimately the industry will cater to us.
Tuesday 12th July 2022 15:06 GMT Anonymous Coward
My friend was on the new employee onboarding in MS; there was a comment about the computer setup - “there are always 2 who have a Mac but everyone else is on Windows” - as in being annoyed. The ratio is like 2 to 150. This is not even Linux I am talking about. What do you expect? Employees probably do not even know that Linux is a thing when they make “informed” decisions.
Tuesday 12th July 2022 15:08 GMT Randin1
Open letter to Lenovo
Such action strikes at the very heart of Open Source...
To restrict hardware based on what the user wants to use as an OS
is quite frankly deplorable on IBM's part
I have nothing against UEFI or any type of secure boot process however
when you use such to restrict what can be used on said machine such
can only lead to more restrictions
Next thing you know there will be a wattage and or CPU restriction when
in certain states or locations!!
P.s. California already does this with gaming computer orders!!