Reply to post:

Choosing a non-Windows OS on Lenovo Secured-core PCs is trickier than it should be

DuncanLarge Silver badge

The problem with your assertion, that because MS has not decreed secure boot should never have an option to be turned off, that this means it is up to the manufacturer thus we will have options to turn it off, is that you assume that manufacturers see beyond the MS borders.

You have to realise that most MB manufacturers are lambs and MS play the role of Mary.

MS dominate the x86 desktop/laptop architecture. That is more than enough incentive to not have the off option, as MS windows requires secure boot thus why have an off option? (note that I didnt suggest the server market, that has a very different mix).

The option to turn it off will thus become "unsupported" by most MB manufacturers as they design their hardware to work with windows. They test their hardware to work with windows. They warranty their hardware to work with windows. And windows REQUIRES secure boot, so supporting and testing an option to turn it off is surplus and only will be utilised by a small minority anyway, some of which will do so by accident and create noise on the support desk.

Take the BIOS for example. The UEFI has essentially replaced the BIOS, for MOST operating systems, and certainly the main one. But the BIOS is still required by any number of older operating systems and older hardware that require the CSM in UEFI to function. Yet many UEFI's dont have a CSM anymore, why? Windows dont need it, thats why. And if the manufacturers even considered the Linux minority, even WE don need it. But does QNX boot on UEFI? Does DOS? Why did I mention DOS? Well there are plenty of DOS installs out there that can continue to do their DOSsy things controlling breweries etc on modern hardware, if only they can boot.

Backwards compatibility for the BIOS was recently sacrificed for the sake of reducing support requirements, because the majority (windows) does not need it and has not needed it for a long time.

So yes, I think your assertion that MB manufacturers will maintain and support the ability to turn off secure boot is wishful thinking at best. Only if it is mandated by LAW will such a feature be maintained, just like it was mandated by law that MS did not lock down the X86 TPM. Nothing stopped them locking down the ARM TPM, find me a ARM based windows machine that has the option to let a user control or even disable secure boot...

Lets not forget that MB manufactures only develop and test their UEFI boot process to SUPPORT WINDOWS. The UEFI specification is very clear as to how it works and how any OS can be booted but there are plenty of manufacturers who only test it boots windows and some that actually actively try to "correct" the Linux boot entry because it must be a corrupted windows boot entry, HP I'm looking at you. So if Linux isnt even properly supported by the UEFI boot process in so many cases, today, what makes you think secure boot will be any better?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon