undefined | Better HN

0 pointsmistrial91y ago0 comments

> Support is a good thing, nobody is forced to use secure boot or things signed by Microsoft.

ok it is true that these partition types are older than I previously assumed.. but the statement about "forced to use secure boot" .. that is not true at all, yes lots of devices are forced to use UEFI secure boot. In fact, a quote from a Debian derivative recently stated "we use a kernel from Canonical to support booting a wider range of devices" .. because they just want to do that? no one is making them do that? really, the market truth of laptops and cloud VMs is requiring UEFI in a calculated way, with the keys being issued and managed centrally from MSFT. info welcome

0 comments

bravetraveler1y ago

Is it commonplace for laptops to not allow disabling Secure Boot? I work with desktops and big iron; it's entirely optional here.

Even in clouds - it's optional based on your compliance goals/requirements. 90% of the time it's KVM/QEMU with an API. Secure boot isn't slowly taking that scene over either, it's still optional support.

I really don't get the impression that we're losing control over our boot processes. We use the things signed by MS because it's convenient and the average user can't be bothered to do their own enrollment.

I see how this can be "boiling the frog", in a sense, but it's a bit close to conspiracy for me.

mistrial9OP1y ago

yes It Is commonplace for laptops to not allow disabling Secure Boot .. one recent low-end laptop did not allow booting from any device except the soldered-in boot disk, which used only UEFI and signing keys.

k8svet1y ago

It's not common, no offense but you clearly have an axe to grind and started out with an incomplete understanding, so [citation needed].

Also, please do name and shame, especially since MICROSOFT MANDATES THAT SECURE BOOT IS DISABLE-ABLE (on x86 devices, anyway, we'll see what happens with Snapdragon X Elite devices).

1 more reply

j / k navigate · click thread line to collapse