Scali wrote:Not to mention that you can also turn off Secure Boot altogether, in which case none of this even applies in the first place.
Fear mongering.
^^^ This ^^^
Basically the FSF are pissed because by default it doesn't come with any *nix keys, only microsoft. That FSF document actually endorses Secure boot....
Secure Boot, done right, embodies the free software view of security, because it puts users -- whether individuals, government agencies, or organizations -- in control of their machines.
just not the fact that by default it comes with microsoft...
In theory, there should be no problem. In practice, the situation is more complicated. As currently proposed, Secure Boot impedes free software adoption. It is already bad enough that nearly all computers sold come with Microsoft Windows pre-installed. In order to convince users to try free software, we must convince them to remove the operating system that came on their computers
booo hoo... just do that then!
With Secure Boot, new free software users must take an additional step to install free software operating systems. Because these operating systems do not have keys stored in every computer's firmware by default like Microsoft does, users will have to disable Secure Boot before booting the new system's installer.
So basically they want to appeal to users who don't know much about computers to use their OS in stead of the one that comes with the computer. Should be down to users to use what they want imo, if my computer doesn't run the OS because I need to do X to it, I will do X to it... if it doesn't run the OS I want by default, I either buy one that does, or live with the fact that I can't get my square into my circle...
There is no restriction on FSF, just the fact that it's not default behavoir...
The best way out of all of this (other than having all computers come pre-installed with free software) would be for free software operating systems to also be installable by default on any computer, without needing to disable Secure Boot.
And there is absolutely no restriction that MS imposes on Secure Boot...
In order to comply with Microsoft's rules as currently published, distributors of x86 computers will have to provide users both the option to customize Secure Boot by using their own security keys, and the option to disable it completely.
Anyone who is really that bothered and knows anything about this will probably go and buy a Talos Raptor (their secure boot is open source allowing the user to modify it)... but of course then we are back to square ione
appaih4 wrote:The issue here is that you are presenting it as if hardware developers one day came together and decided to implement a standard […]
Show full quote
The issue here is that you are presenting it as if hardware developers one day came together and decided to implement a standard called Secure Boot and Microsoft agreed to it and became a key provider whereas Linux just didn't take it seriously so it is suffering.
This is not what happened. At ALL.
Microsoft decided to push UEFI and Secure Boot leveraging its massive market share and more or less mandated that future OEM PCs and IHV motherboards be compliant and include Microsoft's boot keys while at the same time assuming the post of a key producer. It was a dick move aimed at taking more control of a platform they were selling to - if you believe Microsoft initiated any of this shit with benign intentions in mind you are delusional, this all coincides with their other dick moves such as trying to shove the Microsoft Marketplace and Windows 10's App structure down the consumers' throats - they were basically trying to turn the PC into a closed Windows environment (and no wonder this also coincides with XBOX One being announced as requiring 24H Online DRM etc.. ) What Linux did was stand up and say:
Image
They certainly did not win this fight, but they fought on the right side. If you are arguing the opposite view, you are part of the problem as far as I am concerned. Secure Boot was the wrong solution to a problem that did not exist.
🤣 ... go and read that document you posted!
I really don't know what the problem is, and that FSF document you linked is nothing more than a rant, but even says itself that it's a good thing and they are just wanting a piece of the pie by default... but no one is restricted from doing anything?
Just that by default, it has MS keys and want it to have *nix keys without the need to turn it off.... it really isn't a problem or consipracy like you are making it out to be.