Same here. SB isn't anything I'll need fro the time being.

It should be mentioned that some OEMs implementations of UEFI are atrocious. However I suspect that will clear up as the howls of dispair are processed by their support people.

As for as Secure Boot is concerned when I get a motherboard that has it I'll disable it. I'm totally unworried about what I choose to boot on my machine.

Indeed! Something's amiss!

Two reasons.

Technical: Secure Boot is not uniformly a bad thing. Some people may find themselves in threat scenarios where Secure Boot becomes an appropriate defense. For Linux to unilaterally not support the feature would disqualify its use in those situations. A better fundamental design -- namely, supporting multiple signing roots -- would have made the entire hue and cry simply evaporate.

Philosophical: advising J. Random User to "disable that security feature to make Linux work" is, as you might imagine, something that would be greeted with skepticism if not outright disdain.

Because they want a solution that users can use without needing to preconfigure their systems to work with... since not everyone will want or even know how to turn of secure boot and will likely just give up if the installer fails to boot.

Steve:

What I mean is that Canonical, Red Hat, SuSE, the Linux Foundation, and who knows who else are all looking for solutions to a problem that doesn't exist if the ability to turn off secure boot is written into UEFI. There must be something more here.

So, why all the fuss if we'll always be able to turn secure boot off, and run the distro we want?

Frank.

Sure! I might even be able to find one of those sharp-cornered plastic boxes that the Windows 7 DVD shipped in. Should make for an excellent frame, especially if you don't clean off the blood from your fingers

Can I print and frame that Steve?! heh

The security problem that Secure Boot was designed to thwart isn't of sufficient threat to warrant the brittleness and rigidity of Secure Boot's design. So as a protective mesaure, the feature could be less restrictive and still accomplish something useful.

Of course, there's also...

...the worry that, at some point, Microsoft might again try strong-arm tactics to lock out alternate operating systems. Because the company has historically abused its position multiple times, such worries are not completely misplaced.

My guess is maybe because it's Microsoft and who knows what Ballmer's boys are up to.

Wow, interesting read, thank you for posting.

I don't know if this if of any importance, but I didn't see anything about it on this forum. Matthew Garrett (ex-Red Hat) made a secure boot loader for all Linux distributions:
http://mjg59.dreamwidth.org/20303.html
I know too little about this stuff to judge if it's of any importance.

Steve:

Thanks for the clarifications. I used the term BIOS in the generic sense. I see now that I was mistaken.

If the ability to disable secure boot is written into the specifications by MS, then this is all a big ado about nothing. However, people in the know are making a big deal over it. Why?

Frank.

You are correct about ARM-based machines. However, ARM is a different beast. ARM machines are system-on-chip, and thus aren't generally designed with the intention of being general-purpose machines with user-replaceable software. Of course, that hasn't stopped folks from doing that anyway -- witness the thriving Android rooting community.

The Windows 8 certification requirement for ARM that includes mandatory Secure Boot should be viewed as equivalent to carriers demanding locked boot loaders on phones. Interested folks who want to tinker with their ARM tablets will figure out ways around Secure Boot just like they've figured out how to circumvent locked boot loaders.

Now please don't infer from the previous that I agree with the notion. I'm opposed to all forms of lock-out mechanisms. Owners should be free to do whatever they want with their hardware. I'm simply illustrating that mandated Secure Boot on ARM is not without precedent. Furthermore, if Microsoft were to extend manded Secure Boot to X86, then that would most likely run afoul of stipulations in the Modified Consent Decree.

But from what I know on arm based system they require the opposite - that you cannot disable secure boot (at least that is what I heard) so I worry this requirement might eventually `slip` into the x86 arch requirements as well.