[userbinator]

and it would banish Linux from all PCs making Windows the some possible OS

We're getting closer to that with things like "secure" boot. Fortunately that can still be disabled, but MS even required that on ARM platforms it can't. The bigger Linux distros have bent over and gotten MS to sign their bootloaders, essentially making them at the mercy of MS.

[pzmarzly]

Back when EFI consortium wanted to make Secure Boot always on, it wasn't even clear if ARM is going to win in mobile market, let alone PC/server one.

Nowadays all non-mobile aarch64 devices I used, and even many mobile ones, let you boot your own unsigned kernel. Arm's SBBR only states that IF you implement Secure Boot and TPM support in your EFI firmware (you don't have to), it has to comply with certain rules. Nothing about preventing users from disabling it. (https://documentation-service.arm.com/static/5fb7e66fd77dd80...)

[c0pium]

This is a weird way to describe an open, transparent standard.

https://wiki.debian.org/SecureBoot#What_is_UEFI_Secure_Boot_...

[LoganDark]

It doesn't matter how open and transparent the standard is if part of the de facto implementation is that Microsoft is the only one with the keys.

Some BIOSes let you enter your own Secure Boot keys (like my desktop and laptop), but not all.

[Analemma_]

I’ve complained about this before, but I’ve been hearing “Microsoft is going to block you from installing Linux!” since like 2004, when it was a reliable way to get an easy “+5 Insightful” on Slashdot. It hasn’t happened, even on Microsoft’s own first-party computers.

At this point I think it’s firmly FUD and the people who say it’s coming any second now need to put up the evidence. Microsoft doesn’t seem to care, especially now that Windows is an afterthought to Azure, O365, etc.

[trinsic2]

If you keep track of the changes to the BIOS firmware, you can see the changes. Their minuscule but happening. We don't have full blow preventing from disabling secure boot yet, but it appears to me that's were this is going. (Disabling usb ports, having keys that prevent disabling Secure boot unless you clear them or change them. All it takes is some event to bring these companies over the edge. The Asus MB development relies totally on Microsoft's decisions about this.

I think the point, at least for me, is that they shouldn't be taking away any user control for consumer products. And yet that is what we have let them do. Its not going to stop.

[cesarb]

> > I’ve complained about this before, but I’ve been hearing “Microsoft is going to block you from installing Linux!” since like 2004 [...]

> If you keep track of the changes to the BIOS firmware, you can see the changes. Their minuscule but happening. We don't have full blow preventing from disabling secure boot yet, but it appears to me that's were this is going.

Case in point: until recently, even with SecureBoot enabled by default, you could boot Linux distributions which have their bootloader signed by Microsoft, without going into the firmware setup screen. Nowadays, at least with some Lenovo models, you have to go to the firmware setup screen, and either enable a cryptically named option or disable SecureBoot. A quick web search gave me https://www.omglinux.com/boot-linux-modern-lenovo-thinkpads-... which has a screenshot, and which mentions that this is a new Microsoft requirement (instead of something Lenovo came up with).

[userbinator]

Yes, it's all about boiling the frog slowly. Very slowly.

Also, from that link is a somewhat notable cultural nugget:

"For their part Lenovo intimate that it is "

[trinsic2]

I just seems like we need to create coalition and put pressure on OEMS to stop buying int Microsoft's crap.

[vetinari]

It did happen - on Windows RT machines. Linux was locked out, only Microsoft-blessed binaries would load; not just efi, os-ones as well.

Fortunately, this one went nowhere. But the same concept could be repeated on x64.