[lstamour]

Locked down boot loaders? The spec says you must be able to change it. And you can. Same with Chromebooks (dev switches) and Macs (rEFIt or boot camp). This is about security of the boot process for those who desire it. TPM is a feature just like Chrome's default support for DRM now. Necessary evils or useful security, all depends on who is in control. What makes service lockdown worse is you're not in control if you let someone else run it. Google should have at least given a replacement protocol. Make XMPP better: push the web forward!

[sp332]

Actually in order to get a "Made for Windows RT" sticker on an ARM device, OEMs must enable "Secure Boot" and disallow changes. http://www.zdnet.com/blog/open-source/microsoft-to-lock-out-...

[kevinoid]

> The spec says you must be able to change it.

This is true for x86, ARM has the opposite requirement. Presumably esolyt was referring to the Windows 8 Hardware Certification Requirements: Client and Server Systems[1] which state "On an ARM system, it is forbidden to enable Custom Mode." and "Disabling Secure Boot must not be possible on ARM systems." (page 122) which prevents booting to an OS not signed by Microsoft.

1. http://msdn.microsoft.com/en-us/library/windows/hardware/hh7...

[esolyt]

You can turn off safe boot only on x86 devices, but not on ARM devices.