On 04/12/2018 11:43 AM, Peter Stuge wrote:
Taiidan@gmx.com wrote:
- Support for Secure Boot - would one approach be simpler than another?
SB was invented by MS for DRM, it serves no real security purpose IMO
I'd like to ask you to reconsider that opinion.
It is a fact not an opinion.
SB was invented for DRM - to prevent people from using linux or god forbid doing something that hollywood doesn't like. "embrace, extend, extinguish"
Good things don't have to be forced on people, but the SB 2.0 specs have quietly left out the owner control mandate after the attention has died down.
Secure Boot is mandated by Microsoft to provide Microsoft and Microsoft's customers (OEMs) security, and I think it's pretty effective.
But Secure Boot is also related to the security of individual computers and computer users, because it enables Microsoft and OEMs to establish a controllable, reliable and thus trustable chain of software from reset to desktop.
So microsoft should control the whole computing ecosystem? They are an obsolete relic that should not be permitted to strangle the competition in the crib.
Most people who buy computers are happy, because controlling the computer isn't as important as using the desktop
Why can't they simply provide people a choice? (ie: flip this switch to disable code signing enforcement)
Freedom is too dangerous? Hackers could turn their computer in to a bomb without secure boot?
which I think is fine.
I am surprised someone here would think that, moreso you of all people.
There will not be another future steve jobs or bill gates game changer decades from now just more mark zuckerberg's only allowed to make useless web apps.
Even wealthy families won't think to purchase their children a developer computer by default and when a kid sees a "you are not allowed to install this" message he/she will simply give up and go on to something else like be a lawyer instead of a computer engineer; although even that developer model won't allow someone true access they will only be allowed to create surface level programs not low level programs, kernels, or firmware.
I believe one day even you the expert will not be allowed to run the code you please at least not without buying a very expensive "developer edition" laptop.
People think that phones were always a walled garden but I am old enough to remember when programs were installed on a palm treo similarly to the win32 model where you download a file from a website and double click without requiring permission to install something on *your phone*.
Let us hope the leaders of the future do not share your complacency or we are truly done for.