So, it's nothing to do with the actual OS and all about the option to disable Secure Boot - to be or not to be. Seems MS has changed its tune. With Win8, MS insisted that, in order to qualify for the "genuine" logo licensing, the manufacturer MUST provide a switch to disable Secure Boot. Now, with Windows 10, MS has apparently made that optional, as in it's up to each manufacturer whether they include the switch or not. I'm guessing that most manufacturers would not be stupid enough not to provide the option, could mean financial suicide.
So, this can only potentially affect any new UEFI mobos or systems manufactured under the "genuine" Windows 10 logo licensing terms. Even then, only if the manufacturer chooses not to include a disable switch for Secure Boot, which seems highly unlikely. All UEFI mobos and systems manufactured pre Windows 10, in circulation right now, will not present any problem whatsoever.
Marc - If Secure Boot is not supported at all you're all good. It's only when Secure Boot is supported and the manufacturer does not provide a disable switch that the user will be susceptible to problems with dual boot, etc.
Jim Hillier said
Marc - If Secure Boot is not supported at all you're all good. It's only when Secure Boot is supported and the manufacturer does not provide a disable switch that the user will be susceptible to problems with dual boot, etc.
That's good to know Jim, but it would be interesting to imagine how things would look if I bought a new mobo with secure boot enabled as per 'Designed for Windows 10'.
Also, this bollocks from MS that secure boot is all about preventing malware invading the boot up process; what chicken shit!
There's an article with a major rant right there!
Correct me if I am wrong. From what I read is that W10 will have to ship with Secure Boot Enabled, and for some devices one will not be able to disable Secure Boot.
The desktop PC and the desktop mobo is the only device where Secure Boot can be disabled, until newer mobo are manufactured and will not have the switch to disable Secure Boot.
If Secure Boot is not supported by the mobo, how can one disable or enable the Secure Boot option that is already set to be enabled in the W10 OS. If this is the case then it will definitely disqualify some PC's for the free upgrade, or even to be able to install W10.
Daniel, anyone who categorically says that newer mobos will not include a disable option for Secure Boot is WRONG.
The manufacturers have NOT been told they cannot include that option, just that it is entirely up to them whether they include it or not. And, as I said earlier, given the choice, I don't believe any manufacturer would be stupid enough to exclude that option.
Marc is correct, sort of. This is actually a logo licensing issue. Manufacturers who want to display a "Designed for Windows 10" logo on their products must comply with MS's logo licensing terms which include a mandate that Secure Boot must be included. What's changed is that in the Windows 8 logo licensing terms, participating manufacturers were also told they MUST include an option to disable Secure Boot. In the Windows 10 logo licensing terms, that mandate to include an option to disable secure boot has been dropped so the decision to include or not is now up to each manufacturer.
The only ones not affected will be smaller manufactures who do NOT participate in the Windows logo licensing scheme and so will not have the rights to stick a "Designed for Windows 10" logo an their products. As such, they are not required to comply with any logo licensing terms so can pretty much do as they please.
Anyway, this move has only been intimated by MS and is subject to change. Nothing is yet set in concrete and we probably won't know for sure until RTM.
I guess we know how users will be notified.
I noticed that also. Compared to W7 the whole OS seems a bit unprofessional. Now see if you can make sense of Spartan. You also need to set IE as your default browser for WU to work. Notification will drive you crazy.
That is why I put it on a separate drive that is not connected through the MBR.
Have fun!!!!
I've just read your article Jim and it's left me wondering, from an ideological standpoint, what's the purpose of secure boot at all?
This nonsense about rootkits and low level malware somehow finding themselves infecting your PC at the load/install point seems like nothing more than a smokescreen to me.
In your article, you say that UEFI is a global standard that Microsoft has no ownership over. Whilst that is true, one could argue that not 'owning' the standard isn't the same as being a major player in its implementation. Call me a cynic, but since a vast percentage of PCs are and will be running Windows from non other than Microsoft and one could argue that an iron fist attitude on secure boot could lead to no end of anticompetitive actions against Microsoft, even though they don't 'own' the UEFI standard per se.
At this point in the discussion, it would be revelatory to hear from those who have indeed been infected by rootkits with secure boot turned off, or indeed not present at all on their mobo.
So, from what I understand, the secure boot may now be an optional option, which is murky to say the least.
Think of it like this: a new safety standard for motor cars comes out whereby the engine won't start unless an alcohol test proves negative via some built in gadget on the dash. There's furor from all quarters and in particular from freedom warriors and a 'fudge' solution is agreed upon whereby the car safety standards commission mandates this as an optional safety measure and car manufacturers can build in an off switch as a bypass. Kind of negates the whole point really doesn't it?
And this 'Designed for Windows xxx' logo is really all about branding and getting your product out there in the end. 'Designed for Windows 7' for example, gives the impression that it's not going to function with Linux or any other operating system and frankly it's not a cast iron guarantee that it's going to work in Windows anyway.
Mice, keyboards, cases and PSU's with a Windows logo slapped on them?
Are you kidding me?
Marc, that quote re UEFI being a global standard was taken from an article written by another author, hence the link at the end.
I agree with you about Secure Boot, I've been running Windows OSs in BIOS systems for years, still am, and haven't fallen victim to any bootkits or other malware during all that time.
The problem is, all the complaints and discussion re Secure Boot are over its potential to prevent freedom of choice rather than its value as a security tool. What I would like to see is some of the leading security experts research and divulge the truth regarding Secure Boot... if in fact there are any real benefits or not. All we've had to date is innuendo and opinion... such as the following from Bruce Schneier - "I think this just another piece of security theater that will inconvenience many and benefit no one."
We get the message, the problem is it is not in any way concrete or definitive.
Yes Jim, that's the keyword here, potential.
The question you ask is important, i.e has anyone actually fallen victim to an attack at such a basic level.
Further, has anyone yet been prevented from loading any OS other than Windows with secure boot enabled and if so, did disabling secure boot in uefi fix that?
Exactly mate. What we have here is two sides of the story with neither side offering concrete evidence to support their claims.
There is no doubting that boot-kit malware, which is loaded pre-operating system and bypasses the AV, is a nasty infection, difficult to identify and remove. What we are not being informed of is the pertinence: what is the degree of boot-kit infections, are they prevalent or scarce? Are home users generally at risk or are these types of attacks pretty much limited to the corporate sector? Too much supposition, not enough information.
You'll appreciate the following quote from (Linux) Red Hat's Matthew Garrett:
The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows. The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft are misusing to gain tighter control over the market. And the truth is that Microsoft haven't even attempted to argue otherwise
Each side has an agenda and whatever story they tell reflects their own vested interests.
Jim Hillier
Richard Pedersen
David Hartsock
Carol Bratt
dandl
Jason Shuffield
Jim Canfield
Terry Hollett
Stuart Berg
John Durso
1 Guest(s)