Solve : Microsoft tightens Windows 10's Secure Boot screws?

1.	Solve : Microsoft tightens Windows 10's Secure Boot screws?
Answer» Full story: Screw Linux! The lesson is clear. If you want to use Linux, or care about being able to, do your homework before making a buying decision, and either build a machine yourself, or avoid hardware that is "Designed for Windows 10" and has a locked down BIOS.Thanks for reading the article. More about this is coming...Is Microsoft not requiring manufacturers to include the option of disabling Secure Boot on laptops and desktop SYSTEMS really Microsoft moving to "tighten" Secure Boot? Windows 8's OEM requirements state it as required. Since Windows 10 isn't yet released there isn't a OEM Requirements document for it... so we're reading a lot into presentation bullet POINTS released about a piece of software that isn't going to be released for a few months. Not requiring that the option be able to be shut off on a system to be OEM certified isn't really "tightening" anything. If anything, it is giving OEM's more options in how they implement the hardware- and let's be realistic- any OEM that decides to roll out otherwise standard architecture laptops and desktops that doesn't allow Secure Boot to be disabled is not going to be getting positive reviews once that comes out. The articles saying Microsoft is "tightening their grip" are silly click-bait titles. Quote from: BC_Programmer on May 04, 2015, 07:54:44 PM Is Microsoft not requiring manufacturers.... any OEM that decides to roll out otherwise standard architecture laptops and desktops that doesn't allow Secure Boot to be disabled is not going to be getting positive reviews once that comes out. The articles saying Microsoft is "tightening their grip" are silly click-bait titles. Wait and see. ...meanwhile, back at the ranch... Linux users alarmed over Windows 10 lockout Just for a little historical perspective: Quote from: Geek-9pm on June 09, 2014, 10:34:38 AM Right. Do even try it. Until you first ask around. It has been widely reported new laptops with Windows 8 with not let you install any other OS. Really. Earlier I posted a Linux compatibility list. You might want to Google for an update to the list before you even think about installing Linus on your new laptop. What is the problem? The new laptops have secure boot features that prevent the install of another OS. This will cut down on laptop theft. In fact, a laptop robber can not even install an older version of Windows. Once the disc has been wiped clean, no OS can be installed. Don't believe me. Don't. I am not the one saying it. Check it out. Go to your favorite Linux forum and ask: Can I do a dual boot with Linux and Windows 8.1 on anew Dell laptop? You may be surprised by the answers n you get. Or just do a Google on it: 'Can I do reinstall Windows 8 on my laptop?'' It has been documented! EDIT: This link on Life Hacker is out of date. http://lifehacker.com/can-i-reinstall-windows-on-my-computer-without-the-bloa-1512345361 Thanks BC, that jogs the mind. Here are some random thoughts. Just random thoughts. • MS will give free Windows for machines with secure boot locked. • OEM will give one year warranty on machines with secure boot . • When one OEM is acquired by another, an update will lock secure boot. • A Free Anti-virus will only work if secure boot is locked on. • Software support subscriptions only for companies the use secure boot. • Big company sells ton of PCs with option advertising. Then later locks it. • Class action against MS for making OEM later lock secure boot. What else? EDIT: Forgot to mention. Secure boot can be locked off later via update. This is yet another thing being blown way out of proportion by media outlets attempting to get cheap hits. Secure Boot is not designed to only allow Windows to run, it just HAPPENS to be the case that Windows was the first OS to support it. There are now several Linux distros that already support Secure Boot and work happily under it, this number is going to grow. Microsoft are merely relaxing the requirement that secure boot can be disabled (which I add you used to not believe was possible at all) - This does not mean that manufacturers will do this. If I had to guess this requirement is going to be introduced for devices running Windows 10 such as smartphones. Previously Microsoft actually enforced that secure boot had to be able to be disabled (so much for wanting to block Linux), they are merely removing this restriction. It is up to the individual manufacturer as to whether they want to allow it to be disabled or not. If I had to guess again, when they first introduced the requirement that Windows 8 machines had to support Secure Boot, support under Linux for it was flaky/non-existent. Nowadays Secure Boot support under Linux is much better. Think of it this way and it looks as though the reason Microsoft made it a requirement that users must be able to disable Secure Boot was to protect Linux users! All of these articles suggest that Microsoft are doing this to block people from running Linux as though it is some sort of war. This is totally not the case, Microsoft has generally been supportive of Linux, they were the top contributor to the kernel for many years and are now starting to release some of their software to run on Linux such as Visual Studio Code. The other key thing is that these articles are all working off of incomplete information from a single presentation, this is hardly accurate. For example, they may still force manufacturers that if they do not allow the user to disable secure boot, it must be made possible for the user to install their own certificates. This would then allow Linux distros to boot fine.Camerongray, t hanks for your post. I respectfully disagree. This issue is not yet resolved. As you said, there is too little verifiable information. All companies like Microsoft have to walk a line between popular perception ans return on investment. They may have crossed the line. Credible statistics indicate there are more Linux users out there that what one might think. They are a significant, albeit small, part of the PC market. They will not be locked out, but it will be a struggle. The weeks ahead may bring more detail. Quote from: Geek-9pm on May 05, 2015, 10:30:41 AM This issue is not yet resolved. As you said, there is too little verifiable information. All companies like Microsoft have to walk a line between popular perception ans return on investment. They may have crossed the line. The fact that full information on the new OEM licenses is not available does not lend any credibility to your theories. Just to go through each one: Quote MS will give free Windows for machines with secure boot locked. I'm not entirely sure what you are referring to here. MS won't be providing Windows to consumers in this situation. The license applies to how OEM's may use Windows for pre-installation. As camerongray mentions, Windows 8 included a requirement that the device allow secure boot to be disabled for a non-mobile device. Are you suggesting that if somebody has a Windows 8 RT system (which would have secure boot forced on) that they will receive a free update to Windows 10? Well, you are right- because all versions of Windows 7 and 8 are eligible for a free upgrade. But that has nothing to do with Secure Boot. Quote OEM will give one year warranty on machines with secure boot . I am unsure what this means or what you are implicating here. Is that too short? too long? Where is this random thought coming from, exactly? Quote When one OEM is acquired by another, an update will lock secure boot. So if I understand correctly, your "random thought" is that, if, say, HP releases a laptop where they opt to allow the secure boot option to be toggled, and HP is subsequently purchased by Dell, that Dell could create an "update" that will remove the option? Because again these restrictions apply to the preinstallation environment, and what sorts of systems it can be installed on. An Update cannot revise the hardware implementation. Dell, in this case, could technically create a "firmware update" which would revise the original system firmware and remove the feature. But I'm not entirely sure where you are coming from with this suggestion. Why would an OEM do this? There would be zero reason for them to do this. You cannot merely express that because something is possible, it must be considered. That takes us into "Russell's Teapot" territory. Quote A Free Anti-virus will only work if secure boot is locked on. Nothing has ever been preventing this. Free AV programs do not need to meet Microsoft's OEM guidelines. OEM's do. Free AVs could have added a capability that prevented them from working if secure boot was not enabled. The reason Free AVs did not add this feature was not because it was a requirement that they not do so- they didn't do it because there is zero gain for doing so on their end. Companies aren't stupid. If they do something, it's because they think they can make money by doing so. An AV software spending money to have their developers work on a feature that locks their product out from over half of their customer-base is not something any company that wants to last longer would do. Again- it's possible for Free AVs to implement this- but The win10 OEM license changes don't change that scenario- it's been possible all along. Quote Software support subscriptions only for companies the use secure boot. On what planet would it be wise for a software company to only allow companies that use secure boot to pay them for support? Enterprises and companies pay Microsoft for support CONTRACTS. What logic has led you to the "random thought" that Microsoft would decide they only wanted the money from their corporate customers who had secure boot enabled? And like the previous "random thought" in what way will this situation be different given the alleged OEM license revisions? It seems like MS could have imposed this requirement with the release of Windows 8. The reason they did not is because it's basically turning down money from one of their BIGGEST revenue sources. Quote Big company sells ton of PCs with option advertising. Then later locks it. I'm not entirely sure you even know what secure boot is, does, or how it works. Like the first option- how would a company "lock it"? Secure boot is not a feature implemented in windows, it is part of the firmware created by the OEM, which you can't just change remotely. Except for lying to customers and saying "You need this firmware update" to get them to install it, you won't be able to forcibly set secure boot on. Furthermore, secure boot doesn't seem related to advertising at all. How do you imagine such a feature working, and how does disabling Secure Boot change it? Quote Class action against MS for making OEM later lock secure boot. Now you are suggesting that MS will change from requiring that Secure boot be possible to disable, to the now alleged not requiring it be possible to disable it- and then they will require that it be enabled on all systems? What evidence leads you to this conclusion? What would they gain from this approach? Furthermore, this ignores that changes to the OEM license will only affect new systems being released. changes to the OEM license will not require the OEM figure out how to make all their products using that software compatible with the new OEM license since those systems are already deployed. Quote Credible statistics indicate there are more Linux users out there that what one might think. They are a significant, albeit small, part of the PC market. They will not be locked out, but it will be a struggle. If you don't provide a source, it's not "credible". THey will not be locked out. and it will not be a struggle. many Linux distributions already support secure boot. Quote The weeks ahead may bring more detail. Anything to dispel your "random thoughts" will be a relief.I dealt with a Windows 8 locked down laptop trying to downgrade to 7. After taking methods to first of all gain access to the BIOS which was disabled to access via hot key at boot and figuring out how to use the Windows 8 OS to re-enable the BIOS hot key at post that was disabled by manufacturer & microsoft, I was then finally able to make the necessary changes to disable UEFI and install Windows 7 Home Premium to my new laptop. There are pros and cons to UEFI secure boot. For the most part, those of us wanting to run an OS other than what came with a new PC purchase generally figure out how to disable and install what we want. Although Microsoft could have been better at making it not such a pain to disable as for for Windows 8.1 the procedure changed from that of disabling UEFI on Windows 8 and so a online guide stating how to disable it gets you started but with 8.1 Microsoft intentionally changed it up some and so you have to take some extra steps off the path of the online guide for Windows 8 UEFI disable. Had this new laptop purchase for $279.99 bundled with Windows 8 been completely locked down to only Windows 8 or newer OS, I would have just unloaded the laptop close to the price I paid for it new and bought a laptop that came with 7 instead for a larger price tag new or find a refurb for equal to or lesser price. I saw a deal the other day for refurb laptops with Windows 7 for as low as $129.99 although they were just Core 2 Duo systems with small hard drives. I have been testing Windows 10 ( 32 and 64 bit ) and I like it better than Windows 8/8.1. Just not sure if I like it enough to get the free upgrade to 10 from 7 or not... I have to look into the legalities, but I am considering cloning my original windows 7 drive and upgrading the cloned drive to 10 and keeping the original on 7 and with removable hard drive bay on my desktop being able to boot the system with 7 or 10 so i have choices vs it being a 1 way upgrade. Because the drive would not be used on another computer and only used on that same computer by which it is licensed to begin with hopefully it would be as acceptable as dual boot systems in which such as back in the day you could get the upgrade edition of Windows XP and install Windows 98SE on one partition and Windows XP on the other partition and chose to boot 1 or the other, where the Upgrade version of XP was based on the original 98SE license which is still functional on another partition on the same drive in which both are not functional at the same time so it doesnt violate EULA. Just in the case of Windows 10 free upgrade from 7, its a Free upgrade vs buying the Upgrade edition if there was one.Quote from: Geek-9pm on May 05, 2015, 10:30:41 AM Camerongray, t hanks for your post. I respectfully disagree. Care to actually explain why? Sent from Linux on my Secure Boot capable laptopQuote from: camerongray on May 05, 2015, 01:00:51 PM Sent from Linux on my Secure Boot capable laptop So you understand the struggles!

Answer»

Full story:
Screw Linux!
The lesson is clear. If you want to use Linux, or care about being able to, do your homework before making a buying decision, and either build a machine yourself, or avoid hardware that is "Designed for Windows 10" and has a locked down BIOS.Thanks for reading the article.
More about this is coming...Is Microsoft not requiring manufacturers to include the option of disabling Secure Boot on laptops and desktop SYSTEMS really Microsoft moving to "tighten" Secure Boot? Windows 8's OEM requirements state it as required. Since Windows 10 isn't yet released there isn't a OEM Requirements document for it... so we're reading a lot into presentation bullet POINTS released about a piece of software that isn't going to be released for a few months. Not requiring that the option be able to be shut off on a system to be OEM certified isn't really "tightening" anything. If anything, it is giving OEM's more options in how they implement the hardware- and let's be realistic- any OEM that decides to roll out otherwise standard architecture laptops and desktops that doesn't allow Secure Boot to be disabled is not going to be getting positive reviews once that comes out. The articles saying Microsoft is "tightening their grip" are silly click-bait titles.

Quote from: BC_Programmer on May 04, 2015, 07:54:44 PM

Is Microsoft not requiring manufacturers.... any OEM that decides to roll out otherwise standard architecture laptops and desktops that doesn't allow Secure Boot to be disabled is not going to be getting positive reviews once that comes out. The articles saying Microsoft is "tightening their grip" are silly click-bait titles.

Wait and see.
...meanwhile, back at the ranch...
Linux users alarmed over Windows 10 lockout

Just for a little historical perspective:

Quote from: Geek-9pm on June 09, 2014, 10:34:38 AM

Right. Do even try it. Until you first ask around. It has been widely reported new laptops with Windows 8 with not let you install any other OS. Really.
Earlier I posted a Linux compatibility list. You might want to Google for an update to the list before you even think about installing Linus on your new laptop.

What is the problem? The new laptops have secure boot features that prevent the install of another OS. This will cut down on laptop theft. In fact, a laptop robber can not even install an older version of Windows. Once the disc has been wiped clean, no OS can be installed.

Don't believe me. Don't. I am not the one saying it. Check it out. Go to your favorite Linux forum and ask:
Can I do a dual boot with Linux and Windows 8.1 on anew Dell laptop?
You may be surprised by the answers n you get.
Or just do a Google on it:
'Can I do reinstall Windows 8 on my laptop?''

It has been documented!

EDIT: This link on Life Hacker is out of date.
http://lifehacker.com/can-i-reinstall-windows-on-my-computer-without-the-bloa-1512345361

Thanks BC, that jogs the mind.

Here are some random thoughts. Just random thoughts.
• MS will give free Windows for machines with secure boot locked.
• OEM will give one year warranty on machines with secure boot .
• When one OEM is acquired by another, an update will lock secure boot.
• A Free Anti-virus will only work if secure boot is locked on.
• Software support subscriptions only for companies the use secure boot.
• Big company sells ton of PCs with option advertising. Then later locks it.
• Class action against MS for making OEM later lock secure boot.
What else?

EDIT: Forgot to mention. Secure boot can be locked off later via update.

This is yet another thing being blown way out of proportion by media outlets attempting to get cheap hits.

Secure Boot is not designed to only allow Windows to run, it just HAPPENS to be the case that Windows was the first OS to support it. There are now several Linux distros that already support Secure Boot and work happily under it, this number is going to grow.
Microsoft are merely relaxing the requirement that secure boot can be disabled (which I add you used to not believe was possible at all) - This does not mean that manufacturers will do this. If I had to guess this requirement is going to be introduced for devices running Windows 10 such as smartphones.
Previously Microsoft actually enforced that secure boot had to be able to be disabled (so much for wanting to block Linux), they are merely removing this restriction. It is up to the individual manufacturer as to whether they want to allow it to be disabled or not. If I had to guess again, when they first introduced the requirement that Windows 8 machines had to support Secure Boot, support under Linux for it was flaky/non-existent. Nowadays Secure Boot support under Linux is much better. Think of it this way and it looks as though the reason Microsoft made it a requirement that users must be able to disable Secure Boot was to protect Linux users!
All of these articles suggest that Microsoft are doing this to block people from running Linux as though it is some sort of war. This is totally not the case, Microsoft has generally been supportive of Linux, they were the top contributor to the kernel for many years and are now starting to release some of their software to run on Linux such as Visual Studio Code.

The other key thing is that these articles are all working off of incomplete information from a single presentation, this is hardly accurate. For example, they may still force manufacturers that if they do not allow the user to disable secure boot, it must be made possible for the user to install their own certificates. This would then allow Linux distros to boot fine.Camerongray, t hanks for your post. I respectfully disagree.

This issue is not yet resolved. As you said, there is too little verifiable information. All companies like Microsoft have to walk a line between popular perception ans return on investment. They may have crossed the line.

Credible statistics indicate there are more Linux users out there that what one might think. They are a significant, albeit small, part of the PC market. They will not be locked out, but it will be a struggle.

The weeks ahead may bring more detail. Quote from: Geek-9pm on May 05, 2015, 10:30:41 AM

This issue is not yet resolved. As you said, there is too little verifiable information. All companies like Microsoft have to walk a line between popular perception ans return on investment. They may have crossed the line.

The fact that full information on the new OEM licenses is not available does not lend any credibility to your theories.

Just to go through each one:
Quote

MS will give free Windows for machines with secure boot locked.

I'm not entirely sure what you are referring to here. MS won't be providing Windows to consumers in this situation. The license applies to how OEM's may use Windows for pre-installation. As camerongray mentions, Windows 8 included a requirement that the device allow secure boot to be disabled for a non-mobile device. Are you suggesting that if somebody has a Windows 8 RT system (which would have secure boot forced on) that they will receive a free update to Windows 10? Well, you are right- because all versions of Windows 7 and 8 are eligible for a free upgrade. But that has nothing to do with Secure Boot.

Quote

OEM will give one year warranty on machines with secure boot .

I am unsure what this means or what you are implicating here. Is that too short? too long? Where is this random thought coming from, exactly?

Quote

When one OEM is acquired by another, an update will lock secure boot.

So if I understand correctly, your "random thought" is that, if, say, HP releases a laptop where they opt to allow the secure boot option to be toggled, and HP is subsequently purchased by Dell, that Dell could create an "update" that will remove the option? Because again these restrictions apply to the preinstallation environment, and what sorts of systems it can be installed on. An Update cannot revise the hardware implementation. Dell, in this case, could technically create a "firmware update" which would revise the original system firmware and remove the feature. But I'm not entirely sure where you are coming from with this suggestion. Why would an OEM do this? There would be zero reason for them to do this. You cannot merely express that because something is possible, it must be considered. That takes us into "Russell's Teapot" territory.

Quote

A Free Anti-virus will only work if secure boot is locked on.

Nothing has ever been preventing this. Free AV programs do not need to meet Microsoft's OEM guidelines. OEM's do. Free AVs could have added a capability that prevented them from working if secure boot was not enabled. The reason Free AVs did not add this feature was not because it was a requirement that they not do so- they didn't do it because there is zero gain for doing so on their end. Companies aren't stupid. If they do something, it's because they think they can make money by doing so. An AV software spending money to have their developers work on a feature that locks their product out from over half of their customer-base is not something any company that wants to last longer would do. Again- it's possible for Free AVs to implement this- but The win10 OEM license changes don't change that scenario- it's been possible all along.

Quote

Software support subscriptions only for companies the use secure boot.

On what planet would it be wise for a software company to only allow companies that use secure boot to pay them for support? Enterprises and companies pay Microsoft for support CONTRACTS. What logic has led you to the "random thought" that Microsoft would decide they only wanted the money from their corporate customers who had secure boot enabled? And like the previous "random thought" in what way will this situation be different given the alleged OEM license revisions? It seems like MS could have imposed this requirement with the release of Windows 8. The reason they did not is because it's basically turning down money from one of their BIGGEST revenue sources.

Quote

Big company sells ton of PCs with option advertising. Then later locks it.

I'm not entirely sure you even know what secure boot is, does, or how it works. Like the first option- how would a company "lock it"? Secure boot is not a feature implemented in windows, it is part of the firmware created by the OEM, which you can't just change remotely. Except for lying to customers and saying "You need this firmware update" to get them to install it, you won't be able to forcibly set secure boot on. Furthermore, secure boot doesn't seem related to advertising at all. How do you imagine such a feature working, and how does disabling Secure Boot change it?

Quote

Class action against MS for making OEM later lock secure boot.

Now you are suggesting that MS will change from requiring that Secure boot be possible to disable, to the now alleged not requiring it be possible to disable it- and then they will require that it be enabled on all systems? What evidence leads you to this conclusion? What would they gain from this approach? Furthermore, this ignores that changes to the OEM license will only affect new systems being released. changes to the OEM license will not require the OEM figure out how to make all their products using that software compatible with the new OEM license since those systems are already deployed.

Quote

Credible statistics indicate there are more Linux users out there that what one might think. They are a significant, albeit small, part of the PC market. They will not be locked out, but it will be a struggle.

If you don't provide a source, it's not "credible". THey will not be locked out. and it will not be a struggle. many Linux distributions already support secure boot.

Quote

The weeks ahead may bring more detail.

Anything to dispel your "random thoughts" will be a relief.I dealt with a Windows 8 locked down laptop trying to downgrade to 7. After taking methods to first of all gain access to the BIOS which was disabled to access via hot key at boot and figuring out how to use the Windows 8 OS to re-enable the BIOS hot key at post that was disabled by manufacturer & microsoft, I was then finally able to make the necessary changes to disable UEFI and install Windows 7 Home Premium to my new laptop.

There are pros and cons to UEFI secure boot.

For the most part, those of us wanting to run an OS other than what came with a new PC purchase generally figure out how to disable and install what we want. Although Microsoft could have been better at making it not such a pain to disable as for for Windows 8.1 the procedure changed from that of disabling UEFI on Windows 8 and so a online guide stating how to disable it gets you started but with 8.1 Microsoft intentionally changed it up some and so you have to take some extra steps off the path of the online guide for Windows 8 UEFI disable.

Had this new laptop purchase for $279.99 bundled with Windows 8 been completely locked down to only Windows 8 or newer OS, I would have just unloaded the laptop close to the price I paid for it new and bought a laptop that came with 7 instead for a larger price tag new or find a refurb for equal to or lesser price. I saw a deal the other day for refurb laptops with Windows 7 for as low as $129.99 although they were just Core 2 Duo systems with small hard drives.

I have been testing Windows 10 ( 32 and 64 bit ) and I like it better than Windows 8/8.1.
Just not sure if I like it enough to get the free upgrade to 10 from 7 or not... I have to look into the legalities, but I am considering cloning my original windows 7 drive and upgrading the cloned drive to 10 and keeping the original on 7 and with removable hard drive bay on my desktop being able to boot the system with 7 or 10 so i have choices vs it being a 1 way upgrade. Because the drive would not be used on another computer and only used on that same computer by which it is licensed to begin with hopefully it would be as acceptable as dual boot systems in which such as back in the day you could get the upgrade edition of Windows XP and install Windows 98SE on one partition and Windows XP on the other partition and chose to boot 1 or the other, where the Upgrade version of XP was based on the original 98SE license which is still functional on another partition on the same drive in which both are not functional at the same time so it doesnt violate EULA. Just in the case of Windows 10 free upgrade from 7, its a Free upgrade vs buying the Upgrade edition if there was one.Quote from: Geek-9pm on May 05, 2015, 10:30:41 AM

Camerongray, t hanks for your post. I respectfully disagree.

Care to actually explain why?

Sent from Linux on my Secure Boot capable laptopQuote from: camerongray on May 05, 2015, 01:00:51 PM

Solve : Microsoft tightens Windows 10's Secure Boot screws?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment