On Wed, Feb 27, 2013 at 6:48 PM, zxq9 <[log in to unmask]> wrote:
> On 02/28/2013 12:53 AM, Dale Dellutri wrote:
>> On Wed, Feb 27, 2013 at 6:27 AM, zxq9<[log in to unmask]>  wrote:
>>>
>>> There is a silver lining. The board makers themselves are out to sell
>>> boards
>>> and laptops and tablets and can be reasoned with. My company is an
>>> extremely
>>> small player in the hardware field but we've had positive response from
>>> vendors when inquiring about having our own keys included on boards
>>> alongside Microsoft's when doing bulk orders. We haven't had to go that
>>> route yet so I'm unsure how much of a pain that would actually be to
>>> manage
>>> (doesn't appear much more difficult than managing repository keys though,
>>> for example), but this leaves the door open for even tiny computing
>>> companies and larger IT departments to arrange for their own "secure"
>>> boot
>>> keys to be pre-installed by the board manufacturers and not violate
>>> Microsoft's requirements, even on ARM. That said, since we don't do
>>> showroom
>>> marketing anyway neither we nor our suppliers have a need to put little
>>> "Windows8 Ready" stickers on anything they ship to us anyway.
>>
>> Doesn't this lower the eventual resale value of the laptop?  Doesn't it
>> restrict
>> the laptop to run only what either MS wants or what you installed?
>>
>> I buy refurbished laptops and install Fedora, but I might want to try *BSD
>> or
>> Ubuntu or something else in the future.  Doesn't the "silver lining"
>> restrict
>> that with these UEFI laptops?
>
> It does indeed lower the overall value to the buyer -- which is why we're
> not satisfied with the concept of "secure boot", even if a board maker puts
> our keys on the device: we want to sell hardware, and providing a device the
> user can do whatever he wants to independent of us is a more competitive
> selling position than selling, essentially, a "locked" device.
>
> This is not a good move for the industry for this exact reason. Of course,
> laptop makers think this means they will be able to sell one device per
> instance/OS a user wants -- but especially in the consumer space this is
> wishful thinking.
>
> If standard UEFI situation ever moves from "user disable-able" to "always on
> by default" then every device sold will essentially be a locked device that
> requires jailbreaking to work properly. Offering unlocked devices is far
> more competitive -- but the dialogue of the industry has made a mystical
> security claim that lay users don't understand and magically transformed
> vendor-jailing of devices from a usability impediment into a must-have
> feature.

I wouldn't be surprised if SB became "un-disable-able" in the next few
years. We'd then have to use an MS-signed shim to boot, as is now the
case with the default Fedora and Ubuntu SB setups.