←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 9 comments | 26 Jul 22 03:46 UTC | HN request time: 0.409s | source | bottom
Show context
bodge5000 ◴[26 Jul 22 07:44 UTC] No.32235479[source]
Just to be clear, is this a case where you can't dual boot windows and another OS, or you can't boot another OS at all (in either case, the other OS being non Microsoft authorised)? Or something else entirely? Would it be possible to disable this at all, even that means you can't boot Windows?
replies(1): >>32235608 #
1. zaptheimpaler ◴[26 Jul 22 08:05 UTC] No.32235608[source]
You cannot boot the other OS at all if secure boot is enabled and Microsoft drops support for the 3rd party UEFI CA list. The machine will refuse to boot any kernel that has not been signed by the CAs already included in the machine. This is typically only Microsoft and sometimes the OEM like Lenovo or Dell.
replies(3): >>32235663 #>>32236469 #>>32236847 #
2. bodge5000 ◴[26 Jul 22 08:15 UTC] No.32235663[source]
Could this be disabled by the user? Presumably doing so would mean you cannot boot Windows, but if thats a trade off Microsoft is forcing me to make, I'll accept it.

If you can't, it goes without saying that that is unacceptable

replies(2): >>32235693 #>>32235722 #
3. jhanschoo ◴[26 Jul 22 08:20 UTC] No.32235693[source]
Yes, you can disable secure boot.
replies(1): >>32237603 #
4. zaptheimpaler ◴[26 Jul 22 08:25 UTC] No.32235722[source]
You can disable it for now. But there is no guarantee that you will always be able to.

Personally I think its very likely MS will eventually push to strongarm OEMs into locking secure boot to be enabled. All it will take is another round of "security improvements" and the public eats it up. The market would then fragment into laptops that can only run Windows and maybe more expensive laptops that allow you to disable secure boot. If the number of people who actually care enough to vote with spending a few extra hundred $ remains as low as it always has, over a decade it will drive open laptops to become wildly overpriced and eventually cease to exist.

replies(2): >>32235950 #>>32236463 #
5. tpxl ◴[26 Jul 22 09:06 UTC] No.32235950{3}[source]
> more expensive laptops that allow you to disable secure boot

This makes me sad. Old low-powered laptops with a light-weight distro are a joy to see and give out to family members to browse the web.

6. freemint ◴[26 Jul 22 10:28 UTC] No.32236463{3}[source]
> Personally I think its very likely MS will eventually push to strongarm OEMs into locking secure boot to be enabled.

Not as long as the EU remains functioning.

7. mikro2nd ◴[26 Jul 22 10:30 UTC] No.32236469[source]
This matched my guess: it's about MS extracting a $x per machine tax on all non-MS OSs to stay on their certificate list. Same playbook they've used on Android.
8. 7373737373 ◴[26 Jul 22 11:25 UTC] No.32236847[source]
Can't wait for EU antitrust and the courts to punish this attempt
9. cesarb ◴[26 Jul 22 12:53 UTC] No.32237603{3}[source]
> you can disable secure boot.

That's not always the case: https://www.softwarefreedom.org/blog/2012/jan/12/microsoft-c... "Disabling Secure [Boot] MUST NOT be possible on ARM systems."