←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 2 comments | 26 Jul 22 03:46 UTC | HN request time: 0.614s | source
Show context
bodge5000 ◴[26 Jul 22 07:44 UTC] No.32235479[source]
Just to be clear, is this a case where you can't dual boot windows and another OS, or you can't boot another OS at all (in either case, the other OS being non Microsoft authorised)? Or something else entirely? Would it be possible to disable this at all, even that means you can't boot Windows?
replies(1): >>32235608 #
zaptheimpaler ◴[26 Jul 22 08:05 UTC] No.32235608[source]
You cannot boot the other OS at all if secure boot is enabled and Microsoft drops support for the 3rd party UEFI CA list. The machine will refuse to boot any kernel that has not been signed by the CAs already included in the machine. This is typically only Microsoft and sometimes the OEM like Lenovo or Dell.
replies(3): >>32235663 #>>32236469 #>>32236847 #
bodge5000 ◴[26 Jul 22 08:15 UTC] No.32235663[source]
Could this be disabled by the user? Presumably doing so would mean you cannot boot Windows, but if thats a trade off Microsoft is forcing me to make, I'll accept it.

If you can't, it goes without saying that that is unacceptable

replies(2): >>32235693 #>>32235722 #
1. jhanschoo ◴[26 Jul 22 08:20 UTC] No.32235693[source]
Yes, you can disable secure boot.
replies(1): >>32237603 #
2. cesarb ◴[26 Jul 22 12:53 UTC] No.32237603[source]
> you can disable secure boot.

That's not always the case: https://www.softwarefreedom.org/blog/2012/jan/12/microsoft-c... "Disabling Secure [Boot] MUST NOT be possible on ARM systems."