>Which systems have you seen that have Secure Boot enabled by default and don't provide any mechanism for key management?
All I've come across so far. Dells, Toshibas, a Lenovo, etc. I literally haven't seen a UI for key management at all. Ever.
MAYBE that's because it's too well hidden or maybe those machines I've looked at simply didn't have it.
>And let's say that, hypothetically, hardware vendors refused to add a physical switch that would cost a few cents extra per board
I'd say that non-hypothetically speaking, they were trying to stay on Microsoft's good side and coming up with a lame fucking excuse to do so.
That is, unless they came up with an equally good UI that didn't require a button, which is possible.
Someone on this thread mentioned that chromebooks have a button. When pretty much the lowest-cost point in the market can do it....
>Microsoft don't have enough leverage over the firmware vendors
Yes they do. If they have enough to mandate that it's written they have enough to mandate that it's written coherently. They just have every incentive to ensure that it isn't, and with a nod and a wink they can get their way.
>The number of lawyers I've found who, after having had all aspects of this explained to them, thought that Microsoft's behaviour here was anti-competitive is zero.
I wonder how many of those lawyers have ever tried to install linux with secure boot turned on.
Maybe they all thought that if the spec was kosher that's all that matters.
> MAYBE that's because it's too well hidden or maybe those machines I've looked at simply didn't have it.
Maybe you don't know what you're doing.
> I'd say that non-hypothetically speaking, they were trying to stay on Microsoft's good side and coming up with a lame fucking excuse to do so.
I'd say that you don't know what you're talking about.
> Someone on this thread mentioned that chromebooks have a button. When pretty much the lowest-cost point in the market can do it....
Except Google are able to precisely define what a Chromebook looks like - if you don't manufacture to Google's specifications, you don't get to ship ChromeOS. Which, if Google were to dominate the market, would probably be the point where you'd decry them as behaving in anticompetitive ways.
Microsoft have to perform an interesting balancing act. Vendors will adhere to the Windows hardware certification requirements because it saves them money per-unit. Microsoft can demand new firmware features because that's a one-off cost per new platform. Hardware features cost per unit, and if they push that too far it's cheaper for manufacturers to tell Microsoft to fuck off and market their hardware without the Windows sticker. That's simply not an option in the ChromeOS market. You can't compare them.
> Yes they do.
So cool you don't know what you're talking about.
> I wonder how many of those lawyers have ever tried to install linux with secure boot turned on.
Linux distributions having fucking dreadful installers really isn't what determines whether something is an antitrust violation or not. Linux distributions not being able to get their shit together sufficiently to get things signed isn't either. Canonical, Red Hat and Suse (and a wholehost of smaller distributions and specialised products) have managed to deal with this.
> That certainly explains the apologetics.
I've also done pretty well out of OpenStack, but I'd be the first to admit that it's dreadful.
I triple checked on two computers to be sure. Nada. Maybe go fuck yourself.
>I'd say that you don't know what you're talking about.
And I'd say you should stick to low level coding and not comment on the economics of competition and the contents of the US vs. Microsoft dockets... unless you are an antitrust lawyer, an economist AND a kernel hacker?
Thought not.
>Except Google are able to precisely define what a Chromebook looks like
So a single switch is monstrously expensive unless Google mandates it, in which case it's not a problem.
>So cool you don't know what you're talking about.
Jesus Christ you are so fucking lame.
>Linux distributions having fucking dreadful installers really isn't what determines whether something is an antitrust violation or not.
It's the FIRMWARE's job to tell you that it's "saving you from yourself", not the installers.
>Linux distributions not being able to get their shit together sufficiently to get things signed isn't either.
Canonical, Red Hat and Suse (and a whole host of smaller distributions and specialised products) have managed to deal with this.
Funny. I tried installing (the latest release of) Ubuntu the other day and got nothing but a cryptic error message because secure boot was turned off.
> I triple checked on two computers to be sure. Nada. Maybe go fuck yourself.
For the Thinkpad I have here:
1) Enter firmware
2) Go to security
3) Select "Reset to Setup Mode"
4) Enrol keys using UEFI SetVariable() interface
What models are you talking about? Shipping with no mechanism to do this is in violation of the Windows hardware certification requirements, and vendors falsely claiming compliance are both falsely advertising and breaching their contracts with Microsoft, so it's a pretty big deal for them to do so.
> And I'd say you should stick to low level coding and not comment on the economics of competition and the contents of the US vs. Microsoft dockets... unless you are an antitrust lawyer, an economist AND a kernel hacker?
You are an antitrust lawyer and an economist?
> So a single switch is monstrously expensive unless Google mandates it, in which case it's not a problem.
In the Windows world, if Microsoft's demands become too extreme you can ignore Microsoft, undercut your competitors and ship Windows anyway. In the ChromeOS world, you can't.
> Funny. I tried installing (the latest release of) Ubuntu the other day and got nothing but a cryptic error message because secure boot was turned off.
If Secure Boot is turned off then your inability to boot Ubuntu has nothing to do with Secure Boot.
All I've come across so far. Dells, Toshibas, a Lenovo, etc. I literally haven't seen a UI for key management at all. Ever.
MAYBE that's because it's too well hidden or maybe those machines I've looked at simply didn't have it.
>And let's say that, hypothetically, hardware vendors refused to add a physical switch that would cost a few cents extra per board
I'd say that non-hypothetically speaking, they were trying to stay on Microsoft's good side and coming up with a lame fucking excuse to do so.
That is, unless they came up with an equally good UI that didn't require a button, which is possible.
Someone on this thread mentioned that chromebooks have a button. When pretty much the lowest-cost point in the market can do it....
>Microsoft don't have enough leverage over the firmware vendors
Yes they do. If they have enough to mandate that it's written they have enough to mandate that it's written coherently. They just have every incentive to ensure that it isn't, and with a nod and a wink they can get their way.
>The number of lawyers I've found who, after having had all aspects of this explained to them, thought that Microsoft's behaviour here was anti-competitive is zero.
I wonder how many of those lawyers have ever tried to install linux with secure boot turned on.
Maybe they all thought that if the spec was kosher that's all that matters.
>I'm doing pretty well out of it.
That certainly explains the apologetics.