Secure Boot may not be an optional feature in Windows 10

[Ian W]

A recent article by Ars Technica discussed how Microsoft may be making some changes so that OEMs may not be required to provide an option to disable the UEFI Secure Boot feature for Windows 10. This information comes from a recent set of PowerPoint slides, Building More Secure Windows 10 Devices with the TPM, distributed during WinHEC 2015 (and viewable online) that suggests OEMs will be able to prevent users from disabling Secure Boot.

Support for Secure Boot was introduced in Windows 8 as an optional feature but was made mandatory for devices running Windows RT. The feature was a source of controversy during development of Windows 8, with critics contending that the feature could potentially lock out competing operating systems. In 2011 the Free Software Foundation said that it would be "frightening and unacceptable" if devices were restricted to running only Windows because of Secure Boot, a scenario that could be made possible if the feature becomes mandatory. Additional information about the implementation of Secure Boot in Windows 8 can be found here.

Are there any Neowinians who believe that this may have negative effects on competing operating systems?

[The_Decryptor Veteran]

People with bad motherboards may be out of luck, but that's about it.

[sinetheo]

People with bad motherboards may be out of luck, but that's about it.

What about those who want to run Linux or XP?

[neo1911]

If one manufacturer allows disabling Secure boot, they may see a modest rise in sales.

[The_Decryptor Veteran]

What about those who want to run Linux or XP?

XP is so out of date it can't boot under UEFI anyway, so it runs under the CSM which automatically disables secure boot (And if the mobo maker doesn't allow for disabling secure boot, the board won't even have a CSM, so it's a moot point)

Linux users can either run a signed kernel or bootloader (Like they already do), or disable secure boot.

Like I said, it's dependent on whether or not the motherboard is bad, good ones will still let you disable secure boot and/or add signing keys.

[TPreston]

There is no conspiracy to make computers only boot windows, Secure Boot isn't a windows feature its a UEFI feature one that provides additional security for the vast majority of users the others can simply disable this feature in their motherboard.

Its sad and embarrassing that the FSF is sacrificing additional security for end users in favour of perpetuating this stupid conspiracy.

[FloatingFatMan]

I've yet to see a Linux user using an OEM built machine. They're almost always techies that build their own rigs, so this really isn't a problem.  Same applies to anyone stubborn enough to still be running XP.  You can't even buy that from an OEM anymore, so again, a non-issue.

[BajiRav]

This FUD is along the same lines as HDCP when it was introduced in Vista. There is no conspiracy to lock out "competing" operating systems.

[Rickkins]

Well, people can just use the gpt to get around this nonsense, right...???

[Ezzyb]

This is kind of silly how it gets blamed on Microsoft.

 

To get the "Made for Windows 8" label manufacturers had to offer both boot options.

 

To get the "Made for Windows 10" label they do not.  They are in no way coerced or incentivized to make computers without the option.

 

Note this does not mean that OEMs could not sell computers with Windows 8 installed and only a UEFI boot option.  They just couldn't put the label on it.

 

How is this a great Microsoft conspiracy again?