16 comments

[ 11.0 ms ] story [ 147 ms ] thread
Here we go again, last time the complaint was that MS didn't force OEMs to have the ability for users to disable secure boot on x86 machines, and there were claims that one OEM wouldn't do that (curiously, the Linux folks wouldn't name the OEM though).

But the news that Microsoft has made it mandatory for the OEMs to have a disable option(even though it compromises security a bit) on x86 machines has basically been ignored, so much that posters on various sites(including this one) still erroneously claim it's not needed.

So now the witchhunt has shifted to ARM devices, with nary a mention of the Kindle Fire or the Nook tablet or various other Apple and Android devices that ship with locked bootloaders.

Looks like there is an expectation that if a device is able to run Windows, it must be able to run Linux. I don't see any practical reason for this expectation. MS might be counting on sales through its Win 8 app store to subsidize the lower licensing costs on ARM devices, and hence locks down the hardware. If anything, they're following the tablet industry trend on this. Why isn't MS entitled to the same business model that Amazon and B&N are using?

The article quotes MS on saying the user is in control of their PC. They apparently mean x86 devices. ARM devices have been broadly referred to by everyone as Post-PC devices.

Are bootloaders a bad thing? Of course there are, but this continual MS bashing while giving Apple, Amazon, B&N and the rest a free pass is getting old and monotonous.

Not all android devices are shipped with locked bootloaders. The problem with enforcing secure boot is it is too broad requirement applied to all ARM-based hardware.

edit: "applied to ARM-based hardware certified to run or running Microsoft windows". per wikipedia it looks like it is applicable to hw certified to run windows.

>The problem with enforcing secure boot is it is too broad requirement applied to all ARM-based hardware. There would be no problem if microsoft states that scope of secure bootloading is only hardware made specifically to run microsoft code.

The actual requirements are titled Windows 8 hardware certification requirements and are linked below.

http://msdn.microsoft.com/library/windows/hardware/hh748188

I see no mention that the manufacturer cannot make other ARM tablets with Android or whatever. The quote given in the article is misleading in that respect.

What you imply doesn't make sense regardless, if ASUS makes a Win 8 ARM device, they would be forced to lock the Transformer Prime's bootloader? How does that even benefit MS and "lock out" Linux? That seems be actually locking Linux in!

That(locking secure boot to be able to load specific software) is not what I meant(merely ability to turn off secure boot). I realize why secure boot is there, my concerns: 1. as a consumer I'm fully locked into business model of sw/hw providers. Think about all those android phones that are throw away now. 2. cannot do anything to device I physically own 3. hardware manufactures won't bother producing unlocked hardware(to cater those people who would like to run whatever they want on it)
What would Microsoft do if Google started demanding locked bootloaders from Android manufacturers?

What it says is that the manufacturer will have to make sure that, once you buy a Windows 8 ARM thingie, the only way to change the OS would be selling it on e-Bay and buying another. What would you say if your Dell desktop came with such a silly restriction?

>What would Microsoft do if Google started demanding locked bootloaders from Android manufacturers?

Why would they even care? They are not planning to sell Windows ARM on Newegg like they do for x86.

>What would you say if your Dell desktop came with such a silly restriction?

iPads already come with such restrictions and MS has made it mandatory on x86 devices to have a open bootloader.

ARM desktops from Dell are way far away and have a steep incline to climb since won't run Win32 x86 apps.

> Why would they even care?

I bet they would complain loudly. At least, they would before demanding the same from W8 manufacturers.

> MS has made it mandatory on x86 devices to have a open bootloader.

Unless I misread, they allowed x86 manufacturers to have open-able bootloaders and have the W8 approval seal. IIRC, no non-UEFI boxes will receive the seal.

> ARM desktops from Dell

Who said ARM desktops? I asked how would you feel if your current x86 desktop had a locked bootloader.

>I bet they would complain loudly. At least, they would before demanding the same from W8 manufacturers.

I totally lost you, why would MS care if Android forces locked bootloaders? How does that affect them in the least?

They aren't going to sell Win8 ARM in the stores, so again why would they complain? It makes zero difference to them.

iPads have locked bootloaders, how does that affect MS?

>Unless I misread, they allowed x86 manufacturers to have open-able bootloaders and have the W8 approval seal. IIRC, no non-UEFI boxes will receive the seal

Not just 'allowed', it's a requirement. How does non-UEFI boxes not getting the seal affect Linux? They aren't doing that because UEFI secure boot is a good defense against many common rootkits that load even before the OS or antivirus can.

>Who said ARM desktops? I asked how would you feel if your current x86 desktop had a locked bootloader.

There was an expectation about openness when I bought it. There will be no such thing with Win8 ARM. In fact, many users are replacing their laptops and desktops with iPads, so they seem to be okay with this.

The difference is in expectations: Apple, Amazon and Barnes & Noble all sell hardware with their respective brands (Android is there, just very well hidden) and software that's seamlessly integrated into the whole. If you bought an HTC tablet with an HTC-branded OS your expectations would be different than if you bought an HTC tablet with a Microsoft-branded OS. The same sentiment exists regarding Android-powered (and Google-branded) phones that still sport locked bootloaders. I have unlocked mine.

It's also a good decision to unlock your device - the Cyanogenmod version of Android my phone now runs is orders of magnitude faster and more stable than the stock version that came installed. I wasn't happy with the phone before the update, but I am happy now.

>The difference is in expectations

Why should MS be held to the expectations of Linux users?

It's not Microsoft, but the device manufacturer that's being held to user's expectations.

When it's a device that's seamlessly integrated with the OS, like an iPad or a Nook, users don't demand the ability to change the OS. If they can, good, but, if the can't, that's not such a big deal. If, however, the device and its software are not seamlessly integrated, like most Android-based phones, demands to be able to change the software start to appear. It will be easy to see the devices all run a single OS made by someone else. In that case, demand to be able to install something else - since hardware and software were not designed to one another - is natural. What Microsoft is doing is trying to limit user choice because they see the threat of non-Microsoft OSs in the tablet market. How much will they pay manufacturers to ship Windows 8 with locked bootloaders?

The requirement for locking is only applicable to devices which are certified by Microsoft - i.e. only hardware bearing Microsoft's logo.

In other words, Windows branded hardware is no more locked down than one with an Apple on it...and it may be less so.

Last I read the certification requirements - devices had to boot to UEFI by default but could also offer a "legacy BIOS mode." And that mode was not specified in the certification.

See my comments here: http://news.ycombinator.com/item?id=3459104

> i.e. only hardware bearing Microsoft's logo.

I scrapped the "Built for Windows" adhesives off my notebook. Can I install something else now?

> devices had to boot to UEFI by default but could also offer a "legacy BIOS mode.

I think this doesn't apply to most ARM devices. From your link "This requirement is If Implemented for Server systems and applies only if a Server system is UEFI capable." I am also not sure ARM servers have "legacy BIOSes".

You're right, the same rules should apply for everyone. The solution is simple: if a windows device with a locked bootloader is not acceptable, don't buy it. Buy android devices with open bootloaders if you want freedom to do whatever with your hardware. Moreso, buy Lemote Yeelong to guarantee the hardware specs will be open enough to adapt any OS to work on it.

ARM devices should be scrutinized because not only is Windows adopting them, but OS X also (# 1 & 2 consumer OSs). x86 requirements should be monitored also, just in case the following does not occur.

http://www.appleinsider.com/articles/12/02/07/apple_intern_t... http://semiaccurate.com/2011/05/05/apple-dumps-intel-from-la...

Blog post from 3 weeks ago, discussing topic that was already discussed here when it was actually news.

Does not provide any new insight or perspective on the issue. It's just a restatement of what others said (and does not cite them).

Submitted by a newly created account that appears to be the blog owner, and has only been used to submit blog entries.

My blog spammer sense is tingling.