Now I am confused. The first thread in the comments section here suggests that you can't use your own keys.
Seems like the NSA is behind all this shit. Cononical can eat shit with its Ubuntu... I wont use it.
MS loses sales if people building their own systems don't buy a retail copy of Windows.Making other OSes a pain to use? Why? If anyone is going to ship OEM systems with Linux pre-installed - the only case in which Microsoft loses sales
Things like SecureBoot are designed to help keep it that way.Microsoft, at this point, Linux on general-purpose consumer PCs is not a mortal enemy; it's an irrelevance.
How convenient...Microsoft supports Secure Boot for precisely the purpose it claims to support Secure Boot - to reduce the threat of boot sequence malware. Does Secure Boot as designed have some problematic consequences for alternative OSes? Yeah, it does.
I really want to know if one ubuntu dev really tried what they want to do. it does not matter if they add a menu to efilinux loader, when you read the purpose of it you could get rid of it as well as linux efi stub would do as well - but then you would sign the kernel.
This is just ridicolous.
It's important to realize I'm not giving my personal opinion of how desirable this is from my point of view, because I thought that pretty much goes without saying: of course, for anyone who actually runs Linux on generic PCs, secure boot is going to be something of a pain and our lives would have been easier without it.
What I'm trying to make clear is that there is a huge, giant, gigantic, massive gulf between 'this thing kind of sucks for us' and 'OH MY GOD IT'S AN EVIL MICROSOFT CONSPIRACY QUICK SUE THE BASTARDS'. Both in fact - because it's important to understand how things get the way they are instead of just complaining about it - and in a legal perspective. You can't just go to a court and say 'hey, Microsoft did something that's inconvenient for me, find them guility and fine them ONE BEEEEELLLION DOLLARS'. It just doesn't _work_ that way. It's easy to throw that kind of crap around on a comment thread, but doing so isn't achieving anything. It's always important to know where you stand and what the limitations of your position are.
It's much less useful to sit around yelling MICRO$OFT IS EVIL over and over like it's 1996 or something than it is to recognize the realities of today's industry. The general-purpose consumer PC is a dying market; it's not the future of anything, there is nothing interesting about it to Microsoft or really to anyone else. The Windows vs. Linux days, as we knew them a decade ago, are _over_. That war is done. Microsoft won it, move on. No force on heaven or earth is going to magically make the generic x86 desktop PC a growth market of vital importance to the future of our industry any more. If you missed the last decade of smartphones and tablets and app stores and HTML5 now would be an *ideal* time to catch up, because you're missing a lot.
The desktop PC is now a dull legacy device which will hang around forever in just the same way as mainframes have - it'll be in places it's been for decades, doing useful stuff, because it's not worth the bother to replace it. But it's not a sexy growth market any more, it's just a dull mature one that Microsoft gets to service because no-one else is in a position to (I'm talking about the majority here). Microsoft isn't thrilled about this - have you seen their share price lately? Their ongoing desperate efforts to move into new sexy markets like consoles and music players and cellphones and tablets? Do you never wonder what the hell that's all about? Think about it.
So as I said: it's important to actually _understand_ what's going on. Microsoft isn't fighting Linux on the desktop any more; it doesn't have to. That war's over and done. Microsoft's approach to the desktop computer market now is to try and service its existing customer base, which will dwindle modestly and steadily, as efficiently as possible. It does not give a shit at all, in a positive or negative way, about anyone else in that market. It just doesn't care. That's the key thing to understand about this whole brouhaha: Microsoft's perspective isn't 'let's design something to shaft alternative operating systems'. Microsoft's perspective is 'let's see how we can get as much money as possible as efficiently as possible out of our existing customers in this segment'. There is no consideration of alternative OSes in their position, no active malicious intent towards them: the inconvenience that we're going to suffer from secure boot and things like it is simply a _byproduct_, not an active attack. (I did see one interesting perspective on Secure Boot today, btw, which I hadn't previously considered - someone pointed out that, as well as the actual security consequences of Secure Boot, it may well go a long way to shutting down the loophole which is used to pirate Windows 7. Just about all cracked versions of Windows 7 are cracked via bootloader exploits; Secure Boot will make that much harder. If you really insist on an explanation for Microsoft's enthusiasm for Secure Boot besides, well, security, then shutting the piracy loophole seems like a much more plausible one than attacking alternative OSes. Microsoft loses _far_ more money to piracy than it does to alternative OSes. Of course, if that perspective is true, it means Microsoft would rather want Secure Boot to be mandatory not optional, which would be very bad for us if they try and force it later).
None of this is intended to 'excuse' Microsoft, or anything like that. That's not what I'm saying. The point of what I'm saying is that to deal with a situation you have to accurately recognize what forces produce that situation, not just idly fall back on your default explanation from ten years ago without actually considering if it really still holds. That just doesn't work.
http://mjg59.dreamwidth.org/12368.html - explicitly mentions user enrolment of keys - "The first is for a user to generate their own key and enrol it in their system firmware." - and I'm pretty sure Matthew has talked in more detail about it in the comments to that post and newer ones. Maybe check through those, rather than posts from last year.