Quote Originally Posted by TobiSGD View Post
So do Apple and many Android vendors. Why is nobody complaining about them?
So why do you think that no antitrust shit will be raining when Windows 9 is released?
The only way would be if Microsoft suddenly wouldn't be a monopoly anymore. But If Microsoft will not rule the market anymore, why should the manufacturers close their products to the other players on the market.
Microsoft won the browser wars in the beginning, but look at the browsers now, in the long run there was competition. I think that the same will be with the OSes, they won the OS wars in the beginning, but we will see diversion again.

I've seen the argument that nobody care when android vendors use locked boot loaders in most secure boot discussions. Have you all forgot the outrage over those last year and the year before? Complains to the point that some vendors even changed their ways somewhat, enabling flashing and booting of unsigned stuff. Search for bootloader on ars technica for a sample of the fuss about the lockedness of android phone bootloaders. Granted, the issue is somewhat bigger there ("rooting", flashing etc, on top of signatures), but the end-issue is the same, loading stuff of your choice on your device. As for apple, It's been a constant complains about their general lockinness, the whole thing about the us dmca exception for circumventing some of their restrictions for example. The fight with apple and android vendors for the right to your own device have been raging for years with a few victories and some half-victories along the way and at least the situation on android is better as a result of that fight.

On the actual topic:
I don't see how anyone responsible for keys (like using a key from ms) would allow anyone to sign a bootloader with their key that does not check the signature of kernel (and initrd?) or that would not require that that kernel checks signatures on modules. Having a bootloader that does not check signatures should invalidate most of the purpose?

Shipping a distribution with signed chain of bootloader-kernel-initrd-modules feels like a big step towards "tivolization". It would be a sad day indeed if the we (we the "foss-comunity") would end up tivolizate our selves.