Paladium/Trusted Computing part 3

Story: Why some Windows 8 machines might not be able to boot LinuxTotal Replies: 2
Author Content

Sep 21, 2011
7:09 AM EDT
Microsoft isn't thinking this through. Both options of signing (MS Masterkey or OEM signing) have significant ramifications.

If MS chooses to go the MS Masterkey route and only have one key, it will be only a matter of time before that key is cracked/leaked/channeled from the great beyond and all binaries will once again run everywhere, even if the UEFI "Tivo module" can't be shut down. Lots of effort, no effect.

If MS chooses to go separate signing keys for every Windows version, it's going to be very messy. You've got Windows 8 Premium OEM, but want to install your Windows 7 Home retail licensed copy? Either MS has to provide you with a (Windows 8 key) signed Windows 7 Home retail licensed copy or tell you to just buy another computer. A new version appears? Either buy a new computer or once again a separate (Windows 8 key) signed Windows 9 copy. This scheme would certainly kill retail boxes.

If MS chooses to let OEMs do the signing... Run for the hills. Computers then really become welded shut appliances. As soon as the model you bought isn't manufactured anymore and support is EOL-ed, you're up the creek.

Whatever the scheme, costumers will be negatively impacted. This won't last long. Once the realisation sets in that the thing you just bought is a glorified toaster, only capable of running that one provided OS and providing no hassle free operation or upgrade path, the outrage will dwarf the one over Intel's processor serial number.

Also, coupling Windows with technical measures to a general purpose computer reeks a lot like illegal tying. I wonder what competition authorities have to say about that.

Sep 21, 2011
9:11 AM EDT
Quoting:You've got Windows 8 Premium OEM, but want to install your Windows 7 Home retail licensed copy?
After people refused the Vista "upgrade" and insisted on staying with XP, Ballmer et al. are probably eager to avoid a replay of that debacle.

Of course, this debacle might make that one look like a minor technical glitch by comparison.

Sep 21, 2011
10:21 AM EDT
Quoting:If a vendor key is installed on a machine, the only way to get code signed with that key is to get the vendor to perform the signing.

That means the customers no longer have control over their purchased hardware. That means customers don't fully own the hardware and only has a one time lease payment.

It sounds like "you're either with us, or against us". I say let them do that and see where it is going to take them.

This setup will probably work for MS in the US, but I surely doubt it will work in other countries. If the US OEMs go along, there are other international OEMs who will be willing to supply computers with or without UEFI secure boot protocol. This will eventually marginalize the OEMs in The US internationally.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!