undefined | Better HN

0 pointseaston5y ago0 comments

Microsoft has always required (on x86, ARM is different) that for Windows logo certification Secure Boot must be able to be disabled, you must trust Microsoft’s CA and the third-party CA that they run (and that Red Hat/Ubuntu/Debian use to sign their builds) and that the user must be able to load their own keys. This means that any x86 device sold with UEFI Secure Boot can still boot Linux (or if it can’t, it’s not Secure Boot’s fault).

https://docs.microsoft.com/en-us/windows/security/informatio...

0 comments

hda25y ago

That used to be the case for x86, but not anymore: https://www.zdnet.com/article/microsoft-to-stop-linux-older-...

eastonOP5y ago

No, it's the other way around. It originally was as the article described, and once Microsoft probably got scared about antitrust (or thought about how the heck they'd buy hardware for Azure and not be able to load their own secure boot keys), they changed the procedure. As of 2015-ish, the information I linked applies (for x86).

j / k navigate · click thread line to collapse

0 pointseaston5y ago0 comments

https://docs.microsoft.com/en-us/windows/security/informatio...

0 comments

hda25y ago

That used to be the case for x86, but not anymore: https://www.zdnet.com/article/microsoft-to-stop-linux-older-...

eastonOP5y ago

j / k navigate · click thread line to collapse