UEFI Palladium reborn Nightmare.

[koaftder]

I don't foresee this being an issue. You don't buy a machine preinstalled with windows because you want to run linux. Linux users will buy a machine from a vendor that supports it or more often build a machine speced out with parts that mesh well with the drivers available in linux land. Worst case for those who really want to run Linux natively on a "windows only" machine would be to have a windows driver that can bootstrap the linux kernel and have it take over the system. As long as you can run code in ring 0 there isn't anything preventing anyone from doing whatever they like with their machine.

[koaftder]

People are blowing this issue completely out of proportion. Microsoft isn't requiring OEMs to ship with secure boot firmware that only allows booting a Microsoft OS nor are they providing an incentive to do so. An OEM could do that, but there is no financial incentive to do so. The consumer will be able to turn off secure boot if they choose to and configure TPM however they please to meet whatever requirements they may have.

Requireing OEMs who want to participate in the logo program to enable secure boot != uber draconian end of the world we're all gonna die scenarios. Windows will still install on machines that don't have it.

[koaftder]

The windows logo certification doesn't require or even encourage OEMs to ship devices that will only boot Microsoft products and disallow end users from configuring their products however they see fit to meet their needs. The worst case scenario being purported by the doom and gloom brigade is the least likely thing to happen. That any OEM might think it would be a good idea to limit sales by gimping their product for no financial gain whatsoever seems absurd to me.

[koaftder]

I understand that, but it does require that it supports secure booting. And given that the OEMs only ship with Windows installed, this option will be enabled by default. I can certainly see how some OEMs might not be too worried about not including a feature to disable secure booting - which sales exactly are they going to limit? They're selling Windows machines to Windows users, chances are none of their customers will even notice the difference.

An OEM would have to spend extra time to go out of their way to disable the options to enable/disable secure boot considering that they have to include that option for customers that won't be running win 8 anyway. Most OEMs don't write their firmware, they license it, why pay extra to disable a feature they know people will complain about if it's missing? The last thing a company needs is a slew of bad product reviews and pissed off geeks steering potential customers towards competitors products.

You're going to need the ability to configure secure boot and TPM to be able to properly setup a device for corporate IT environments. Laptops, netbooks, tablets, all that mess is used in corporate settings. Limiting configurability would just hurt sales.

[koaftder]

The samsung tablet running Win 8 handed out at the last Build conference had it: