In theory Pluton enforcement platform-wide, which also includes forced SecureBoot without the ability to install user-signed keys, as well as OTA updates for that super-TPM, could block alt OSes on PC though.
Fortunately, Pluton never caught on and that hasn’t happened so far.
I’m gonna need an explanation how anything could prevent me from just formatting the drive and doing what I want, barring the use of proprietary hardware.
Forced SecureBoot with only MS keys and no way to install user-signed keys and no Linux shim would block non-Windows OSes from booting.
Basically, Pluton functions similar to how mobile devices function in terms of locked bootloaders.
AFAIK the only devices currently produced which actually use Pluton are Surface devices though, and if it’s not being implemented as intended, it’s just seen as a generic TPM by other OSes.
Proprietary hardware, like opaque bioses that can only be updated with signed, proprietary blobs? The bios that’s in charge of picking something to boot from from storage? The bios that can decide which bootloader is allowed through digital signatures? The signatures that are only valid if their public key is registered in the bios? The proprietary, opaque bios that decide which bootloader’s signature is valid through keys it can restrict?
Yeah, it’s all coming together. Always has been. Joking aside, I’m still surprised this whole “fully locked bios” didn’t take off. And I’m glad for it.
Fortunately, Pluton never caught on and that hasn’t happened so far.
I’m confused. don’t all recent AMD and intel CPUs have pluton included? I remember such an AMD announcement from ryzen 6000 and onwards, and for intel too
In a few years If authoritarian shitholes keep fucking getting their way I can see using an “unverified/ untraceable OS” to be a “national security violation”
The hole they will never plug: Not using Windows.
In theory Pluton enforcement platform-wide, which also includes forced SecureBoot without the ability to install user-signed keys, as well as OTA updates for that super-TPM, could block alt OSes on PC though.
Fortunately, Pluton never caught on and that hasn’t happened so far.
I’m gonna need an explanation how anything could prevent me from just formatting the drive and doing what I want, barring the use of proprietary hardware.
Forced SecureBoot with only MS keys and no way to install user-signed keys and no Linux shim would block non-Windows OSes from booting.
Basically, Pluton functions similar to how mobile devices function in terms of locked bootloaders.
AFAIK the only devices currently produced which actually use Pluton are Surface devices though, and if it’s not being implemented as intended, it’s just seen as a generic TPM by other OSes.
For anyone wondering what Pluton is: https://learn.microsoft.com/en-us/windows/security/hardware-security/pluton/microsoft-pluton-security-processor
Pluton as TPM: https://learn.microsoft.com/en-us/windows/security/hardware-security/pluton/pluton-as-tpm
Proprietary hardware, like opaque bioses that can only be updated with signed, proprietary blobs? The bios that’s in charge of picking something to boot from from storage? The bios that can decide which bootloader is allowed through digital signatures? The signatures that are only valid if their public key is registered in the bios? The proprietary, opaque bios that decide which bootloader’s signature is valid through keys it can restrict?
Yeah, it’s all coming together. Always has been. Joking aside, I’m still surprised this whole “fully locked bios” didn’t take off. And I’m glad for it.
I’m pretty sure that unless you use some unusual SBC, all your computer parts are proprietary hardware.
I’m confused. don’t all recent AMD and intel CPUs have pluton included? I remember such an AMD announcement from ryzen 6000 and onwards, and for intel too
It’s not implemented in custom builds and most prebuilts to my knowledge.
just give 'em time. it’s still a bit early in the game for that play
In a few years If authoritarian shitholes keep fucking getting their way I can see using an “unverified/ untraceable OS” to be a “national security violation”