I’m gonna need an explanation how anything could prevent me from just formatting the drive and doing what I want, barring the use of proprietary hardware.
Forced SecureBoot with only MS keys and no way to install user-signed keys and no Linux shim would block non-Windows OSes from booting.
Basically, Pluton functions similar to how mobile devices function in terms of locked bootloaders.
AFAIK the only devices currently produced which actually use Pluton are Surface devices though, and if it’s not being implemented as intended, it’s just seen as a generic TPM by other OSes.
Proprietary hardware, like opaque bioses that can only be updated with signed, proprietary blobs? The bios that’s in charge of picking something to boot from from storage? The bios that can decide which bootloader is allowed through digital signatures? The signatures that are only valid if their public key is registered in the bios? The proprietary, opaque bios that decide which bootloader’s signature is valid through keys it can restrict?
Yeah, it’s all coming together. Always has been. Joking aside, I’m still surprised this whole “fully locked bios” didn’t take off. And I’m glad for it.
I’m gonna need an explanation how anything could prevent me from just formatting the drive and doing what I want, barring the use of proprietary hardware.
Forced SecureBoot with only MS keys and no way to install user-signed keys and no Linux shim would block non-Windows OSes from booting.
Basically, Pluton functions similar to how mobile devices function in terms of locked bootloaders.
AFAIK the only devices currently produced which actually use Pluton are Surface devices though, and if it’s not being implemented as intended, it’s just seen as a generic TPM by other OSes.
For anyone wondering what Pluton is: https://learn.microsoft.com/en-us/windows/security/hardware-security/pluton/microsoft-pluton-security-processor
Pluton as TPM: https://learn.microsoft.com/en-us/windows/security/hardware-security/pluton/pluton-as-tpm
Proprietary hardware, like opaque bioses that can only be updated with signed, proprietary blobs? The bios that’s in charge of picking something to boot from from storage? The bios that can decide which bootloader is allowed through digital signatures? The signatures that are only valid if their public key is registered in the bios? The proprietary, opaque bios that decide which bootloader’s signature is valid through keys it can restrict?
Yeah, it’s all coming together. Always has been. Joking aside, I’m still surprised this whole “fully locked bios” didn’t take off. And I’m glad for it.
I’m pretty sure that unless you use some unusual SBC, all your computer parts are proprietary hardware.