On Fri, 23 Sep 2011 02:56:55 PM Jason White wrote:

I agree with your assessment. I think Matthew Garrett's point, if I understand it correctly, is that some, but not all vendors will implement the minimum necessary for Windows compliance and hence not include the option to disable secure booting. Given his vast experience of what BIOS writers do, I'm strongly inclined to give weight to that prediction.

I agree - read this, taken from a follow up blog of his: http://mjg59.dreamwidth.org/5850.html # We became aware of this issue in early August. Since then, we # at Red Hat have been discussing the problem with other Linux # vendors, hardware vendors and BIOS vendors. We've been making # sure that we understood the ramifications of the policy in order # to avoid saying anything that wasn't backed up by facts. These # are the facts: # # * Windows 8 certification requires that hardware ship with UEFI # secure boot enabled. # # * Windows 8 certification does not require that the user be able # to disable UEFI secure boot, and we've already been informed by # hardware vendors that some hardware will not have this option. # # * Windows 8 certification does not require that the system ship # with any keys other than Microsoft's. # # * A system that ships with UEFI secure boot enabled and only # includes Microsoft's signing keys will only securely boot # Microsoft operating systems. ..in fact the system will only boot Windows 8 or later (unless MS do special releases of earlier Windows with a signed boot loader). So yes - systems that will only be able to boot MS Windows 8 are on the way for the consumer market (unless blocked in some way). cheers, Chris -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC This email may come with a PGP signature as a file. Do not panic. For more info see: http://en.wikipedia.org/wiki/OpenPGP