On Tue, Feb 02, 2016 at 06:47:53PM -0500, Jason White wrote:
I would put it slightly differently. I think the security features described in the article that I cited would in fact be very effective. On the other hand, they could also be described as what in another context is called a "dual-use technology". The security benefits are undeniable, but so are the potential restrictions on the user's freedom if he or she doesn't have keys with which to sign applications.
and if the user has a/the key, that pretty much invalidates most of the security benefits - which are predicated on the machine only running code known and signed by a central authority, such as Microsoft. Or maybe a corporation locking down their own PCs. There may be some hardware that allows us plebs to install and manage our own keys, but it will be rare. Allow the general public to install keys and there will be all sorts of apps and/or dodgy web sites telling people to install this key to get your amazing dancingsheep.exe screensaver working.
There may be reasons founded in competition regulations why "secure boot" cannot be made mandatory in the x86 world; it's required by the specification, as I understand it, that the user can disable this feature. The ARM world is notoriously different, of course.
Those are business decisions, not competition regulations. There's nothing about x86 that makes it any more or less subject to competition regulations than ARM cpus - nor should there be, such laws are and should be technology-neutral. MS can't/couldn't get away with locking down existing x86 designs because there's too long a history of people being able to install and run whatever they want on them. ARM is new, has all sorts of boot-time oddities anyway, very little standardisation as yet, and can be so locked down. when the precedent has been well and truly established on ARM, x86 etc will be next. In fact, it's already starting to happen. so, now is the time to try to get the ACCC interested in such matters, before the momentum is too hard to stop. craig -- craig sanders <cas@taz.net.au>