Hacker Newsnew | comments | show | ask | jobs | submit login

The problem is not the availability of a free alternative. Hardware vendors could already simply choose not to implement secure boot - the default policy is a single configurable switch during the build. The problem is that vendors believe they can make more money by selling hardware that meets Microsoft's requirements. Coreboot doesn't do anything to help there.



> Hardware vendors could already simply choose not to implement secure boot

You are right, but if we had an easily installable coreboot we could just ignore whatever comes with the computer and just flash coreboot over the existing firmware.

This is basically what Linux people have been doing with Windows in the past twenty years: see that Windows is preinstalled, boot a CD, overwrite the partition table, install distro. But this was possible because in most cases the distro you chose was ready to be installed on a whatever computer you had; the same cannot be said of coreboot.

-----


> You are right, but if we had an easily installable coreboot we could just ignore whatever comes with the computer and just flash coreboot over the existing firmware.

No, you couldn't. The move to secure boot means that firmware updates are signed, because otherwise you could disable secure boot simply by pushing out a fake firmware update.

-----


> The move to secure boot means that firmware updates are signed

Does this mean that flashrom will no longer be usable? Not even on boards that allow disabling secure boot?

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: