Or probably better just a flip switch/jumper on the board (flashable/unflashable mode) - this is something manufacturers would go for. I really do not see a problem with this. If at the end of the day you can flash the bios directly, then there is no point to thinking of it in a physical security sense. If someone has access to the system it is insecure. Therefore, you could also just write the firmware password on the motherboard or on a sticker on the PC, and then have the user change it at their will.
I believe that we should be completely discounting Linux on SecureBoot, this is 2012, we should not be thinking of it as a "hack your system and install linux" or a follow the rules set out by verisign (who are as bad as Microsoft btw) and Microsoft. This is like buying an iPhone with the intention to run Android.... You intend to use Linux from the offset, so getting manufacturers to realize we won't buy anything we don't own if the best policy.
If you are thinking in the mentality of a user being able to download Linux take it to their local library and boot into Linux instead of Windows - this is never going to happen. Or if you are thinking there are users who are incapable of disabling SecureBoot who will be capable to know how to boot it on their system, they do not exist. These users will most likely be using iPads or in the future windows on arm. Companies using Linux will be able to create their own sets of keys/disable secure boot.
You need to forget about this and start concentrating on people buying free software/open computers with Linux pre-installed.
I for one will be moving away from using Fedora if it starts to support this structure of hierarchical forced trust. This would include even a Fedora or free software signing key.
Re: firmware/hardware-level password protection as an alternative
I really do not see a problem with this. If at the end of the day you can flash the bios directly, then there is no point to thinking of it in a physical security sense. If someone has access to the system it is insecure. Therefore, you could also just write the firmware password on the motherboard or on a sticker on the PC, and then have the user change it at their will.
I believe that we should be completely discounting Linux on SecureBoot, this is 2012, we should not be thinking of it as a "hack your system and install linux" or a follow the rules set out by verisign (who are as bad as Microsoft btw) and Microsoft. This is like buying an iPhone with the intention to run Android.... You intend to use Linux from the offset, so getting manufacturers to realize we won't buy anything we don't own if the best policy.
If you are thinking in the mentality of a user being able to download Linux take it to their local library and boot into Linux instead of Windows - this is never going to happen. Or if you are thinking there are users who are incapable of disabling SecureBoot who will be capable to know how to boot it on their system, they do not exist. These users will most likely be using iPads or in the future windows on arm. Companies using Linux will be able to create their own sets of keys/disable secure boot.
You need to forget about this and start concentrating on people buying free software/open computers with Linux pre-installed.
I for one will be moving away from using Fedora if it starts to support this structure of hierarchical forced trust. This would include even a Fedora or free software signing key.