Why was the user freedom (or whatever you want to call it) not written into the spec? Seems to be easy enough to do: 1. The user must be able to disable SecureBoot (but only by physical access) 2. The user must be able to install their own keys (but only by physical access) 3. UEFI must be passphrase protected, and the default must be changed by the user on first boot 4. It must be possible to do a factory reset (but only by physical access) Seems to about cover everything. So why wasn't it in the spec? It's not like you buy a Ford and the manual says "If you don't use BP fuel, we will shoot your puppy".
Hmm...actually...I strongly suspect I know why it wasn't written into the spec. It was done to protect revenue, not to protect users.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Why's it not in the spec
Date: 2013-02-04 09:25 pm (UTC)1. The user must be able to disable SecureBoot (but only by physical access)
2. The user must be able to install their own keys (but only by physical access)
3. UEFI must be passphrase protected, and the default must be changed by the user on first boot
4. It must be possible to do a factory reset (but only by physical access)
Seems to about cover everything. So why wasn't it in the spec? It's not like you buy a Ford and the manual says "If you don't use BP fuel, we will shoot your puppy".
Hmm...actually...I strongly suspect I know why it wasn't written into the spec. It was done to protect revenue, not to protect users.