The way things are going, soon they're not going to make the non-locked down stuff anymore.

Obligatory XKCD.

Sandia National Laboratory did a study on growing marijuana using LEDs?!

They're making "warm white" LED Christmas lights now... but I like my "cool white" ones better anyway because my icicle lights look more like icicles that way.

The main problem with UEFI is that... it's practically a complex "pre-OS" by itself...

...I'd go with the opposite approach, *unless* a defined boot key is held down then just run whatever is defined as the standard boot option ASAP... If you *do* press the boot key and the simple boot device selection isn't enough you'd have to load an "extended BIOS" from USB/CD-ROM that could have all the other junk to give you a GUI, mouse, network, wireless, RAID etc.

If it's supposed to work "even if you used completely different... hardware" then how is it supposed to know you pressed a key (let alone find the USB/CD-ROM) without probing the hardware and loading the drivers?

; )

For a manufacturer to provide a computer with Windows 8 pre-installed, or to label their product as compatible with Windows 8, they MUST allow end-user modification of the bootloader keys.

So what does that make Microsoft Surface? A toaster?

The important thing to understand here is that we're one Microsoft policy change away from completely fucked: if ARM is allowed to be locked down, then x86 will be too. We need to be drawing a line in the sand right now, not rationalizing the issue away like frogs in a cauldron.

I don't mean to gloss over the only real use SecureBoot has: To prevent you from installing your own OSs and Applications, and having control over your own computers.

Nevertheless, you did exactly that IMO. Please allow me to reiterate for the benefit of others:

Technical solutions as proposed above are irrelevant, because the fundamental problem here is that I SHOULDN'T HAVE TO FIND A GODDAMN EXPLOIT TO RUN MY OWN CODE ON MY OWN COMPUTER!

So who decides what keys can be added to the bootloader? The end user, in the case of every x86 board.

AND WHAT ABOUT ARM DEVICES?

If such restrictions are allowed to happen everywhere, they will inevitably end up happening everywhere. The situation is already completely unacceptable!

But super-fast and super-hot motherboards of this kind are not what the digital rebel needs, IMO. He needs a small, lightweight, portable system - a tablet would be ideal, especially if it accepts external attachments like the monitor and USB. In reality all modern tablets are already suitable for the task.

Except the ARM version of Microsoft Surface, on which Secure Boot can't be disabled...

The only way to block this is to make it illegal. But I cannot imagine how you can make microcontrollers illegal today. Would I need a license to own a debugger or a soldering iron?

Maybe you can't imagine it, but RMS imagined it a decade and a half ago.

Much like 1984, it was scary then, but scarier now.

So why is it okay for the ability to turn off secure boot not to be included for non-x86 machines? That (among other things) is what's unacceptable here!

On the contrary, the corporation's legal existence is central to the issue! Groups are perfectly capable of exercising their rights of free speech and assembly without incorporating. Corporations, like copyrights, are an artificial legal construct and a privilege, and it's perfectly reasonable to impose restrictions in return for granting the benefits.

I disagree: everyone who passed high-school chemistry should know how!