+1, hardened boot is something we will address eventually with MBR and BIOS viruses on the rise again. Makes sense for MS to push In this direction and Intel/AMD aren't going to lock down that hardware to anything else.
Your $200 Dell from Best Buy might, but that will be part of the subsidy from MS. Meh.
Reminds me of when apple switched to intel hardware and it was believed that you couldn't boot windows. Throw some money after it and people will find a way.
I blame Intel. Its time for x86 CPU that drops all of this compatibility nonsense. Imagine something crazy like x86 bootstraping in protected (or long) mode.
real 16 bit? gone
virtual mode? gone
MSR? gone
CRx? gone, btw wtf happened to CR1?
Im sure MS would be onboard (if not extatic) with CPU that can run only the newest version of Windows. Linux would happily adapt in couple of weeks. There is maybe <1% of computers with CPU ever touching this swamp of cruft and hacks outside of bios/bootloader.
The moment systems like TPM and secureboot were added it stopped being our hardware. We said as much back then, sabotage like described here show that analysis was right.
There is nothing that can be done as long as there is a processor duopoly that follows these ms requirements.
Seems to be the case. There are laptops manufactured 2-3 years ago using 7th gen Intel, which isn't making the cut. Maybe MS will back off after all the corporate IT people start bitching about their laptops.
The really interesting bit IMHO is in the comments, where Brian quite bluntly states that Intel merely provides the tools that system manufacturers (ie. Lenovo and so on) want.
So while Intel could make a principled stand here (in favor of end-users), it's ODMs/OEMs that have to work with primarily. CPUs directly bought by end-users are probably a pretty minor part of their revenue, too.
[edit to add:] Of course, I'd still prefer them to get rid of Verified Boot, and have OEMs decide between Measured Boot or no verification at all.
There's another insane thing I've recently heard about - that Intel intends to lock the OS to their own (new) chips, and you can't dual-boot or install another OS. If they do this, yes I expect them to say that "the OEM has the choice" to allow for dual-booting or whatever, but I bet you 90 percent of PCs will be locked to Windows, when this arrives on Windows machines:
Also, people are underestimating how much Microsoft and Intel keep doing to break core features of their platforms. They've shipped some truly awful breakage in storage interfaces and power management in recent years: poorly thought-out incompatible changes with little or no public documentation, shipped by OEMs in a state that doesn't even work well enough with Windows to justify all the trouble.
Getting coreboot running on the Facebook motherboards would be a nice next step. It's probably not feasible for the Intel boards due to NDAs, but AMD is probably game.
However, MS makes it very difficult to acquire and manage those products. Generally speaking, you must buy their embedded products with a motherboard/cpu purchase from an authorized vendor.
MS business strategy basically mandates that a whole class of "single purpose" customers can't / won't buy via the way MS wants to sell it.
If you try to mandate that the mall buy your special (expensive) motherboard/XPe combo you will generally make no sales. Therefore the default becomes that your customers just go buy "whatever computer they can that matches specs" and run that. Hence you wind up with tens of millions of devices that aren't supported anymore.
One aspect of this I wondered about at the time is that it happened in the wake of Meltdown/Spectre. Ideally it required AMD/intel to produce new microcode for their CPUs and motherboard manufacturers to produce new BIOS firmware for all applicable boards if you wanted to reduce risk before the OS can upload firmware. Presumably everyone wanted to avoid the tech site headlines about patches to workaround vulnerabilities reducing performance in their products, and they don't want "knows enough to be dangerous" geeks staying unpatched so counterstrike gets 156fps instead of 123fps.
So, my guess is MS had discussions with AMD/intel on how much of their products they were willing to support for the lifespan of the OS, and likewise AMD/intel talked to motherboard manufacturers for a similar assurance as part of whatever partnership/licensing is agreed there. It's probably not helped by how on the consumer side ongoing support is a burden, they make money by selling new products.
Your $200 Dell from Best Buy might, but that will be part of the subsidy from MS. Meh.
reply