Because the hardware consortium may reject ANY key at any time, if they want to do it.
And MS has the power to force the hardware companies to do it. Alone this possibility is a threaten.
In theory, this a possibility but remember: Secure Boot can be disabled. Anyway, people in the Linux (Linux means the kernel) development don't care about this possibility.
Btw, did anyone talk with Linus Torvalds to find a good solution in UEFI /Secure Boot? What I mean is, in the world there are more servers running with Linux than with Windows. It is due to UNIX reliability.
Well, there is a MS key used by Linux Foundation, GRUB2, Gummiboot and EFISTUB. With EFISTUB the Linux generates a .efi image of Linux and of .efi image of initramfs in the boot partition, which is readed by the firmware.
linuxfluesterer wrote:UEFI is implemented on motherboard, but it can be overwritten, the code can be changed, because it is no more ROM.
And I am sure, MS or maybe the hardware seller will make a 'Secure Update' whenever they think, it is necessary to do. Call it 'patch', call it 'features', whatever you like it...
Impossible. Microsoft can't do that, because it requires changes in the firmware. Changes in the firmware are not trivial, because you have a lot of manufacturers and models with different firmwares.
In my case I am very content with my Core i5 combined with 8GByte Ram and ssd.
I switched off UEFI Boot, and I've got my fastest machine ever, well recognised hardware by linux. So, which benefit for me, for Linux to use Secure Boot? But in case I would boot any Windows 8 (with Secure Boot), there IS the danger, that MS will make a 'Secure Boot patch' and this could mean, I can't boot my Linux no more. This is the threaten.
Secure Boot in Linux has its advantages. You can avoid to load unsigned modules, for example. OK, nothing is perfect: it's necessary some method to solve the issues with third parties modules...
Another thing is, how to make non knowing, but interested people, who would like to test a Linux distro, when they must learn how to handle UEFI deactivation (my SL KDE Daily Build from some days ago could not boot, when UEFI is activated)? Not many of them do know about this? It's too complicated and not it is not fair. Mandatory means, what MS wants to be mandatory.
If you aren't able to enter in the setup (BIOS or UEFI), you aren't able to install any operating system.
And sorry, but if the distro in question doesn't support UEFI properly, it's the distro's fault.
The only real perspective I see for future is, that Android and Apple (iPad) will replace the market of computers with their tablets and that the customers won't need any Windows product any more. It is like always: MS is too late, sleeping (like in case with Netscape and the Internet Explorer) and now they try to prevent the customers using another product. But for me, I regret deeply, when I can't buy a new laptop in some years any more.
Generally Apple is more closed in these aspects than Microsoft. Try to install a GNU distro in iPad, for example...
With Android, it depends on the OEM. But now we have Google Nexus, and with Nexus is possible to run GNU distros like Ubuntu. There are demos with Plasma Active too.
-Linuxfluesterer (I love KDE ...)
Why do you put "I love KDE" in every posts?