Motherboard manufacturers are not going to start making Windows only BIOS.
Microsofts target audience isn’t the private user. It’s companies. The money they make selling their OS to private persons are table scraps compared to their enterprise licenses. Any such initiative would fuck over every single enterprise customer.
It’s been attempted in two ways.
First is secure boot. There were a handful of computers sold that did not allow disabling of secure boot, or changing the loaded keys. So it was basically essentially a Windows only computer.
More recently is there was Microsoft Windows S. This was a cheap version of Windows Home that ran on low end computers and was locked to only allow installing apps from the Microsoft store. It was possible to unlock it but as I recall it required an additional fee.
Enterprises almost all run Windows anyway so they DGAF.
Enterprises use a lot, and I do mean A LOT of custom software. Either developed in house or by others. They absolutely care.
What Microsoft does within their own OS, as the “S” version you’re talking about. That’s a non issue given you can just flash the drive and install whatever OS you want.
As for the concern that you’d somehow be unable to install another OS. Due to Secure Boot. I personally have never come across a computer that I’ve had full BIOS access to that didn’t allow disabling secure boot. Though some have been more cooperative than others. But maybe I’m just lucky.
But I’m also pretty sure there are linux distributions that support Secure Boot.
Secure Boot for what it’s intended to do, is a pretty good feature. Which is to stop unauthorized software from running before initiating your OS
So does Ubuntu, but there is a catch. Secure boot relies on signature checking, so you can manually add the signature of your OS manually to the UEFI db, but can’t do that on locked UEFI. Major Linux providers went another route, they paid Microsoft to sign a shim binary, which in turn can verify and boot the matching Linux kernels. Microsoft refusing to sign shims would be a rather crippling move, but they would get a massive backlash from that.
Isn’t secure boot signed by Microsoft anyway IIRC? I know Lenovo had their own signing too. From my knowledge, installing a secure-boot supported linux version requires a ‘shim’ to allow it, and there was an issue that came up as the keys are due to expire for older OS versions.
Of course, Secure Boot can be switched off as well. (for now)
It’s not going to happen.
Motherboard manufacturers are not going to start making Windows only BIOS.
Microsofts target audience isn’t the private user. It’s companies. The money they make selling their OS to private persons are table scraps compared to their enterprise licenses. Any such initiative would fuck over every single enterprise customer.
It’s been attempted in two ways.
First is secure boot. There were a handful of computers sold that did not allow disabling of secure boot, or changing the loaded keys. So it was basically essentially a Windows only computer.
More recently is there was Microsoft Windows S. This was a cheap version of Windows Home that ran on low end computers and was locked to only allow installing apps from the Microsoft store. It was possible to unlock it but as I recall it required an additional fee.
Enterprises almost all run Windows anyway so they DGAF.
Enterprises use a lot, and I do mean A LOT of custom software. Either developed in house or by others. They absolutely care.
What Microsoft does within their own OS, as the “S” version you’re talking about. That’s a non issue given you can just flash the drive and install whatever OS you want.
As for the concern that you’d somehow be unable to install another OS. Due to Secure Boot. I personally have never come across a computer that I’ve had full BIOS access to that didn’t allow disabling secure boot. Though some have been more cooperative than others. But maybe I’m just lucky.
But I’m also pretty sure there are linux distributions that support Secure Boot.
Secure Boot for what it’s intended to do, is a pretty good feature. Which is to stop unauthorized software from running before initiating your OS
Fedora supports secure boot out of the box
So does Ubuntu, but there is a catch. Secure boot relies on signature checking, so you can manually add the signature of your OS manually to the UEFI db, but can’t do that on locked UEFI. Major Linux providers went another route, they paid Microsoft to sign a
shimbinary, which in turn can verify and boot the matching Linux kernels. Microsoft refusing to sign shims would be a rather crippling move, but they would get a massive backlash from that.Isn’t secure boot signed by Microsoft anyway IIRC? I know Lenovo had their own signing too. From my knowledge, installing a secure-boot supported linux version requires a ‘shim’ to allow it, and there was an issue that came up as the keys are due to expire for older OS versions.
Of course, Secure Boot can be switched off as well. (for now)