More Microsoft / OEM shennanigans... Unable to disable Secure Boot and re-enable CSM

[VirtualLarry]

http://www.newegg.com/Product/Produc...82E16883103925

Read the reviews and weep, people. This is the Microsoft and Apple future of computing. Locking out all prior OS versions, Linux, etc. ONLY Windows. Cheap price, but is it worth giving up your computing freedom?

Time to boycott Acer, I guess.

Locked bootloaders on devices should be illegal, IMHO.

marc f.
7/25/2014 3:06:31 PM
Tech Level: High
Ownership: 1 day to 1 week
Verified Owner


2 out of 5 eggsbios locked

Pros: fast enough
good price

Cons: Acer and Microsoft have put their greedy little heads together and locked the bios from changing to cms boot.

*It is impossible to install Windows 7 on this system*

If you want to be told what you can do with your property or contribute forcibly to their coffers, this is a good system at a good price.

Other Thoughts: new egg should post a warning about these systems

David G.
7/21/2014 9:28:59 PM
Tech Level: High
Ownership: 1 month to 1 year
Verified Owner


4 out of 5 eggsRunning Windows 7 on Mine

Pros: Good HTPC, fast processors

Cons: Windows 8.1 Core not Pro, Difficult to install Windows 7 because BIOS downgrade required.

Other Thoughts: To run Windows 7 you must flash an older BIOS and repartition to MBR format, and older BIOS is not available from Acer. Google/Bing is your friend, or upgrade to Windows 8 Pro to get Media Center. Otherwise you will have to run NextPVR or something else to make this an HTPC.

Richard L.
7/3/2014 8:36:15 PM
Tech Level: Somewhat High
Ownership: 1 day to 1 week
Verified Owner


3 out of 5 eggsANY OS other than 8.1 is NOT possible

Pros: Small package with decent specs. Pleasantly surprised when stress testing this machine. CPU states max 1.99GHz, but bursts up to 2.41GHz. I never saw 2.41, but it bounced between 2.37 and 2.39 for over an hour, never falling below 2.37.

During the stress test this machine was still very responsive. I'm not sure if that kudo goes to the processor or Windows 8.1

Cons: I ran the stress test because 30 seconds into Windows OOBE (initial setup) a memory error occurred and I had to reboot.

Typical OEM bloatware. I haven't dug into how difficult that is to remove if needed.

Other Thoughts: About me: I'm currently employed in IS as 2nd tier specialist. I've built several PC, repaired laptops and run every version of Windows since version 3.11. I've run Slackware in the late 90's and currently run Mint Debian on the primary PC and CentOS on my gateway. After hours of research I've found I'm not the only person to give up trying to install something other than 8.1

Now I'm looking to sell this and build what I want.

 

[BonzaiDuck]

http://www.newegg.com/Product/Produc...82E16883103925

Read the reviews and weep, people. This is the Microsoft and Apple future of computing. Locking out all prior OS versions, Linux, etc. ONLY Windows. Cheap price, but is it worth giving up your computing freedom?

Time to boycott Acer, I guess.

Locked bootloaders on devices should be illegal, IMHO.

I'd been apprehensive about things like this as early as M$ started "binding" OS installs to the hardware.

It was pretty reasonable and comfortable in the old days to expect "modularity" and freedom to build, modify, and OS-upgrade (or down-grade) your system.

With the mobile trend, this latest disappointment follows with it.

 

[mirageracerx]

i disable secureboot as often as i can. it causes more problems than fixes.

 

[Imaginer]

I am not sure most of the OP's understanding or the Newegg reviewers' understand how to work with Secure Boot.

It is in place so that you can have a signed OS of your choosing on there. When your typical "OEM" buyer uses or builds the PC, they have the option to disable Secure Boot, or install a SIGNED OS.

Pretty sure this has been mentioned before, and clarified.

http://www.extremetech.com/computin...t-calm-down-microsoft-is-simply-copying-apple

On an x86 Windows 8 computer, you’ll be able to sign your own operating systems (custom builds for Linux, for example), or disable Secure Boot entirely. On Windows 8 ARM computers, neither of these options will be available: You’ll have official builds of Windows 8, and that’s it.

http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot

systems certified for Windows 8 must allow secure boot to enter custom mode or be disabled, but not on systems using the ARM architecture.[42][91]

Most certainly, it is another layer of attack prevention because of master boot record viruses that may happen in the past.

http://www.zdnet.com/more-fun-with-windows-8-uefi-secure-boot-fedora-and-ubuntu-7000009292/

I did find that if I pressed the "Boot Selection" hot key (F9 on HP systems), I would then get a selection list which listed "OS Boot Manager" (that booted Windows 8), and whatever Linux Secure Boot installations were present - either Fedora or Ubuntu or both.

http://www.zdnet.com/uefi-and-secure-boot-in-depth-7000012138/

Think of it as an implementation of that floppy write lock on those floppy drives. You install an OS, and have an option to have it locked to prevent further writing, unless you unlock it to install whatever you may need in an ongoing re-fung-shui of a computer.

 

[Imaginer]

With the mobile trend, this latest disappointment follows with it.

Mobile wise, I am not going to bother with even working with a limited hardware interface, let alone loading an OS on there (end user perspective). It is also a reason why I rather not have the ARM RT variants - other than the obvious of not running anything existing I have already.

 

[Gunbuster]

Ah yes, we extrapolate the "future" of Microsoft computing from a $200 refurb Acer with a crappy BIOS.

 

[VirtualLarry]

Ah yes, we extrapolate the "future" of Microsoft computing from a $200 refurb Acer with a crappy BIOS.

Because, initially, MS said that Secure Boot would be OPTIONAL, after the big uproar that it would be coercive and anti-competitive and lock out Linux.

Now we have actual evidence that this stance is changing, and machines ARE starting to lock-out non-Windows (or even prior Windows) OSes.

 

[imagoon]

Because, initially, MS said that Secure Boot would be OPTIONAL, after the big uproar that it would be coercive and anti-competitive and lock out Linux.

Now we have actual evidence that this stance is changing, and machines ARE starting to lock-out non-Windows (or even prior Windows) OSes.

It is optional. Acer decided it shouldn't be.

But hey it is cool to bash Microsoft. I mean the $ in M$ make me cool right?

 

[code65536]

Being able to disable Secure Boot is mandatory. So there are three scenarios here...

1) Acer violated Microsoft's rules, and this issue needs to be reported to Microsoft.

2) These people don't understand how to turn off Secure Boot properly (not uncommon to see people loudly self-proclaim themselves as experts and then do some bone-headed things).

3) They're confusing UEFI boot with Secure Boot. You must be able to disable Secure Boot. However, providing a fallback legacy BIOS boot is not a requirement. This is a likely problem because UEFI boot also carries other requirements, like the boot media either be an optical disc (with appropriate UEFI boot image) or a FAT32-formatted drive. Microsoft's own DVD-to-USB tool for Windows 7 formats the USB drive as NTFS, so it's UEFI-incompatible. Also, UEFI is unsupported on a 32-bit Windows 7 (if they were trying that instead of 64-bit), and many slipstreamed/modified Windows 7 images that people find online or self-produce lack UEFI support (since they usually neglect the step to include a second UEFI bootloader when rebuilding the ISO, thus producing an ISO that's compatible only with legacy BIOS).


I think #3 is the most likely. Never attribute to malice what can be sufficiently explained by end-user incompetency.

 

[BarkingGhostar]

I never understand people buying 'namebrand' products and then expect them to be 'open'. Didn't the whole DIY PC build thing come from wanting more control over the overly locked down OEM world?

Don't like Acer and its practices? Don't buy Acer.

 

[CRCSUX]

...

3) They're confusing UEFI boot with Secure Boot. You must be able to disable Secure Boot. However, providing a fallback legacy BIOS boot is not a requirement. This is a likely problem because UEFI boot also carries other requirements, like the boot media either be an optical disc (with appropriate UEFI boot image) or a FAT32-formatted drive. Microsoft's own DVD-to-USB tool for Windows 7 formats the USB drive as NTFS, so it's UEFI-incompatible. Also, UEFI is unsupported on a 32-bit Windows 7 (if they were trying that instead of 64-bit), and many slipstreamed/modified Windows 7 images that people find online or self-produce lack UEFI support (since they usually neglect the step to include a second UEFI bootloader when rebuilding the ISO, thus producing an ISO that's compatible only with legacy BIOS).


I think #3 is the most likely. Never attribute to malice what can be sufficiently explained by end-user incompetency.

marc f.
7/25/2014 3:06:31 PM
Tech Level: High
Ownership: 1 day to 1 week
Verified Owner


2 out of 5 eggsbios locked

Pros: fast enough
good price

Cons: Acer and Microsoft have put their greedy little heads together and locked the bios from changing to cms boot.

*It is impossible to install Windows 7 on this system*

If you want to be told what you can do with your property or contribute forcibly to their coffers, this is a good system at a good price.

Other Thoughts: new egg should post a warning about these systems

Yup

The other two quotes from the op also seem to be saying no CSM is the problem not secure boot.

 

[Ketchup]

In Microsoft's offense, they never guarantee that you will be able to disable Secure Boot in every scenario:

"For most PCs, you can disable Secure Boot through the PC’s BIOS. For more info, see Disabling Secure Boot. For logo-certified Windows RT 8.1 and Windows RT PCs, Secure Boot is required to be configured so that it cannot be disabled."

http://technet.microsoft.com/en-us/library/hh824987.aspx

 

[VirtualLarry]

http://forums.anandtech.com/showthread.php?t=2393529

You can add another Acer that won't boot CSM.

 

[code65536]

Look at all these new computers without PCI slots! Or floppy headers! And all these old DDR2 modules that I have are incompatible with these new computers!

Like it or not, the world is moving to UEFI (and for some, like Apple, rather forcibly). On the software side, modern operating systems (including Windows 7 and Linux) support UEFI boot. Yes, there are apparently some hardware incompatibilities as evidenced by that link, but c'est la vie. If that dGPU problem is a bug with the UEFI (vs. a bug in the GPU's firmware), then the solution is pester Acer to fix that bug, not wish for a sweep-under-the-rug CSM.

 

[ninaholic37]

Look at all these new computers without PCI slots! Or floppy headers! And all these old DDR2 modules that I have are incompatible with these new computers!

Technology is changing too fast. When did laptop soundcards stop being SoundBlaster compatible? :thumbsdown:

 

[Imaginer]

In Microsoft's offense, they never guarantee that you will be able to disable Secure Boot in every scenario:

"For most PCs, you can disable Secure Boot through the PC’s BIOS. For more info, see Disabling Secure Boot. For logo-certified Windows RT 8.1 and Windows RT PCs, Secure Boot is required to be configured so that it cannot be disabled."

http://technet.microsoft.com/en-us/library/hh824987.aspx

Do note the RT. All x86 based PCs do allow and should allow disabling of Secure Boot if needed.

 

[Ketchup]

Do note the RT. All x86 based PCs do allow and should allow disabling of Secure Boot if needed.

Yes, the second sentence was only included to complete the heading. My stress was placed on the word "most" with the italics. Microsoft does not guarantee or insist that all x86 computers have to support disabling this. By clicking on the link, Microsoft continues with the word "most":

"For most PCs, you can disable Secure Boot through the PC’s firmware (BIOS) menus."

I suppose you could say that Microsoft is covering themselves by not guaranteeing something they don't have control over, but it does open the door for what people are claiming is being done here.

 

[VirtualLarry]

Look at all these new computers without PCI slots! Or floppy headers! And all these old DDR2 modules that I have are incompatible with these new computers!

Like it or not, the world is moving to UEFI (and for some, like Apple, rather forcibly). On the software side, modern operating systems (including Windows 7 and Linux) support UEFI boot. Yes, there are apparently some hardware incompatibilities as evidenced by that link, but c'est la vie. If that dGPU problem is a bug with the UEFI (vs. a bug in the GPU's firmware), then the solution is pester Acer to fix that bug, not wish for a sweep-under-the-rug CSM.

It seems to me to be a bit premature to eliminate compatibility with 99% of existing video cards on the market, don't you think?

BTW, it's not a "bug", it's the deliberate removal of compatibility. Most video cards, even newer ones, don't support UEFI GOP.

It's almost like eliminating compatibility with SATA, when there aren't any SATA Express drives on the market.