At a recent conference, Microsoft said that the switch to allow Secure Boot to be turned off would be optional. "Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down."

The presenter did not touch on whether OEMS can or should provide support for adding custom certificates.

Has anyone heard any more about this?

How shocking... (roll eyes)

I remember how Microsoft sold secureboot to the world by promising that it would always be possible to switch it off, and thus, not locking owners out of the hardware they paid for. How long did that promise last? For a few years and for the duration of one version of Windows (8-8.1), by my reckoning. I guess that's the extent of the respect Microsoft has for its customers.

Btw, in my opinion, secureboot is one of those over-the-top security features that 99.9% of people don't need, but a great deal of people suffer for it. There are real attacks that secureboot protects against, but those are really hardcore attacks that only the most sensitive organizations have a legitimate reason to fear and protect themselves against. When the average Windows user often has single-user login with no password, no hard-drive encryption, a very lax firewall (if any), a cheap anti-virus suite, and a very careless attitude towards security (visiting dubious websites, installing anything, hitting "agree" to anything that pops up, etc..), why on Earth does that person need SecureBoot? His computer has about a million wide-open vulnerabilities that will be much easier to exploit than the security holes that SecureBoot tries to seal.

I think that, from the very beginning, SecureBoot was all about Microsoft seeing the gloomy prospect of many more people and organizations move to alternative OSes (which is something that can happen very quickly, as soon as it reaches a critical mass), and they are trying to silently (unbeknownst to average people) introduce this lock-down mechanism. For example, think about a company that is thinking about switching all its workstations to Linux to spare on licensing costs and maintenance costs, well, currently it is just a simple matter of installing the OS on all the existing computers, but, in say 5 years, this might require buying new computers for the whole company as the current ones are locked-down. That's the dream, that's the plan for Microsoft.

And the fact that they say that OEMs "can offer no way" to disable it... Do you really think many OEMs will provide a way to disable it in newer generations of hardware? Quite unlikely, considering the current climate of patent wars where Microsoft has pretty much managed to put itself in a position where it dictates all policies of OEMs by threatening patent lawsuits.

Like it or not, Microsoft (under Ballmer's direction) will alway bulldoze their ideas through, either you like it or not, and most of the time, its a disaster (like Vista, Windows 8 etc.), but really, like what Mike said, its all about them controlling and domination to force users to how MS wants them to go.