As Purism recently discovered, laptop makers can choose to have their hardware boot without looking for a digital firmware signature at all. The fusing of the processors can be set by the motherboard manufacturer to simply bypass the check. Purism's crowdfunded Librem 15 laptop will ship with a modern Intel CPU fused to run unsigned BIOS code.
In other words, Intel and Boot Guard don't absolutely require hardware manufacturers to lock the computer to only using manufacturer-signed firmware, but every major PC maker does anyway.
Want to stay up-to-date on Linux, BSD, Chrome OS, and the rest of the World Beyond Windows? Bookmark the World Beyond Windows column page or follow our RSS feed.
It's all a big conspiracy, right? Not exactly
It can be tempting to see this as a big conspiracy. These big corporations--Intel and hardware manufacturers--are preventing us from running the software we want to run on our own computers, as if we were using some underpowered, locked-down Surface RT instead of a powerful PC we're supposed to have control of.
And sure, that's true, but Boot Guard does help secure the UEFI firmware and protect against malware that infects the boot process. Intel and PC OEMs aren't out to crush free software and prevent open hardware. The truth is more mundane--Intel and hardware manufacturers prioritize tighter security for the masses over the proprietary firmware concerns of a few.
But, to their credit, Intel does allow PC manufacturers to configure the hardware in a different way. The real way to get that open hardware seems to be to build it from scratch and make the right decisions along the way, as Purism is trying to do. If you want this sort of open hardware, be prepared to vote with your wallet. Taking existing PC laptops and trying to bend them into open hardware--as Gluglug does with the Free Software Foundation-endorsed Libreboot--doesn't seem to be an option anymore.
Sign up for CIO Asia eNewsletters.