A concern I've got with all this which nobody seems to have addressed where there are limitations with regards to the use of TPM and dual-booting. Through my work I find it invaluable to be able to a) either switch between a couple of different instances of Windows by choosing to boot a different VHD file, and b) roll back those instances by just rebooting and replacing that VHD file with a 'gold' image or previous snapshot. Most of the benefits of Virtual Machines but all of the speed and hardware support.
As I understand it, the OS sort of manages the TPM key store - any OS can reclaim control, but if you were to say use a dual/triple/etc boot configuration with multiple Win11 installs, the likelihood is they will forever be fighting over control of the system TPM - I can't see default disk encryption working well like that.
Add to this that if we consider dual-booting outside of a Windows environment, the UEFI Secure Boot feature requirement (which shouldn't need to be a requirement for all of the other security features to function) could also be a major headache as depending on which bootloader your attempting to use to control it, or how your system BIOS manages the different potential EFI bootloaders, it may suddenly become a lot more difficult for some to achieve such functionality. Depending on your scenario, the system BIOS/UEFI environment may:
- present to you the multiple OS's available and they actually work
- present a list of multiple OS's available and only some of them work
- present a list of multiple OS's where some entries are just garbage and maybe just one primary bootloader works
- present just one OS bootloader (usually listed as the Microsoft Windows option - even if Windows isn't installed)
I've seen all of the above scenarios from different systems all from major OEMs, and not necessarily the newer ones handling it better. Adding secure boot on top of UEFI boot to the mix in a couple of cases has introduced problems so I generally only use UEFI without secure boot.
I could almost see it being successfully argued that these requirements actually could be seen as anti-competitive behaviour - especially if systems ship with these features enabled but disabling them comes with the caveat of loosing access to boot the supplied OS as, to be honest MS's Windows EFI bootloader is great for multi-booting multiple versions of Windows but, Windows bootloader is crap at doing anything else.
BIOS programmers need to start getting their UEFI booting code up to scratch and MS better start working on making their bootloader easier to manager and chain other OS's bootloaders to it to show that they aren't trying to restrict general usage of hardware otherwise expect some states to actually push-back - the EU are always happy to spend their taxpayers hard-earned money in court.
EDIT: There's a feature for Tom's or other tech review site to look in to - dual-booting with UEFI secure boot and TPM where the OS's require it... Maybe there's a workaround where the security state of all the different Windows OS's at least can be duplicated to each boot instance - don't see that being the case for others though,
Facebook
Twitter
Instagram