Linked by Thom Holwerda on Wed 21st Sep 2011 22:06 UTC, submitted by kragil
Windows After the walled garden coming to the desktop operating system world, we're currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Permalink for comment 490304
To read all comments associated with this story, please click here.
RE[3]: Comment by ronaldst
by Alfman on Thu 22nd Sep 2011 04:53 UTC in reply to "RE[2]: Comment by ronaldst"
Alfman
Member since:
2011-01-28

Brenden,

"Whether or not it's anti-user depends on who has the keys."

Precisely.

Some people here are assuming that the keys must be hard coded into the bios such that only operating systems approved by the vendors can be run. I really don't know if that is the intentions of UEFI secure boot or not...if it is, well users are screwed. Not only won't we have control, but now the security of our own computers becomes dependent upon third parties who control the master keys.

Ideally this feature should be designed to work for users rather than against us. All keys could be manageable through the bios on powerup, and then remain locked after boot so they cannot be tampered with later on. Then we could use our own individual/corporate key to sign the keys of whichever OS vendors we want to trust on our computers or lans.

Of course, for normal users, this would all be setup at the factory...but at least the control over which operating systems are allowed to run lies with us as users rather than the manufacturer or microsoft.


Also there is another risk, that even if users can manage their own keys, a powerful vendor might coerce users to delete keys of it's competitors in order to load itself. Therefor I'd hope that this feature is designed in such a way that the list of approved keys can be kept secret from discriminatory operating systems.

Reply Parent Score: 5