Linked by Thom Holwerda on Wed 21st Sep 2011 22:06 UTC, submitted by kragil
Windows After the walled garden coming to the desktop operating system world, we're currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Permalink for comment 490314
To read all comments associated with this story, please click here.
RE: Comment from a dumb user
by Alfman on Thu 22nd Sep 2011 06:05 UTC in reply to "Comment from a dumb user"
Member since:

"They have locked bootloaders that don't permit any firmware not signed by Motorola to be installed. Is this approximately what Microsoft is looking to do now?"

Microsoft already does this with win vista/7 kernels. The owner is not free to install independent drivers without buying a one or two year signing key. It seems to be a deliberate attack against OSS in the windows kernel. Just after I was beginning to learn how to write kernel drivers, microsoft banned us from installing our own drivers on our own computers. They've hard-coded private keys.

"Looks like this 'walled garden' concept has nothing to OS security, but rather with vendor security."

Technically, it has alot more to do with bootloader security than OS security, windows will have the same flaws as before.

It prevents unauthorized bootloaders from running. However in the context of a real attack, the installation of a malicious bootloader that secure boot would help protect against suggests that the system has already been compromised elsewhere. So secure boot would be of limited security value here.

They actually tried something similar before with TCM/Palladium, which may provide insight into what they are trying to accomplish... DRM.

As much as MS might want to block out linux, I cannot imagine any scenario where microsoft would not face serious legal repercussions if they tried. So, if I may speculate, this is about extending the kernel driver enforcement all the way back to the bootloader so that kernel jailbreaking software like this cannot work:

Reply Parent Score: 3