Linked by Thom Holwerda on Wed 21st Sep 2011 22:06 UTC, submitted by kragil
Windows After the walled garden coming to the desktop operating system world, we're currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Permalink for comment 490384
To read all comments associated with this story, please click here.
RE[3]: Comment by ronaldst
by amadensor on Thu 22nd Sep 2011 19:05 UTC in reply to "RE[2]: Comment by ronaldst"
amadensor
Member since:
2006-04-10

Solution: Create a non-free, open source signed bootable CD whose only function is to insert new keys into the UEFI. That one CD can be signed, and each machine owner can generate their own private key (easily automated) and as part of the install process, the software is signed with the key specific to that person, no keys public to leak, and yet everyone has the keys needed to modify the hardware and hopefully this can comply with GPL3.

Install goes like this:

1: Run special key maker CD, which inserts the key into the chip and puts it on a flash drive.

2: Run the installer which grabs the key from the flash drive and signs the install.

3: Pull out the USB drive so that malware can't grab it.

When you want to tweak the boot loader, or install something that needs to be signed, you plug in the flash drive just during that install's signing process. Physical security to reduce the window of opportunity for malware to get your key.

Reply Parent Score: 1