Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Permalink for comment 490677
To read all comments associated with this story, please click here.
Good secuirty Required Future planining.
by oiaohm on Sun 25th Sep 2011 02:08 UTC
oiaohm
Member since:
2009-05-30

Right Microsoft idea here is stuffed.

Issue one you have a 5 year old machine in the future MS has lost the key so you system can be attacked. Yet OEM has locked you motherboard and is providing no more update. So you cannot update bootloader to fix problem. So when microsoft pushes out update to bootloader signed with new key your computer now dies.

Who thinks this is a good idea now?

Great. Stupid moron move. The system needs a way to insert new keys and disable old ones. Other wise its a bit like saying when you lose your door keys you cannot replace your house locks.

If you cannot disable MS better insist on a way to replace the approval key. This does get around the Grub issue. Since the Linux distributors or end users could produce there own signing pair. Yes makes installation annoying. Ie fat formated usb key with a approval key to upload before able to install the OS.

Key of course is make the only way to upload the key inside bios software.

Linux way is better not having a default key set.

Reply Score: 2