Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Permalink for comment 490680
To read all comments associated with this story, please click here.
oiaohm
Member since:
2009-05-30

Once boot key is leaked its over. Attackers will be able to breach all those systems.

So protection from boot breaching is basically gone as soon as MS loses control of the key.

Design only allows for UEFI only allows for a bootloader to be signed by 1 key not 2 or 3. The UEFI load system can contain more than 1 key to check boot loader against. So yes UEFI setup correctly where you can load extra keys in transition from one key to another would not require a disruption. Heck you could be creative and make it a one way process. When bios sees something using a newer key leave the old key behind.

You are stupid on one statement. Average PC user cannot create a core breaching virus either. The Key will return system breaches to what it is now. Basically the signing system is not about protecting the Average from the system is about protecting the elite from attacking systems. So signing there fake boot-loaders are going to be a walk in park.

Remember the people breaching the systems are already doing illegal things so breaching Microsoft to get the primary signing key is not going to worry them one bit.

Basically once the primary signing key is lost it has to be given up being used if you wish to maintain secuirty.

Basically Microsoft will be waving a big flag to a very powerful force doing this. Even with Microsofts resources I don't see them has having enough to stop it.

So if your solution is MS keeps on signing with the OLD key are you saying its suitable to leave users exposed to secuirty risk. Hello. This is unfair and wrong.

So forced upgrade of motherboards because someone at Microsoft carelessly lost a key so we force to buy more Microsoft software. Yes SUX major-ally this idea. Microsoft design is screwed for all end users.

Key update system is mandatory when design any system with key based secuirty if you wish for it to remain secure.

If this solution from Microsoft was sane there would not be this issue at all. There would be a mandatory key update system that Linux and other competitors could use. Pain in but for the competitors since installing their OS's would have extra steps ie since out box is most likely windows.

Yes Microsoft would still gain a competitive advantage this way. But not put everyone ass on the preferable chopping block when key leaks. I say when not if because I don't believe for one min it going to be if.

Reply Parent Score: 2