Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Permalink for comment 490714
To read all comments associated with this story, please click here.
Member since:


"You need to read the the full extent of the protection. Boot loader validates everything else above it. Mandatory secure boot would not be a major annoyance as long as you can add the keys for your recovery LiveCD so yes just a minor annoyance. But yes if it left the way it is your recovery LiveCD could be worthless so a major annoyance. No system recovery without ripping harddrive out fun."

I think the threat of bootloader malware is rather exaggerated but I don't deny that it could be helpful in some cases and I don't mind such a feature being added *generically*. As you've said, what is controversial is hard coding MS/OEM keys into the system firmware, such that microsoft/OEMs will be the gatekeepers of this feature. Windows will be trusted by defacto, all other OSes will be hit and miss.

Also, for all the reservations linux users may have, they are the 800 pound guerrilla in comparison to some homebrew OS projects whose chances of getting their binaries signed by hardcoded MS/OEM keys are virtually nil.

Edited 2011-09-25 12:54 UTC

Reply Parent Score: 2