Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Permalink for comment 490801
To read all comments associated with this story, please click here.
RE[6]: Bootloader anyone ?
by Neolander on Mon 26th Sep 2011 16:59 UTC in reply to "RE[5]: Bootloader anyone ?"
Neolander
Member since:
2010-03-08

From UEFI spec 2.3.1, Section 27.5 "Firmware/OS Key Exchange: creating trust relationships", there is only a single "Platform Key", which the "platform owner" (= OEM, I guess) uses to sign authorized bootable code. Once an OS is booted, it can add extra "Key Exchange Keys", which it entrusts, to the public key database.

PS : Speaking of EFI, am I the only one annoyed by the way it mandates use of Microsoft's executable formats for loadable binaries ?

Edited 2011-09-26 17:14 UTC

Reply Parent Score: 1