Linked by Thom Holwerda on Fri 13th Jan 2012 16:20 UTC, submitted by moondevil
Windows And so the war on general computing continues. Were you looking forward to ARM laptops and maybe even desktops now that Windows 8 will also be released for ARM? I personally was, because I'd much rather have a thin, but fast and economical machine than a beastly Intel PC. Sadly, it turns out that all our fears regarding UEFI's Secure Boot feature were justified: Microsoft prohibits OEMs from allowing you to install anything other than Windows 8 on ARM devices (the Software Freedom Law Center has more).
Permalink for comment 503248
To read all comments associated with this story, please click here.
RE: A little over the top...
by Alfman on Fri 13th Jan 2012 18:38 UTC in reply to "A little over the top..."
Member since:


"Even with the Secure Boot, can't Fedora or Ubuntu just get a grub-key included on the devices so they can boot in secure mode?"

Even if the vendor is well intentioned and wants to sign loaders for it's users, secure boot becomes insecure when used in this manor. Consider that if a grub-like loader were signed, then malware would trivially install grub to load itself at boot.

It's problems like this that make "secure boot" look like it was designed to take users out of control rather than improve system security - a more apt name would be "restricted boot".

Also, keep in mind that overwriting boot loaders already implies a system-wide compromise, so it is fair to question whether "secure boot" is a security mechanism at all instead of being a user restriction mechanism.

Edit: All of my concerns would be ameliorated if the keys would always be under the control of system owners. It is my main objection to the whole scheme. There's no technical reason for security features to be under third party control, other than DRM.

Edited 2012-01-13 18:49 UTC

Reply Parent Score: 5