Linked by Elv13 on Sun 17th Jun 2012 10:35 UTC
Hardware, Embedded Systems "The UEFI secure boot mechanism has been the source of a great deal of concern in the free software community, and for good reason: it could easily be a mechanism by which we lose control over our own systems. Recently, Red Hat's Matthew Garrett described how the Fedora distribution planned to handle secure boot in the Fedora 18 release. That posting has inspired a great deal of concern and criticism, though, arguably, about the wrong things."
Permalink for comment 522547
To read all comments associated with this story, please click here.
WereCatf
Member since:
2006-02-15

The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.


Way to misunderstand everything. I wonder which rock you've been living under.

You see, SecureBoot is controlled by a single entity with absolute power over it, there is no standardized way of creating keys when needed and no design committee to oversee its development. Since it is controlled by a single entity Microsoft can simply refuse to accept requests for keys on a whim. This is a clearly anti-competitive move designed to make using non-Windows operating systems much more difficult.

There is nothing wrong per se in trying to protect a system against boot sector viruses, but it should be made in such a way that there is a documented path for creating new keys via some form of a standards body consisting of multiple entities, and there should similarly be a clearly documented standardized way of disabling SecureBoot. Why a standards body then, you ask? Well, so that multiple entities can strutinize the proposals, to point out flaws and possible improvements that a single entity managing it would possibly miss, and to ensure cross-platform compatibility and end-user benefit.

The solution is to fix it not to cry about it. An openbios that can be locked is a solution.


No, it is not. You cannot e.g. expect IT personnel to install Openbios on every single device they may have to fix.

The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.


How would that protect against boot-sector viruses? If the write switch is off then it protects against no viruses, and if it is on the whole disk can only be used for reading stuff, ie. it would be inherently useless, ergo everyone would just keep it switched off -> no protection.

Reply Parent Score: 6