Linked by Thom Holwerda on Sat 29th Dec 2012 16:37 UTC
Linux It's sad that we need this, but alas - Matthew Garret has made a list of Linux distributions that boot on Windows 8 PCs with Secure Boot enabled. Tellingly enough, the list is short. Very short. Can someone hack this nonsense into oblivion please?
Permalink for comment 546654
To read all comments associated with this story, please click here.
WereCatf
Member since:
2006-02-15

So there is something I would like to know.

As "Secure boot" uses x509 certificates (SSL cerficates like for HTTPS) what is the validity period of these keys ?

Is it 5 years, 10 years ? 15 years ?

Because sounds to me like when you start up your Windows 8 ARM device (no disabled button for Secure Boot) in 15 years it might not boot anymore ?

Turns out, it is 15 to 20 years:
http://blog.fpmurphy.com/2012/11/list-secure-boot-certificates.html

Will the BIOS/firmware check this ?

So will your PC stop booting in the future ?


It's unlikely the UEFI BIOS will enforce the expiration date simply because it does not have any way of validating the date in the settings unless it has Internet-connectivity and can make an encrypted connection to a manufacturer-mandated clock source. If the BIOS just assumed that whatever the date is in the settings is correct then it would be terribly simple for malware to render the device unbootable: just set the date to something past 2040 and reboot. Similarly, block access to the manufacturer-mandated clock source and adjust the date manually every now and then to bypass the expiration date -- the expiration method would be totally, completely ineffective.

Reply Parent Score: 4