Linked by Thom Holwerda on Wed 21st Sep 2011 22:06 UTC, submitted by kragil
Windows After the walled garden coming to the desktop operating system world, we're currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Thread beginning with comment 490299
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Possibly very good
by TheChucklesStart on Thu 22nd Sep 2011 03:35 UTC in reply to "RE: Possibly very good"
TheChucklesStart
Member since:
2009-04-17

Or the UEFI industry could move to using a Certificate Authority like most current code signing systems do.

They could also allow you to load certificates from a USB drive for self signed code, making it harder for a malware author to put their certificate in the UEFI but making it fairly painless for a user to handle.

Reply Parent Score: 1

RE[3]: Possibly very good
by lemur2 on Thu 22nd Sep 2011 03:51 in reply to "RE[2]: Possibly very good"
lemur2 Member since:
2007-02-17

Or the UEFI industry could move to using a Certificate Authority like most current code signing systems do. They could also allow you to load certificates from a USB drive for self signed code, making it harder for a malware author to put their certificate in the UEFI but making it fairly painless for a user to handle.


I'm not sure if this would work, or not. How would it still be impossible for a blackhat author to self-sign their malware rootkit?

If it can work, and it could be possible to make it fairly painless for a user to boot self-signed code, and the industry doesn't do it ... then the concerns expressed by the author of the original article would be shown to have been completely valid, would they not?

Reply Parent Score: 2

RE[3]: Possibly very good
by Lennie on Thu 22nd Sep 2011 09:16 in reply to "RE[2]: Possibly very good"
Lennie Member since:
2007-09-22

The CAs is actually what they are using.

The question is obviously, what happends when a CA makes a mess of it.

Reply Parent Score: 2