Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Thread beginning with comment 490598
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Stop whining!
by Alfman on Sat 24th Sep 2011 09:13 UTC in reply to "RE[4]: Stop whining!"
Alfman
Member since:
2011-01-28

Icaria,

"Install the malware to it, bootstrapping Windows, permitting very low-level access and making it extra difficult to detect and remove. Some malware already does this."

Oh I get that, but since doing this implies root access, the system is already compromised by this point. Nothing on the system can be trusted without a deep scan of some sort which may as well include the bootloader. Whatever mechanism the malware used to load itself the first time round will work again on the next boot too.

I've already seen mainboards which lock down the bootloaders. Now I'm not sure how they determine which sectors to lock out, but something like that seems like a much simpler & effective way to protect the bootloader against tampering in an OS agnostic way.

Using PKI to solve this problem is overkill. Hard coding keys which do not belong to the owner in all systems is just evil.

Reply Parent Score: 5