Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Thread beginning with comment 490715
To view parent comment, click here.
To read all comments associated with this story, please click here.
Alfman
Member since:
2011-01-28

lucas_maximus,

"I won't comment on how to design such a system because I am not qualified to comment, and far brighter people than me have designed these systems."

That's fine. But I actually do have the expertise to design such systems*. I have both theoretical knowledge of and practical experience with implementing PKI. Furthermore, I have first hand experience developing bootloaders from scratch on the x86, and I know exactly what goes on there. This topic is right up my alley.

For the moment, take my word that a secure booting facility could have been implemented generically to protect from bootloader malware without hard-coding MS/OEM keys into it. Assuming I am correct, then would you agree that that the inclusion of hardcoded MS/OEM keys is suspicious of an ulterior motive?

Edit: * No insult is intended by this, it just happens to be my domain ;)

Edited 2011-09-25 13:39 UTC

Reply Parent Score: 2