Linked by Thom Holwerda on Thu 3rd Nov 2011 19:34 UTC, submitted by lucas_maximus
Hardware, Embedded Systems A big issue right now in the world of operating systems - especially Linux - is Microsoft's requirement that all Windows 8 machines ship with UEFI's secure boot enabled, with no requirement that OEMs implement it so users can turn it off. This has caused some concern in the Linux world, and considering Microsoft's past and current business practices and the incompetence of OEMs, that's not unwarranted. CNet's Ed Bott decided to pose the issue to OEMs. Dell stated is has plans to include the option to turn secure boot off, while HP was a bit more vague about the issue.
Thread beginning with comment 495826
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: Comment by Soulbender
by Neolander on Fri 4th Nov 2011 07:42 UTC in reply to "RE[6]: Comment by Soulbender"
Neolander
Member since:
2010-03-08

Hi,

Did you have a look at the proposal made to the UEFI standards body to allow installing new signing keys from live media ? It's linked to somewhere in the first 30 comments of this article. Although not yet full user control on keys (can users revoke the Microsoft key if they want to ?), it would already be something...

Reply Parent Score: 3

RE[8]: Comment by Soulbender
by Alfman on Fri 4th Nov 2011 17:44 in reply to "RE[7]: Comment by Soulbender"
Alfman Member since:
2011-01-28

Neolander,

I think there are a number of possible remedies, the Linux Foundation's suggestion is good but toothless. Prompting the user about new media keys is good for choice, but admittedly somewhat dangerous. Ideally there needs to be a mechanism where a user can easily explicitly define the chain of trust (like going into the BIOS and configuring it), but accidental approval (like a y/n prompt) might be avoided. Of course now that the spec and windows certification requirements are in place, there isn't much room left for re-engineering.

The only engineering reason not to explicitly put the owner at the top of the secure boot trust model is for DRM. Either the engineers failed to anticipate the user restriction/control issues (in which case they deserve to loose their jobs), or they knew exactly what they were doing (in which case they knowingly committed a huge disservice for the personal computing community).

There is one subtle, but major technical issue with the current spec which means OEMs won't be able to transfer control over shared OEM platform keys to individual end users even if they wanted to in the future (using the mechanisms in the spec). Resetting the PK requires the a token signed by the old private platform key, however this token would be effective on any system, which means whoever possess this reset token could incorporate it into malware and therefor compromise the secure boot security of every other computer sharing the same platform key. This ultimately means OEMs will not be able to release PKs in the future unless they explicitly engineer some alternate backdoor mechanisms up front.

Hopefully there is enough public criticism to make a difference and force secure boot to be fixed.

Reply Parent Score: 4