UEFI Secure Boot

To: Maiko Takemoto <maiko@unicred-campinas.com.br>
Cc: debian-user-portuguese@lists.debian.org
Subject: UEFI Secure Boot
From: Debiminho <debiminho@gmail.com>
Date: Fri, 27 Jan 2012 15:08:02 +0000
Message-id: <[🔎] CAPu1e-H99YrG3haURVa47+oDjdWpEcN92YopcpJ55hwo8SAtFQ@mail.gmail.com>

2012/1/24 Maiko Takemoto
>
...

> O bloqueio funcionaria por meio de uma certificação exclusiva durante a inicialização do sistema, que usaria uma medida de segurança chamada de “UEFI secure boot”. Isso significa que para instalar um novo SO, o dono do computador precisaria ter uma chave para desativar essa função. Conforme a notícia do Software Freedom Law Center, esse bloqueio foi confirmado para máquinas que usarem arquitetura ARM.
>

"future establishment of an operating-system-neutral and
vendor-neutral certificate authority to issue keys to third-party
hardware and software vendors."

"If vendors ship their systems in the setup mode and provide a means
to add new KEKs to the firmware, those systems will fully support open
operating systems while maintaining compliance with the Windows 8 logo
requirements."

"In the absence of the establishment of a trust model, we therefore
recommend that non-verifying external media be able to boot and import
either a signature or KEK from the media with a present user
acceptance check. In order to make this operation simple for the
platform owner, this import with present user check should not require
that the imported key be signed by the PK."

www.linuxfoundation.org/sites/main/files/lf_uefi_secure_boot_open_platforms.pdf

"Unfortunately, the current implementation recommended for secure boot
makes installation of Linux more difficult and may prevent users from
modifying their own systems. So, we recommend that secure boot
implementations are designed around the hardware owner having full
control of the security restrictions."

Canonical and Red Hat,
http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf

> Apesar de a arquitetura ARM ser, majoritariamente, usada apenas em dispositivos portáteis, o bloqueio de instalação de outros SOs nesses dispositivos com Windows 8 abre precedente para a mesma prática em computadores com processadores "tradicionais".
>


Isto vai ser implementado em projectos como o
http://projects.goldelico.com/p/gta04-main/
?

Tradicionais vale a pena verificar,
http://www.coreboot.org/Supported_Motherboards
http://www.coreboot.org/ARM

Reply to:

Prev by Date: OffTopic: Confirmado: Windows 8 bloqueará uso de Linux em máquinas com arquitetura ARM
Next by Date: RE: OffTopic: Confirmado: Windows 8 bloqueará uso de Linux em máquinas com arquitetura ARM
Previous by thread: OFF: Re: Confirmado: Windows 8 bloqueará uso de Linux em máquinas com arquitetura ARM
Next by thread: Antikrizes piedavajums :D
Index(es):
- Date
- Thread