Re: the ghost of UEFI and Micr0$0ft
On 06/05/2012 12:26 PM, Claudius Hubig wrote:
I think you understand this INcorrectly!
He does not.
If _I_ understand it,
machine will not boot anything that is not signed with the key,
You can add any keys you want to that. UEFI is simply a framework,
and because most computers will want to run Windows, the key used by
Microsoft will be included in most computers. You might want to read
the link in the OP’s post (http://mjg59.dreamwidth.org/12368.html) to
understand this better.
I read the referenced post. It looks to me like Fedora will boot
without hassle, because they paid off Microsoft, and obtained a key,
but everything else, not having a key, will not. If I don't understand
it, then please explain in plain words how one could boot anything
else without modifying the BIOS. If you can boot anything without a
key, then what is different than what we have now? (I don't care
about modifying the BIOS, and so far I have not heard of a virus
that attacks Linux, but I'm aware that it is possible--just not worth
anyone's trouble to write, for such a small installed base.)
unless you go to the bios and disable the UEFI--which may be made
difficult on purpose, I would guess.
It is probably not more difficult than changing the default boot device.
Note that this will make bootable CDs and useful things like partition
Thanks indeed to Microsoft and all others, because now, we can make
sure that the kernel we want to boot is actually the kernel we
installed and not something introduced by a third party/attacker.
Blessed are the peacekeepers...for they shall be shot at from both sides. --A.M. Greeley