[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: the ghost of UEFI and Micr0$0ft

"Christofer C. Bell" <christofer.c.bell@gmail.com> writes:
>> Would that mean anybody who wants to build their own kernel would need
>> to buy a signing key?
> Not at all.  You can generate your own key and load it into your UEFI.
>  It's no different a situation than using self-signed ssl certs
> without buying one from a certificate authority.  There's no need to
> pay any money to anyone to use the secure boot feature.  Is it a
> hassle?  Sure, but you're not beholden to any 3rd party regardless.

Er, wait, doesn't that mean a malware author could do the same thing?

Or is entering a new key a "manual" process ("type in the 50 hex digit

Can there be multiple keys (I vaguely recall the article saying there
could only be one key [at MS's insistence]...but not sure if I really
understood what it was saying)?



We have met the enemy, and he is us.  -- Pogo

Reply to: