Hello Doug, Doug <dmcgarrett@optonline.net> wrote: > I think you understand this INcorrectly! He does not. >If _I_ understand it, You don’t. > the > machine will not boot anything that is not signed with the key, You can add any keys you want to that. UEFI is simply a framework, and because most computers will want to run Windows, the key used by Microsoft will be included in most computers. You might want to read the link in the OP’s post (http://mjg59.dreamwidth.org/12368.html) to understand this better. > unless you go to the bios and disable the UEFI--which may be made > difficult on purpose, I would guess. It is probably not more difficult than changing the default boot device. > Note that this will make bootable CDs and useful things like partition > managers impossible. Not impossible. > Thank Microsoft! Thanks indeed to Microsoft and all others, because now, we can make sure that the kernel we want to boot is actually the kernel we installed and not something introduced by a third party/attacker. Best regards, Claudius -- stab_val(stab)->str_nok = 1; /* what a wonderful hack! */ -- Larry Wall in stab.c from the perl source code http://chubig.net telnet nightfall.org 4242
Attachment:
signature.asc
Description: PGP signature