LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Simple solution

Simple solution

Posted Sep 20, 2011 21:02 UTC (Tue) by Cyberax (✭ supporter ✭, #52523)
In reply to: Simple solution by dskoll
Parent article: Garrett: UEFI secure booting

There have not yet been really aggressive pushes to lock down Wintel PCs.

For one thing, a secure OS with memory protection has become mainstream only 10 years (WinXP) and prior to this any attempt to lock down PC had been an exercise in futility. Besides, at that time users had not yet been conditioned by Apple that walled gardens are acceptable and good (remember outcry about Palladium).

Then there's a question of signed kernel-mode code and privileged processes - it has been successfully solved by Vista and Win7. EFI or BIOS with TPM support already allow to have completely trusted boot chain.

So the only small component is to forbid running of unsigned userspace code. That's what Microsoft is going to do.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds