An update on UEFI secure boot
Posted Oct 27, 2011 23:50 UTC (Thu) by giraffedata
In reply to: An update on UEFI secure boot
Parent article: An update on UEFI secure boot
The bootloader can tell the OS [that it was correctly signed] etc.
But the bootloader can lie to you in "secure boot":
Not quite. The bootloader can't tell the OS that it was correctly signed and the OS can't ask. Implementing that function would be ridiculous, since the bootloader could lie. It would be like a prostitute asking a potential client if he is a cop.
That's the difference between secure boot and trusted computing. With trusted computing, the program can determine it is running on a platform the program trusts; with secure boot, the user can ensure everything running on his computer is something he trusts.
to post comments)