| |||||||||||||
An update on UEFI secure bootAn update on UEFI secure bootPosted Nov 3, 2011 6:41 UTC (Thu) by njs (guest, #40338)In reply to: An update on UEFI secure boot by slashdot Parent article: An update on UEFI secure boot
As I understand it, the sole point of "secure boot" is to let you run your *virus checker* at boot time, in such a way that your virus checker can't be disabled by malware.
If you don't have a securely signed virus-checker that you run directly from your boot-loader, then all this secure boot stuff is useless, AFAICT.
(Log in to post comments)
An update on UEFI secure boot Posted Nov 6, 2011 22:40 UTC (Sun) by foom (subscriber, #14868) [Link]
I was thinking it was so that a "reinstall windows" button could reliably reinstall windows from the HD, without the possibility of any rootkits getting in the way.
An update on UEFI secure boot Posted Nov 6, 2011 22:48 UTC (Sun) by njs (guest, #40338) [Link]
Good idea. I haven't seen that in any MS literature, but I haven't looked at much either. Though, "reliably" is probably the wrong word -- you could prevent a rootkit from infecting the backup partition, but it could easily trash the backup partition so that you still had to use a traditional reinstall method.
An update on UEFI secure boot Posted Nov 7, 2011 0:23 UTC (Mon) by mjg59 (subscriber, #23239) [Link]
That's something it allows, yes. But it also allows you to assume that nothing has modified system state before you start the kernel, which means that if the first piece of userspace you start is a virus checker you know that the answers it gets from the kernel can be trusted.
|
|||||||||||||