Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
Another question : if you install your own kek, don't you need to also sign your windows kernel (for example in case of a dual-boot system) ?
And in case of a dual-boot, what happens for example if an update triggered by an OS (in case the first answer is affirmative) blacklists the second one ? How do i upgrade the second one ?
Oww, questions keep piling : What happens if a kek is broken or leaked ? Or a pk ?
Are firmware writer "trusted" to write bug-free firmwares ?
Posted Sep 13, 2012 13:36 UTC (Thu) by pjones (subscriber, #31722)
It's stored in a variable, and there's an "append only" update to it. The arguments to the /call/ to update it must be signed by a key that's in KEK, which will typically include the platform vendor and MS. So basically we get updates from the CA and apply them.
Of course as a user you can completely disable that if you want, and this is still more of "the plan" than "the implementation" at this point.
> Oww, questions keep piling : What happens if a kek is broken or leaked ? Or a pk ?
Then your vendor ships a firmware update (which is signed by a different PK pair) that removes that key from PK/KEK and adds a new one in. If you're very lucky they don't trash everything else that's there.
> Are firmware writer "trusted" to write bug-free firmwares ?
We certainly expect a time period after the Windows 8 launch in which some exploits are found, but if vendors act responsibly it should taper off as bugs are fixed in individual firmwares and the reference implementation from which they are derived. That's already begun happening, actually.
Posted Oct 5, 2012 10:29 UTC (Fri) by oak (guest, #2786)
Posted Oct 5, 2012 13:59 UTC (Fri) by mjg59 (subscriber, #23239)
Posted Oct 5, 2012 15:28 UTC (Fri) by raven667 (subscriber, #5198)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds