Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Once keys start getting revoked, I bet an irrevocable shim will look pretty sweet.
still a few glitches in the system...
Posted Nov 20, 2012 22:42 UTC (Tue) by khim (subscriber, #9252)
Forget enterprising crackers... too bad he didn't distribute the Microsoft-signed shim before he was told not too. Once it's out on the internet, you can't ever take it back.
You can't ever take the [private] key back, but you most certainly can blacklist the shim thus is the end such childish behavior will just lead to troubles.
Posted Nov 21, 2012 15:12 UTC (Wed) by redden0t8 (guest, #72783)
What else has Microsoft signed with that key? Could they practically push out updates for those components re-signed with a different key, so as to ensure that blacklisting the original key wouldn't break any Windows 8 systems? What would happen to an end-user's system if the blacklist got updated before those components?
I suppose you could see it as "childish", but I see it as not covering for Microsoft's mistakes on their behalf. They made this mess, I don't feel bad for them if they have to deal with it.
Posted Nov 21, 2012 15:26 UTC (Wed) by jake (editor, #205)
As I understand it, you *can* blacklist the shim. The blacklist can either have keys *or* hashes. Put the hash of the shim in the blacklist and MS can still use their key, but that shim no longer boots.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds