LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

still a few glitches in the system...

still a few glitches in the system...

Posted Nov 21, 2012 9:21 UTC (Wed) by mjw (subscriber, #16740)
In reply to: still a few glitches in the system... by davidescott
Parent article: Bottomley: Adventures in Microsoft UEFI Signing

You might be more a half-full person, and I might be more a half-empty person. But I wouldn't call the (vaguely worded) legal restrictions on using licenses for binaries distributed by third parties, signing stuff with the wrong key, only supporting signing Win32 executables, "annoyances" of using an uncommon wrapper format, requiring Silverlight (plus basically Windows7) instead of a simple http upload, etc. "it evidently almost worked" :) Sure, not all steps are fatal showstoppers, but it looks to me that half of them could certainly be counted as such.

I haven't used Windows in the last decade (but I have dealt with certificates and signing, and it certainly doesn't have to be so painful), so I might be "out of touch" with how windows binary certification works. But I thought this whole process was for simple UEFI bootloaders to enable common hardware in the default setup and has basically nothing to do with Windows. Organizations that already use Windows anyway are probably not the target of this process.

(Log in to post comments)

still a few glitches in the system...

Posted Nov 21, 2012 12:50 UTC (Wed) by khim (subscriber, #9252) [Link]

I haven't used Windows in the last decade (but I have dealt with certificates and signing, and it certainly doesn't have to be so painful), so I might be "out of touch" with how windows binary certification works. But I thought this whole process was for simple UEFI bootloaders to enable common hardware in the default setup and has basically nothing to do with Windows. Organizations that already use Windows anyway are probably not the target of this process.

As far as Microsoft is concerned Windows is the golden standard everyone should use (preferably the latest version). They certainly don't plan to support anyone who does not use it. And if you'll stick with Microsoft's tools the process is as streamlined as they come (well, except for Silverlight at the end - but that's just a minor gimmick and not a problem if you are using Windows7 anyway).

still a few glitches in the system...

Posted Nov 22, 2012 21:51 UTC (Thu) by Jan_Zerebecki (guest, #70319) [Link]

> if you'll stick with Microsoft's tools the process is as streamlined as they come

Assuming you didn't try it yourself and had a different experience than James Bottomley this is just plain wrong. According to http://blog.hansenpartnership.com/adventures-in-microsoft... he tried the Microsoft tools.

He also says: "Additionally, although I think openssl has a rather confusing interface, the Microsoft tools make it look slick by comparison."

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds