LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Concur with other comments re: restricted boot

Concur with other comments re: restricted boot

Posted Jan 8, 2013 18:23 UTC (Tue) by nix (subscriber, #2304)
In reply to: Concur with other comments re: restricted boot by mjg59
Parent article: The H Year: 2012's Wins, Fails and Mehs

Really? Someone better tell Asus then, because my six-month-old motherboard has UEFI boot and a disableable Secure Boot (off by default), but no way to install your own keys. (That I could determine: both the BIOS screen and the motherboard manual are the typical Asus near-incomprehensible scrambled pseudo-English, so I may have overlooked something, only they never use the words 'secure boot' in the manual at all, so they're being very subtle in their docs if so...)

(This is the same motherboard that uses a custom sensor chip built for Asus only, where both Asus and the chip manufacturer refuse to provide any documentation on the grounds that they are prohibited from doing so by an NDA with the other party. Neat trick.)

(Log in to post comments)

Concur with other comments re: restricted boot

Posted Jan 8, 2013 18:26 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

It depends on how they implement "disable" - if it handles it by just clearing the platform key, the user can then install keys using the standard SetVariable() calls. But if it's 6 months old, it's probably also not Windows 8 certified.

Concur with other comments re: restricted boot

Posted Jan 9, 2013 18:51 UTC (Wed) by nix (subscriber, #2304) [Link]

Since disabling is an operation you can undo, it's probably not done by clearing anything (though it might be a temporary removal).

More likely, it's just not Windows 8 certified as you suggest. That does rather suggest that 'all x86 platforms' will do whatever the hell ugly hacks their BIOS/mobo vendors want, though. Asus is not a small mobo vendor...

Concur with other comments re: restricted boot

Posted Jan 9, 2013 20:12 UTC (Wed) by mjg59 (subscriber, #23239) [Link]

Enable may just be restoring the default keys. Alternatively, enable may enable it without installing any keys, leaving that up to the end user. This is why we ended up going with a solution that doesn't depend on the motherboard offering any specific set of options.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds