|
|
Subscribe / Log in / New account

UEFI and "secure boot"

UEFI and "secure boot"

Posted Jun 16, 2011 5:48 UTC (Thu) by ras (subscriber, #33059)
Parent article: UEFI and "secure boot"

Yeah, well as the article says, the only real problem with the proposal is the one it raises at the start:

> It all depends on who holds the signing keys.

Given the key is programmable this doesn't seem to be an issue. If I am an organisation that cares, I can just program it. If I like to run tweaked versions of Grub I can ignore it.

But then we have this:

> Platform vendors are likely to use a key from UEFI as the PK, and distribute updated signature databases from the organization signed by that key.

This is the nub of the issue. Is it a published policy, or just a guess?

It could lead to a world of pain for platform vendors. It in all probability would end up meaning only the version of Windows shipped by the vendor would boot.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds