Garrett: Secure Boot and Restricted Boot [LWN.net]

Garrett: Secure Boot and Restricted Boot

Posted Apr 9, 2013 15:24 UTC (Tue) by raven667 (subscriber, #5198)
In reply to: Garrett: Secure Boot and Restricted Boot by paulj
Parent article: Garrett: Secure Boot and Restricted Boot

I'm not sure I'd use the words restriction, limitation or sand-box, as it can't prevent you from using the machine in any way you want, it just defines a signature checking and validation like Tripwire but with a way to update the database securely and a policy to not load files that haven't come through the owner's defined process.

to post comments

Garrett: Secure Boot and Restricted Boot

Posted Apr 9, 2013 15:51 UTC (Tue) by paulj (subscriber, #341) [Link]

The Secure Boot code, and the signing infrastructure brought in for Secure Boot can become Restricted Boot, if some platform flips the equivalent of a bit of information (see, e.g., the MS Surface ARM "Secure Boot", or future platforms), do you agree on that?

If that abstract bit is flipped, it will be the "Secure Boot" code that stops you booting your own software, and restricts you to approved software. (Unless you have the expertise handy to the exploit the software - I don't).

And still I havn't seen any convincing explaination for how this code helps protect me against those who /do/ exploit software regularly, for fun & profit.