Hello Doug,

Doug <dmcgarr...@optonline.net> wrote:
> I think you understand this INcorrectly!

He does not.

>If _I_ understand it,

You don’t.

> the 
> machine will not boot anything that is not signed with the key,

You can add any keys you want to that. UEFI is simply a framework,
and because most computers will want to run Windows, the key used by
Microsoft will be included in most computers. You might want to read
the link in the OP’s post (http://mjg59.dreamwidth.org/12368.html) to
understand this better.

> unless you go to the bios and disable the UEFI--which may be made 
> difficult on purpose, I would guess.

It is probably not more difficult than changing the default boot device.

> Note that this will make bootable CDs and useful things like partition 
> managers impossible.

Not impossible.

> Thank Microsoft!

Thanks indeed to Microsoft and all others, because now, we can make
sure that the kernel we want to boot is actually the kernel we
installed and not something introduced by a third party/attacker.

Best regards,

stab_val(stab)->str_nok = 1;    /* what a wonderful hack! */
                -- Larry Wall in stab.c from the perl source code
http://chubig.net                          telnet nightfall.org 4242

Attachment: signature.asc
Description: PGP signature

Reply via email to