On Mon, Sep 26, 2011 at 11:54 AM, Indi <thebeelzebubtrig...@gmail.com> wrote: > On Mon, 26 Sep 2011 20:56:20 +0530 > Nilesh Govindarajan <cont...@nileshgr.com> wrote: > > As this is being touted a win8 feature (with win8 set for release > sometime in 2012), I predict this will be defeated before the first > win8 machine hits the stores -- just like product keys, slic, and wga. > Also it's probably safe to predict this "secure boot" scheme will end up > being another vector for windows malware.
Actually, that's the point of it; the BIOS doesn't allow programmatic manipulation, and would refuse to load unsigned bootloaders. As long as the system doesn't have the 'secure boot' feature disabled, the only way for malware to get into the bootloader section will be if it's signed with the keys in BIOS. I don't know if this will go the way of Palladium and the TPM. Adding it to the Windows8 certification program gives it some weight; OEMs like being able to put those stickers on their hardware. If Microsoft makes certification necessary for OEM bulk keys, the'll have a great deal of leverage. On the other hand, they make push OEMs over the edge to try Linux systems in retail again. (Yes, I realize that'll only happen if Steam and friends become truly trivial to run on Linux) -- :wq