2012/1/24 Maiko Takemoto > ... > O bloqueio funcionaria por meio de uma certificação exclusiva durante a > inicialização do sistema, que usaria uma medida de segurança chamada de “UEFI > secure boot”. Isso significa que para instalar um novo SO, o dono do > computador precisaria ter uma chave para desativar essa função. Conforme a > notícia do Software Freedom Law Center, esse bloqueio foi confirmado para > máquinas que usarem arquitetura ARM. >
"future establishment of an operating-system-neutral and vendor-neutral certificate authority to issue keys to third-party hardware and software vendors." "If vendors ship their systems in the setup mode and provide a means to add new KEKs to the firmware, those systems will fully support open operating systems while maintaining compliance with the Windows 8 logo requirements." "In the absence of the establishment of a trust model, we therefore recommend that non-verifying external media be able to boot and import either a signature or KEK from the media with a present user acceptance check. In order to make this operation simple for the platform owner, this import with present user check should not require that the imported key be signed by the PK." www.linuxfoundation.org/sites/main/files/lf_uefi_secure_boot_open_platforms.pdf "Unfortunately, the current implementation recommended for secure boot makes installation of Linux more difficult and may prevent users from modifying their own systems. So, we recommend that secure boot implementations are designed around the hardware owner having full control of the security restrictions." Canonical and Red Hat, http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf > Apesar de a arquitetura ARM ser, majoritariamente, usada apenas em > dispositivos portáteis, o bloqueio de instalação de outros SOs nesses > dispositivos com Windows 8 abre precedente para a mesma prática em > computadores com processadores "tradicionais". > Isto vai ser implementado em projectos como o http://projects.goldelico.com/p/gta04-main/ ? Tradicionais vale a pena verificar, http://www.coreboot.org/Supported_Motherboards http://www.coreboot.org/ARM -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/capu1e-h99yrg3haurva47+odjdwpecn92yopcpj55hwo8sa...@mail.gmail.com
