On Fri, Jun 15, 2012 at 10:37:02AM +0200, Florian Philipp wrote > Besides, it wouldn't work long. They can blacklist keys.
Question... how would "blacklisting" work on linux machines? Let's say Joe Blow gets a signing key and then passes it around. I can see that if you want to build an executable (*.exe) to run under Windows, you'll run into problems if the monthly MS Windows Update kills that specific key. How could MS do anything to linux users who used the key to get their machine running? All I can think of is that the blacklisted keys would be added to some encrypted table in the UEFI in future versions of the UEFI/BIOS. Oh yeah, remember to *NOT* do unnecessary firmware updates to your UEFI/BIOS. As for a signed 1st-stage bootloader, is it just me, or is nobody else concerned/paranoid about MS sticking their binary code on my machine? We used to laugh at Sony rootkits, but that's what we could be looking at here. -- Walter Dnes <[email protected]>
