On Sat, Jun 2, 2012 at 3:43 AM, Florian Philipp <[email protected]> wrote: > Am 02.06.2012 04:26, schrieb William Kenworthy: >> http://boingboing.net/2012/05/31/lockdown-freeopen-os-maker-p.html >> >> and something I had not considered with the whole idea was even bootable >> cd's and usb keys for rescue will need the same privileges ...
[snip] > Okay, enough bashing the article. Some technical question: As I > understand it, if I want to make a live CD or a distribution, all I'd > need to do is to use Fedora's kernel and boot loader? That's not so bad. Or turn off 'secure boot' in the BIOS configuration menu. For Windows 8 certification, a device must _default_ to 'secure boot' being turned on. You're allowed to turn it off, you just can't have programmatic access to turn it off; it has to be done manually. I expect that'll be available in things like motherboards sold directly to end-users. I expect it *won't* be available in whatever the current iteration of Compaq/HP/Packard Hell all-in-one devices is; manufacturers of those devices will still have keys installed to allow debugging and maintenance tools to operate, but their signed tools would only be available to their certified technicians. Does anyone know what crypto hash they're using to sign these things? I imagine it won't be too long (3-4 years, tops) before either the signing key leaks or collision attacks are figured out. -- :wq
