Hi Amit, On Tue, Oct 25, 2011 at 05:37:29PM +0200, Amit Aronovitch wrote: > On Mon, Oct 24, 2011 at 1:56 AM, Amos Shapira <[email protected]>wrote: > > I didn't follow the detail but a few weeks ago this made a noise on > > Slashdot and as far as I'm aware Microsoft issued a statement which > > calmed down the activists and it became a none-issue. I didn't follow > > it closely so I might be wrong. > > > Can you help locating the MS statement that you describe?
The MS response on this issue is at http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx. Matthew then responded to this at http://mjg59.dreamwidth.org/6503.html. baruch > Some relevant details, described in Mathew Garett's post (thanks Tzafrir for > the link), and some of the replies there: > > 1. Problems with the proposed UEFI boot standard boil down to the fact that > it lacks any means to allow the *owner of the hardware* to edit the list of > trusted keys (load new keys, delete old ones). > > 2. It seems to me that some aspects of this are in fact a security issue, > which should also be in the interest of Microsoft to solve (e.g. they would > probably want some means to recover in case one of their keys get stolen). > > 3. Some solution to the problem (a mechanism for loading keys from specially > formatted removable media) will be (is being) suggested by Garrett to UEFI > during this week's "plugfest" http://www.uefi.org/events/ > > 4. Readers of this group should be interested to know that this solution > (whatever other advantages/disadvantages it might have) would allow you to > end up being able to boot kernels (or bootloaders) that you compiled > yourself and signed with your own private key. > > Hence: if that MS statement contained some indication that Microsoft would > support such a solution, indeed I see no serious reason to worry. > Either way, we should follow closely for reports from the plugfest > conclusions next week. -- ~. .~ Tk Open Systems =}------------------------------------------------ooO--U--Ooo------------{= - [email protected] - tel: +972.2.679.5364, http://www.tkos.co.il - _______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
