On Tue, Oct 25, 2011 at 05:37:29PM +0200, Amit Aronovitch wrote: > Setting aside the amusing political debates and going back to the original > topic - what's the actual status of the UEFI boot issue? > > (Following up on the link from Tzafrir's > post:http://mjg59.dreamwidth.org/6503.html, > see my comments below )
> Can you help locating the MS statement that you describe? > > Some relevant details, described in Mathew Garett's post (thanks Tzafrir for > the link), and some of the replies there: > > 1. Problems with the proposed UEFI boot standard boil down to the fact that > it lacks any means to allow the *owner of the hardware* to edit the list of > trusted keys (load new keys, delete old ones). Rather: the owner can not edit the list of certificate authorities. The owner can, optionally (according to the standard) add extra keys. But this option is prohibited by Microsoft. > > 2. It seems to me that some aspects of this are in fact a security issue, > which should also be in the interest of Microsoft to solve (e.g. they would > probably want some means to recover in case one of their keys get stolen). > > 3. Some solution to the problem (a mechanism for loading keys from specially > formatted removable media) will be (is being) suggested by Garrett to UEFI > during this week's "plugfest" http://www.uefi.org/events/ > > 4. Readers of this group should be interested to know that this solution > (whatever other advantages/disadvantages it might have) would allow you to > end up being able to boot kernels (or bootloaders) that you compiled > yourself and signed with your own private key. Custom kernel? How about custom boot loader code? Grub2 can: * read pathes and files from the disk(s). * run a program: http://www.gnu.org/software/grub/manual/html_node/Shell_002dlike-scripting.html#Shell_002dlike-scripting So, would grub be allowed to boot? > > Hence: if that MS statement contained some indication that Microsoft would > support such a solution, indeed I see no serious reason to worry. > Either way, we should follow closely for reports from the plugfest > conclusions next week. -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best [email protected] | | friend _______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
