On Wed, Oct 12, 2011 at 05:45, <[email protected]> wrote: > > I had been superficially looking at it 2 years ago. > The primary concern is that it enables a process of signing prior to the > bootloader. Hence any machine shipped with a signed os, will not be able to > boot another os unless the signing keys are made available.
Nitpick, but it is not the "signed OS" that prevents others booting. Whether to check for signatures or not, is a pre-OS function. > This will most > likely be the case with windows 8. The Microsoft "Designed for Windows" program will REQUIRE that compliant hardware check for signatures. That is all. Microsoft has stated that it will allow > disabling of this feature at the bios level. Since MS does not control either UEFI or "Bios", they cannot really allow or disallow. Their concern is that if you want the "Designed for Windows" sticker, you must meet some requirements, and one of them is to check for signatures pre-boot. > However it is not very clear to > me how they could achieve this. There is also the distinct possibility of > locking out device driver upgrades and "uncertified" Windows software. > Device Drivers, and software, that is loaded by an OS is never brought to the attention of EFI. So EFI can't do anything to allow/disallow. However, device drivers that are loaded _before_ the OS (which is the interesting part of the spec) can be signed, and may be checked for signatures. One of the reasons EFI is interesting is precisely the ability to load Device Drivers before the OS even starts. Think of it as a "Bios Plugin" :-) Booting with a braille display, without having to emulate VGA. For conspiracy theories galore, please review comments on Matthew J Garret's blog: http://mjg59.dreamwidth.org Also of interest, if you have an afternoon to spare, is the comments on: https://lwn.net/Articles/459569/ https://lwn.net/Articles/460199/ I strongly recommend http://mjg59.dreamwidth.org/#entry-4957 as a primer :-) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane
_______________________________________________ network mailing list [email protected] http://lists.fosscom.in/listinfo.cgi/network-fosscom.in
