Same as other software, I'm guessing that the cert would need to be
signed by a CA that's recognized by the UEFI software. I'm guessing that
you wouldn't be able to modify which CAs UEFI recognizes, but if you
can, than you could simply add your CA to the list and be good to go.
--
-Eric 'shubes'
On 06/11/2012 08:19 AM, [email protected] wrote:
And why you have to 'get a certificate request signed by a CA' ?
I can do SSL all day long with a self-signed (or even expired) certificate.
The only thing that the CA validates (the encryption will still be
there) is that you are whom you are claiming to be, but if you don't
care (I don't drop my credit card unless the certificate is 'validly
signed'), I still go ahead (as happens on some I-wonder-why SSL(ed)
Ubuntu support pages).
I may be dumb, though...
ET
Eric Shubert writes:
On 06/10/2012 01:11 PM, Lisa Kachold wrote:
Microsoft responded by saying that there was no mandate from Microsoft
that prevents secure booting from being disabled in firmware or that
keys could not be updated and managed.
I think this is key to understanding the situation. Anyone can easily
disable secure booting and people can do as they please, as they do
presently.
In order to use secure booting with an alternative OS, one simply
needs to get a certificate request signed by a CA (a service which
comes with a fee), much the same as certs are done for SSL. This would
be one cert per OS, not per computer. I'm not certain of the details
of how to do this, but this is my understanding of the process.
BL, if you don't want or need secure booting, things are pretty much
the same as they've always been. I doubt that most people would notice
a difference between UEFI and traditional BIOS per se. The differences
are largely between different vendor's implementations, as has always
been the case.
As Larry said earlier, much to say about nothing.
--
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
