On 10/05/2017 01:00 PM, David Howells wrote:
Lockdown is typically enabled during boot and may be terminated, if configured,
by typing a special key combination on a directly attached physical keyboard.
Does this include a Bluetooth keyboard (which might not actually exist
and might in
* Theodore Ts'o:
Right now, even though Lenovo laptops are shipping with Windows
8. UEFI secure boot is not made mandatory (although it is on enough to
brick the laptop when it runs into bugs wwith the UEFI BIOS code,
sigh). But sooner or later, UEFI secure boot will be on by default,
and
* Matthew Garrett:
On Sun, Sep 01, 2013 at 12:41:22PM +0200, Florian Weimer wrote:
But if you don't generate fresh keys on every boot, the persistent
keys are mor exposed to other UEFI applications. Correct me if I'm
wrong, but I don't think UEFI variables are segregated between
different
* Chun-Yi Lee:
+ EFI bootloader must generate RSA key-pair when system boot:
- Bootloader store the public key to EFI boottime variable by itself
- Bootloader put The private key to S4SignKey EFI variable for forward to
kernel.
Is the UEFI NVRAM really suited for such regular
* James Bottomley:
Right, but what I'm telling you is that by deciding to allow automatic
first boot, you're causing the windows attack vector problem. You could
easily do a present user test only on first boot which would eliminate
it.
Apparently, the warning will look like this:
