FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"
Tzafrir Cohen
tzafrir at cohens.org.il
Sun Oct 23 13:36:38 IST 2011
On Sun, Oct 23, 2011 at 01:11:01PM +0200, Ori Idan wrote:
> Unfortunately this is not FUD at all, it was reported by a Red-Hat employee
> and was not denied by Microsoft.
>
> See:
> http://www.theregister.co.uk/2011/09/21/secure_boot_firmware_linux_exclusion_fears/
The said RedHat employee is Matthew Garret. Here is the latest from him
about the issue:
http://mjg59.dreamwidth.org/6503.html
Specifically while the UEFI secure boot specification allows the option
of accepting custom boot loader at startup (prompting the user to
authorize it), Microsoft's requirements for Windows 8 compatibility
forbid this.
There are some reasonable technical reasons for not allowing this (it
is indeed not unlike the prompt for a self-signed SSL certificate in a
web browser). But then if we follow this analogy, we'll be left in a
world where Microsoft practically signs all certificates. If this would
happen on the web, it would be a bad thing as well.
(I suggest you actually read those links and don't comment only based on
my over-simplistic message)
BTW: I believe ChromeOS relies on a similar "secure boot" mechanism,
though those devices are supposed to have a switch (BIOS setting or
whatever) to switch to an "insecure mode".
--
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
tzafrir at debian.org | | friend
More information about the Linux-il
mailing list