| 1 |
On Sat, Jun 2, 2012 at 3:43 AM, Florian Philipp <lists@×××××××××××.net> wrote: |
| 2 |
> Am 02.06.2012 04:26, schrieb William Kenworthy: |
| 3 |
>> http://boingboing.net/2012/05/31/lockdown-freeopen-os-maker-p.html |
| 4 |
>> |
| 5 |
>> and something I had not considered with the whole idea was even bootable |
| 6 |
>> cd's and usb keys for rescue will need the same privileges ... |
| 7 |
|
| 8 |
[snip] |
| 9 |
|
| 10 |
> Okay, enough bashing the article. Some technical question: As I |
| 11 |
> understand it, if I want to make a live CD or a distribution, all I'd |
| 12 |
> need to do is to use Fedora's kernel and boot loader? That's not so bad. |
| 13 |
|
| 14 |
Or turn off 'secure boot' in the BIOS configuration menu. |
| 15 |
|
| 16 |
For Windows 8 certification, a device must _default_ to 'secure boot' |
| 17 |
being turned on. You're allowed to turn it off, you just can't have |
| 18 |
programmatic access to turn it off; it has to be done manually. |
| 19 |
|
| 20 |
I expect that'll be available in things like motherboards sold |
| 21 |
directly to end-users. I expect it *won't* be available in whatever |
| 22 |
the current iteration of Compaq/HP/Packard Hell all-in-one devices is; |
| 23 |
manufacturers of those devices will still have keys installed to allow |
| 24 |
debugging and maintenance tools to operate, but their signed tools |
| 25 |
would only be available to their certified technicians. |
| 26 |
|
| 27 |
Does anyone know what crypto hash they're using to sign these things? |
| 28 |
I imagine it won't be too long (3-4 years, tops) before either the |
| 29 |
signing key leaks or collision attacks are figured out. |
| 30 |
|
| 31 |
-- |
| 32 |
:wq |
Archives