1 |
On Sat, Jun 2, 2012 at 3:43 AM, Florian Philipp <lists@×××××××××××.net> wrote: |
2 |
> Am 02.06.2012 04:26, schrieb William Kenworthy: |
3 |
>> http://boingboing.net/2012/05/31/lockdown-freeopen-os-maker-p.html |
4 |
>> |
5 |
>> and something I had not considered with the whole idea was even bootable |
6 |
>> cd's and usb keys for rescue will need the same privileges ... |
7 |
|
8 |
[snip] |
9 |
|
10 |
> Okay, enough bashing the article. Some technical question: As I |
11 |
> understand it, if I want to make a live CD or a distribution, all I'd |
12 |
> need to do is to use Fedora's kernel and boot loader? That's not so bad. |
13 |
|
14 |
Or turn off 'secure boot' in the BIOS configuration menu. |
15 |
|
16 |
For Windows 8 certification, a device must _default_ to 'secure boot' |
17 |
being turned on. You're allowed to turn it off, you just can't have |
18 |
programmatic access to turn it off; it has to be done manually. |
19 |
|
20 |
I expect that'll be available in things like motherboards sold |
21 |
directly to end-users. I expect it *won't* be available in whatever |
22 |
the current iteration of Compaq/HP/Packard Hell all-in-one devices is; |
23 |
manufacturers of those devices will still have keys installed to allow |
24 |
debugging and maintenance tools to operate, but their signed tools |
25 |
would only be available to their certified technicians. |
26 |
|
27 |
Does anyone know what crypto hash they're using to sign these things? |
28 |
I imagine it won't be too long (3-4 years, tops) before either the |
29 |
signing key leaks or collision attacks are figured out. |
30 |
|
31 |
-- |
32 |
:wq |