1 |
On Mon, Sep 26, 2011 at 11:54 AM, Indi <thebeelzebubtrigger@×××××.com> wrote: |
2 |
> On Mon, 26 Sep 2011 20:56:20 +0530 |
3 |
> Nilesh Govindarajan <contact@××××××××.com> wrote: |
4 |
> |
5 |
> As this is being touted a win8 feature (with win8 set for release |
6 |
> sometime in 2012), I predict this will be defeated before the first |
7 |
> win8 machine hits the stores -- just like product keys, slic, and wga. |
8 |
> Also it's probably safe to predict this "secure boot" scheme will end up |
9 |
> being another vector for windows malware. |
10 |
|
11 |
Actually, that's the point of it; the BIOS doesn't allow programmatic |
12 |
manipulation, and would refuse to load unsigned bootloaders. As long |
13 |
as the system doesn't have the 'secure boot' feature disabled, the |
14 |
only way for malware to get into the bootloader section will be if |
15 |
it's signed with the keys in BIOS. |
16 |
|
17 |
I don't know if this will go the way of Palladium and the TPM. Adding |
18 |
it to the Windows8 certification program gives it some weight; OEMs |
19 |
like being able to put those stickers on their hardware. If Microsoft |
20 |
makes certification necessary for OEM bulk keys, the'll have a great |
21 |
deal of leverage. On the other hand, they make push OEMs over the edge |
22 |
to try Linux systems in retail again. (Yes, I realize that'll only |
23 |
happen if Steam and friends become truly trivial to run on Linux) |
24 |
|
25 |
-- |
26 |
:wq |