| 1 |
On Mon, Sep 26, 2011 at 11:54 AM, Indi <thebeelzebubtrigger@×××××.com> wrote: |
| 2 |
> On Mon, 26 Sep 2011 20:56:20 +0530 |
| 3 |
> Nilesh Govindarajan <contact@××××××××.com> wrote: |
| 4 |
> |
| 5 |
> As this is being touted a win8 feature (with win8 set for release |
| 6 |
> sometime in 2012), I predict this will be defeated before the first |
| 7 |
> win8 machine hits the stores -- just like product keys, slic, and wga. |
| 8 |
> Also it's probably safe to predict this "secure boot" scheme will end up |
| 9 |
> being another vector for windows malware. |
| 10 |
|
| 11 |
Actually, that's the point of it; the BIOS doesn't allow programmatic |
| 12 |
manipulation, and would refuse to load unsigned bootloaders. As long |
| 13 |
as the system doesn't have the 'secure boot' feature disabled, the |
| 14 |
only way for malware to get into the bootloader section will be if |
| 15 |
it's signed with the keys in BIOS. |
| 16 |
|
| 17 |
I don't know if this will go the way of Palladium and the TPM. Adding |
| 18 |
it to the Windows8 certification program gives it some weight; OEMs |
| 19 |
like being able to put those stickers on their hardware. If Microsoft |
| 20 |
makes certification necessary for OEM bulk keys, the'll have a great |
| 21 |
deal of leverage. On the other hand, they make push OEMs over the edge |
| 22 |
to try Linux systems in retail again. (Yes, I realize that'll only |
| 23 |
happen if Steam and friends become truly trivial to run on Linux) |
| 24 |
|
| 25 |
-- |
| 26 |
:wq |
Archives