Microsoft tries to block Linux off Windows 8 PCs

Lennart Sorensen lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Wed Sep 21 23:42:59 UTC 2011


On Wed, Sep 21, 2011 at 05:37:51PM -0400, Ted wrote:
> Not sure i understand it.
> I can see a company not wanting a rootkit and essentially allowing
> for a insecure boot and  other issues,
> I mean  a linux distro could demand this (for valid security
> reasons) and lock out dual boot to windows?
> But, is it not the case that this signing issue would not have any
> effect on dual boot from separate drives?
> I know at times i have had dual boot be drive based and flipped in bios.
> I guess however this would be deemed a hassle to some? Given boot
> priority however, if you
> had drive drawers or power switch on drives, you could just dual
> boot by powering off the windows drive (or pop it, or bios change
> priority),
> and then it goes into linux?
> So seems to me its hardly a "block", if that was even attempt by MS,
> but rather maybe a slight annoyance at best?

If you control the setup of the UEFI secure boot, then you can choose
which keys to load in.  So you could load a key to reocgnize microsoft
signed binaries, as well as a key to recognize your own signed binaries
and then go ahead and sign your grub binary and install it.  If something
tries to replace windows' boot code with a virus, or tries to replace
your boot loader code, it will stop booting because it is no longer what
you told it to allow.  This sounds useful.

If you don't control the setup of secure boot, you on the other hand
no longer have a choice in what your machine can boot when secure boot
is enabled.  That sounds awful.

So the real question comes down to whether you as the owner of the
machine get to pick the keys on the box or not.

-- 
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list