Microsoft tries to block Linux off Windows 8 PCs

[Lennart Sorensen]

On Fri, Sep 23, 2011 at 01:28:26PM -0400, Mel Wilson wrote:
> MS seems to say basically that it's up to the hardware OEMs to allow
> the end-users to disable UEFI or not.  Given that MS are who they
> are and want what they want, that's pretty much what you'd expect
> them to say.

That's what they say, and that is true.  Now what decision the OEMs make
and how Microsoft may influence those decisions is a seperate (but not
entirely different) story.

> As far as I can see, the soft underbelly here is that every kernel
> and driver upgrade will have to be signed at some level.  With such
> industrial scale signing going on world-wide, it's a matter of time
> before at least one of the private keys becomes known by the wrong
> people, and the security scheme is undermined.  Multiple levels of
> signing can slow this down, but won't prevent it.

The bootloader has to be signed with a key accepted by the secure boot
system.  Beyond that secure boot ends.  The bootloader code can choose
(and should to make secure boot useful) to check a signature on the OS
and drivers.  Of course for windows, microsoft controls the bootloader
and can embed whatever keys they want in there, and require drivers to
be signed by microsoft (which has been the case for years already).

-- 
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists