UEFI bootkit

[jdow]

On 2012/09/19 14:52, Alan Evans wrote:
> On Wed, Sep 19, 2012 at 11:05 AM, Mike Wright wrote:
>> Great!  MS shoots self in foot, others in head.  We saw it coming :/
>
> Shoots themselves in the foot? Limiting user choice sounds like it's
> working just the way they wanted. (Shooting everyone else in the head
> was a part of their plan.)

The proper way to do this is to issue a unique key for each board
that has the private signing key included for the users who wish to
add personally signed software. Their key does not work on any other
machine, of course. Distros could sign their material. And if the user
wishes to recompile a kernel they can sign it with their own key and
still boot with it.

{^_^}