*countable infinities only

Gerry Reno greno at verizon.net
Fri Jun 1 19:14:49 UTC 2012

I just read through the MS docs on SecureBoot and this is the biggest Rube-Goldberg machine.

I could not think of a nastier solution to a problem than what they've dreamt up here.

The whole problem they are trying to solve is that of booting only known-good code.

That would be much easier accomplished by having the OS reside on a read-only device that could only be written to by
the user actively using hardware to enable the write during installation.

That would create a system where there was no possible programmatic means of corrupting the OS during normal operation.

No signatures, no crypto-databases, or other SecureBoot gobbledy-gook needed.

To implement this would require only that new systems support two drives, one with controllable-by-user
read-write-controller interface for storing the OS. 

Forensic firms have been using these types of read-write controllable drive interfaces for years.  Hardware already exists.


More information about the devel mailing list