Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Alan Cox
alan at lxorguk.ukuu.org.uk
Sat Jun 2 16:35:13 UTC 2012
> Yes, but for that, the firmware will either need support from the OS it
> secure-boots, to go out on the network, check for revocations, and upload
> them into firmware; or the firmware itself must implement a bare-bones
> network stack, initialize the onboard NIC, obtain a DHCP address, or load a
> static IP config, then check for CRLs.
The firmware already has this.
> Before it boots the OS.
Fine UEFI is a powerful enough base to be capable of supporting this. I
don't know if anyone has implemented it, but you have a complete chain of
keys to verify the request.
In theory you can even do stuff like have the OS prove to the ISP that
it's an approved signed OS so is permitted to use the internet. (no
piracy tools installed etc)
More information about the users
mailing list