Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Thibault NĂ©lis
thib at stammed.net
Tue Jun 5 05:13:03 UTC 2012
On 06/05/2012 05:10 AM, JD wrote:
>>> I wonder if China will go along with the MS plans!
>>> Much of our HW is made in China. What's to prevent
>>> China from inserting back door code in the HW? I
>>> mean that would totally make secure boot a laughable
>>> thing.
Well this scheme where the manufacturer inserts a stealth certificate
actually makes sense, unfortunately. Secure boot or no secure boot,
anyone concerned with security and privacy should always trust the
manufacturer of the hardware one uses, unless it is open hardware.
This is much like the difference between proprietary software and open
source software, where you need to trust the proprietary software
developer, whereas you don't need to for open source software (because
anyone, including you, can review the source).
>> But, I thought secure meant that the owner could secure access to the
>> machine any time he wanted. The owner is the manufacturer, isn't it?
>>
>> {O.o}
> I have not seen your assertion made by anyone in this thread,
> especially when it comes to MS and windows.
> Surely, it is possible (or should be possible) to make and install
> your own keys for any of the open source OS'es. Perhaps Sam or
> Thibault or Alan will have more to say about this.
In the context of motherboards, a good OEM would allow you to install
your own keys. Microsoft's "Windows Ready" requirements for OEMs also
force them to provide this "custom mode" feature (the document is freely
available), but only for x86 platforms.
--
t
More information about the users
mailing list