UEFI bootkit

jdow jdow at earthlink.net
Thu Sep 20 11:29:47 UTC 2012


On 2012/09/20 04:13, Eddie O'Connor wrote:
>
>
> On Thu, Sep 20, 2012 at 7:10 AM, Matthew Miller <mattdm at fedoraproject.org
> <mailto:mattdm at fedoraproject.org>> wrote:
>
>     On Thu, Sep 20, 2012 at 12:06:08PM +0100, Alan Cox wrote:
>      > On ARM systems the requirement is the reverse - it must not be possible
>      > to disable it, so those devices will be locked to Windows if shipped that
>      > way.
>
>     Locked to bootloaders signed with the Microsoft key, not _necessarily_ to
>     Windows, right?
>
>
>     --
>     Matthew Miller  ☁☁☁  Fedora Cloud Architect  ☁☁☁  <mattdm at fedoraproject.org
>     <mailto:mattdm at fedoraproject.org>>
>     --
>     users mailing list
>     users at lists.fedoraproject.org <mailto:users at lists.fedoraproject.org>
>     To unsubscribe or change subscription options:
>     https://admin.fedoraproject.org/mailman/listinfo/users
>     Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>     Have a question? Ask away: http://ask.fedoraproject.org
>     <http://ask.fedoraproject.org/>
>
>
> So then basically there's no REAL way to get a "modern" PC / laptop WITHOUT this
> UEFI on it? Right? And the only way to be able to iunstall/boot another OS would
> be to turn the UEFI off....but without the proper key....that is impossible?
> Just trying to understand what this means when it's time for me to upgrade my
> laptop....would like to know that I can install the latest version of Fedora
> without any problems or issues hardware-wise.
> EGO II

That is why I like my unique to the machine key that is supplied to the
user along with the board serial number. So he can make changes. But the
changes for his system cannot affect other systems. That would make
custom signed Linux kernels possible for a person testing kernel builds
or compiling in obscure filesystems, such as I do from time to time.

{^_^}


More information about the users mailing list