Windows 8 UEFI 2.3.1 Secure Boot - study the specifications of purchased hardware
Microsoft and Intel started a dirty trick: www.h-online.com/security/news/item/Windows-8-to-include-secure-boot-using-UEFI-2-3-1-1335246.html
In short, the Secure Boot allows you to stitch keys into the hardware for verifying the boot code signatures, and to refuse at the hardware level from executing those loaders that do not pass the signature verification. The main purpose of the technology, as stated - the fight against rootkits (that's why Russinovich zombied everyone with his Zero Day :) but it was not even clear, what for a peasant disgraced the guy. And it, of course, under the condition P! = NP, will allow to deal with them ...
But in the same way it will allow to fight against alternative OS loaders, the authors of which are unlikely to be given private keys to sign their code. In particular, due to the fact that some OSF-licenses prescribe such keys to publish, which, of course, reduces the whole idea to zero. Here's a look at the problem from the perspective of the Linux community: lwn.net/Articles/447381
')
Therefore, after the release of Windows 8, carefully follow the specification of the purchased hardware in order not to run into technology-lock.
PS It seems that the fans of almost completely technology-locked products (phones, tablets, game consoles and other modern equipment from well-known manufacturers) have created a very, very sad precedent :(
In short, the Secure Boot allows you to stitch keys into the hardware for verifying the boot code signatures, and to refuse at the hardware level from executing those loaders that do not pass the signature verification. The main purpose of the technology, as stated - the fight against rootkits (that's why Russinovich zombied everyone with his Zero Day :) but it was not even clear, what for a peasant disgraced the guy. And it, of course, under the condition P! = NP, will allow to deal with them ...
But in the same way it will allow to fight against alternative OS loaders, the authors of which are unlikely to be given private keys to sign their code. In particular, due to the fact that some OSF-licenses prescribe such keys to publish, which, of course, reduces the whole idea to zero. Here's a look at the problem from the perspective of the Linux community: lwn.net/Articles/447381
')
Therefore, after the release of Windows 8, carefully follow the specification of the purchased hardware in order not to run into technology-lock.
PS It seems that the fans of almost completely technology-locked products (phones, tablets, game consoles and other modern equipment from well-known manufacturers) have created a very, very sad precedent :(
Source: https://habr.com/ru/post/127975/
All Articles