Continuing the story with UEFI Secure Boot
Microsoft decided to respond to the hype around the problem
blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx
Naturally, nothing sensible is written here, the usual MS style blah blah blah on how they take care of users and the only thing that is interesting is that what is told there (by mistake :) about another boot option when The OS can monitor its usage profile.
')
This Microsoft post led to Red Hat’s Matthew Garret responding to him, who has been talking with hardware manufacturers since August. In his return post
mjg59.dreamwidth.org/5850.html
he reveals some details of this communication.
And in some comments on MSDN (I can’t find it now), I read that MS will encourage suppliers if they comply with the requirements of the Win-8 Secure Boot to a minimum (that is, only MS keys with no ability to disable).
Matthew also claims that systems with such a minimal Secure Boot configuration will be produced. So watch out for what you are buying. At the same time, it is necessary to check the presence of a jumper or a special button, or some secret sequence of pressing the buttons, because (again, from the discussion on MSDN) Win-8 certification prohibits disabling Secure Boot programmatically.
Such a garbage. Secure Boot itself is a dubious technology in terms of protection. If Win 8 is such a disgusting OS that it cannot protect its boot records and peripheral memory itself, then why bother to use it at all? If it is not so disgusting, then why is Secure Boot needed? Protect yourself from hackers who go home and install their malware from a diskette? And imagine the problems of the user, if suddenly the malware really breaks through the protection and enters the boot record? This is a complete disability of the system immediately. Is it better than being able to continue working?
By the way, AMD has already happily reported that it is ready to support Windows 8. Therefore, just not looking in the direction of Intel will not work anymore.
PS There are open motherboards on ARM with (already) Cortex-A9, for example, pandaboard.org/content/platform - decent 3d, 1080p playback, audio, HDMI. For a desktop (office + Internet + programming), the desktop is fine, imho. It may already make sense to start the production of PCs on a similar basis, MS Kozlit, the moment is right. Let us - Linux'oids according to official statistics is not so much, but we are there, we can support a small business :) and then, you see, MS, following Apple’s precepts, will roll down to the same place where Yabloks live - by 5% of the world PC market. Maybe make a collective request to Pocketbook-sheep? :) They have experience
blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx
Naturally, nothing sensible is written here, the usual MS style blah blah blah on how they take care of users and the only thing that is interesting is that what is told there (by mistake :) about another boot option when The OS can monitor its usage profile.
')
This Microsoft post led to Red Hat’s Matthew Garret responding to him, who has been talking with hardware manufacturers since August. In his return post
mjg59.dreamwidth.org/5850.html
he reveals some details of this communication.
- Win-8 certification requires manufacturers to supply hardware with Secure Boot enabled.
- Win-8 certification does not require the manufacturer to provide the ability to disable Secure Boot.
- Win-8 certification does not require keys in the system other than MS keys.
And in some comments on MSDN (I can’t find it now), I read that MS will encourage suppliers if they comply with the requirements of the Win-8 Secure Boot to a minimum (that is, only MS keys with no ability to disable).
Matthew also claims that systems with such a minimal Secure Boot configuration will be produced. So watch out for what you are buying. At the same time, it is necessary to check the presence of a jumper or a special button, or some secret sequence of pressing the buttons, because (again, from the discussion on MSDN) Win-8 certification prohibits disabling Secure Boot programmatically.
Such a garbage. Secure Boot itself is a dubious technology in terms of protection. If Win 8 is such a disgusting OS that it cannot protect its boot records and peripheral memory itself, then why bother to use it at all? If it is not so disgusting, then why is Secure Boot needed? Protect yourself from hackers who go home and install their malware from a diskette? And imagine the problems of the user, if suddenly the malware really breaks through the protection and enters the boot record? This is a complete disability of the system immediately. Is it better than being able to continue working?
By the way, AMD has already happily reported that it is ready to support Windows 8. Therefore, just not looking in the direction of Intel will not work anymore.
PS There are open motherboards on ARM with (already) Cortex-A9, for example, pandaboard.org/content/platform - decent 3d, 1080p playback, audio, HDMI. For a desktop (office + Internet + programming), the desktop is fine, imho. It may already make sense to start the production of PCs on a similar basis, MS Kozlit, the moment is right. Let us - Linux'oids according to official statistics is not so much, but we are there, we can support a small business :) and then, you see, MS, following Apple’s precepts, will roll down to the same place where Yabloks live - by 5% of the world PC market. Maybe make a collective request to Pocketbook-sheep? :) They have experience
Source: https://habr.com/ru/post/129069/
All Articles