No subject

Sat Sep 24 00:49:04 UTC 2011

Windows 8 certification requires that hardware ship with UEFI secure
boot enabled.
Windows 8 certification does not require that the user be able to
disable UEFI secure boot, and we've already been informed by hardware
vendors that some hardware will not have this option.


Why is this a problem? Because there's no central certification
authority for UEFI signing keys. Microsoft can require that hardware
vendors include their keys. Their competition can't. ...

What does this mean for the end user? Microsoft claim that the
customer is in control of their PC. That's true, if by "customer" they
mean "hardware manufacturer". The end user is not guaranteed the
ability to install extra signing keys in order to securely boot the
operating system of their choice. The end user is not guaranteed the
ability to disable this functionality. The end user is not guaranteed
that their system will include the signing keys that would be required
for them to swap their graphics card for one from another vendor, or
replace their network card and still be able to netboot, or install a
newer SATA controller and have it recognise their hard drive in the
firmware. The end user is no longer in control of their PC. ...

To misuse a certain Chinese phrase:

"Interesting times..."


More information about the Nottingham mailing list