I was thinking that because this prevent the user booting the OS of their choice (even after adding keys and what have you) then it would still be a breach. Guess that would require MS to take action, and I wouldn't expect that to happen any time soon.
I'm just dumbfounded that anyone would do that kind of string check in a place like this. Maybe to check for 0 chars. Maybe even to do a little alphanumeric sort. But "if (string!=magicLetterSequence) then { error }" Really?
Someone really needs a slap.
Really worrying if this kind of crap shows up in other firmware.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
Re: Breach of MS guidelines?
Date: 2012-11-15 06:24 pm (UTC)I was thinking that because this prevent the user booting the OS of their choice (even after adding keys and what have you) then it would still be a breach. Guess that would require MS to take action, and I wouldn't expect that to happen any time soon.
I'm just dumbfounded that anyone would do that kind of string check in a place like this. Maybe to check for 0 chars. Maybe even to do a little alphanumeric sort. But "if (string!=magicLetterSequence) then { error }" Really?
Someone really needs a slap.
Really worrying if this kind of crap shows up in other firmware.