![[personal profile]](http://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Profile
Matthew Garrett
About Matthew
Active Entries
- 1: Samsung laptop bug is not Linux specific
- 2: Playing with Thunderbolt under Linux on Apple hardware
- 3: A short introduction to TPMs
- 4: More in the series of bizarre UEFI bugs
- 5: Rebooting
- 6: Update on leaked UEFI signing keys - probably no significant risk
- 7: Leaked UEFI signing keys
- 8: Secure Boot and Restricted Boot.
- 9: The current state of UEFI and Linux
- 10: Using pstore to debug awkward kernel crashes
Expand Cut Tags
No cut tags
Let's try to be clear on the facts
Date: 2011-09-29 09:15 am (UTC)Facts:
"Windows 8 certification requires that hardware ship with UEFI secure boot enabled."
Check. That's a good thing, right?
"Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option."
Check. Why would Microsoft be responsible for requiring OEM vendors to implement any feature of UEFI? Also, could you elaborate on which hardware vendors specifically have informed you that "some hardware" will not have this option? If not, why not? More detail on "some hardware" would also be helpful.
"Windows 8 certification does not require that the system ship with any keys other than Microsoft's."
Check. Again, why would Microsoft have any responsibility for including a requirement to ship any keys other than their own?
"A system that ships with UEFI secure boot enabled and only includes Microsoft's signing keys will only securely boot Microsoft operating systems."
Well, that's not entirely true - if anything, another omission of truth at best. It should read:
"A system that ships with UEFI secure boot enabled [with no user option to disable] and only includes Microsoft's signing keys will only securely boot Microsoft operating systems." Right?