You see, MS has been recently caught on signing serious industrial spyware/sabotage tool with their valid signature. So I have no doubt they will also sign any kind of bootkit/rootkit, should some big guys need it to do evil things on Iran PCs at their factories... or spy at *your* PC. Or someone else PC. Or whatever. If they signed hardcore industrial espionage kit, you can exepct absolutely ANYTHING from such vendor. So you can't expect security at all.
P.S. still this bootloader is an incredible workaround to these crappy initiatives where you're FORCED to "trust" to entities you have no reason to trust at all. However as for me at this point I would consider whole x86 platform with UEFI to be untrusted due to all this activity. If someone forces you to "trust" by pointing you with their gun and leaving no other options, you know, this "trust" is a big fake.
P.s.: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." - B. Franklin.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
This "security" is fake. It's "restricted" boot, not "secure".
Date: 2012-12-01 03:32 pm (UTC)P.S. still this bootloader is an incredible workaround to these crappy initiatives where you're FORCED to "trust" to entities you have no reason to trust at all. However as for me at this point I would consider whole x86 platform with UEFI to be untrusted due to all this activity. If someone forces you to "trust" by pointing you with their gun and leaving no other options, you know, this "trust" is a big fake.
P.s.: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." - B. Franklin.