Okay, so the UEFI firmware must recognize that a device exists, i.e. you have the storage-media plugged in to both data and power, and the UEFI firmware ... or win8 OS? or either of them? ... has a driver of some sort which can communicate with the target.
The second step, is that the device must be recognized as "potentially bootable", i.e. if you have a DVD drive, but no DVD inserted, that will be rejected... even though in theory, you could power down the machine, and insert the DVD before rebooting. (This is a case where the definition of 'potentially' seems far too strict, in existing implementations.) On the other hand, if you have a DVD drive, with a bootable DVD inserted, it might be seen as potentially bootable... even though the signing key will fail to pass SecureBoot. (This is a case where 'potentially' is defined far too loosely, to my mind.)
Where do I find out the gory details, about exactly what constitutes a "potentially bootable" dingus, and what does not, for typical Win8-associated firmware? Nothing relevant pops out at me over here -- https://docs.fedoraproject.org/en-US/Fedora/18/html/UEFI_Secure_Boot_Guide/index.html -- this is a draft doc by Eric Christensen, last modified March 2013.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: definition of "potentially"
Date: 2013-09-01 08:08 pm (UTC)The second step, is that the device must be recognized as "potentially bootable", i.e. if you have a DVD drive, but no DVD inserted, that will be rejected... even though in theory, you could power down the machine, and insert the DVD before rebooting. (This is a case where the definition of 'potentially' seems far too strict, in existing implementations.) On the other hand, if you have a DVD drive, with a bootable DVD inserted, it might be seen as potentially bootable... even though the signing key will fail to pass SecureBoot. (This is a case where 'potentially' is defined far too loosely, to my mind.)
Where do I find out the gory details, about exactly what constitutes a "potentially bootable" dingus, and what does not, for typical Win8-associated firmware? Nothing relevant pops out at me over here -- https://docs.fedoraproject.org/en-US/Fedora/18/html/UEFI_Secure_Boot_Guide/index.html -- this is a draft doc by Eric Christensen, last modified March 2013.