On 09/27/2011 04:41 PM, Colin Watson wrote:
"That would be far too easy a workaround ..."
By this, do you mean that it would be easy to workaround such that
grub2 can still boot Windows 8?
That it will be easy for Microsoft to workaround the UEFI
'architecture' such that it is impossible for grub2 to boot Windows
8 if Microsoft choose to do so?
I mean that Microsoft consider it to be part of their security
architecture that it will only be possible to boot Windows 8 using a
bootloader signed with a key trusted by the UEFI firmware, at least once
one is using firmware with the "secure boot" capability. It would be
far too easy a workaround if one could avoid that simply by using an
unsigned boot loader.
Of course, if the firmware doesn't require a signature, that's a
different matter. But you won't be able to work around firmware
requirements using an unsigned boot loader.
(Do not take from this that I agree with this position; I'm just telling
you how I understand it's likely to be.)
Okay, understood. Thanks. Good to hear this from you.
If another article claims that the security feature is a UEFI
feature and not Microsoft related, note that grub2 is CA-certified
and this implies grub2 can boot Windows 8. (grub-legacy is not
Perhaps this would explain better...
but granted, it may be interpreted that Microsoft uses
CA-certification to block other boot-loaders booting it.
Nothing in that article supports the position that GRUB 2 is
CA-certified. I can tell you with considerable confidence that it is
not at this time, and that it is not at all clear what we would need to
do in order to do so -
I stand corrected. Appreciate the correction.
would GRUB have to be modified to only boot
signed kernels if we were to avoid our key being immediately revoked?
That wouldn't be pretty.
Right, we'll be acting like Microsoft then, we are not that evil.
(Anyway, Matthew Garrett has responded to Microsoft's response ...)
Still, it is inconceivable that Microsoft would want to 'lock
itself' out of the substantive and lucrative upgrade market.
It may well be that it behaves differently on prior firmware versions,
but as Matthew Garrett has pointed out, any new system that wants to get
Windows 8 certification must ship with "secure boot" enabled and is not
required to provide an option to disable it.
I somehow like to see them try...
and watch the fireworks fly...
we here don't need windows to get by...
no need to push others to say goodbye...
(hey, it rhymes)
Good of you Colin, to drop by here once in a while
And have a virtual beer, coffee or water with us.
Take care - Goh Lip
Life is a sexually transmitted disease with a 100% mortality rate.
ubuntu-users mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users