Announcement

Collapse
No announcement yet.

UEFI SecureBoot Comes To QEMU-KVM

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by TobiSGD View Post
    They do not need to. Ubuntu/Canonical have made their own key for their bootloader/kernel to be able to run on machines with Secure Boot and the Ubuntu key. Fedora has bought the right to use a Microsoft key, just for convenience, because basically every motherboard will ship with this key. This way they don have to convince the hardware manufacturers to use their key, unlike Canonical.
    I don t know.
    Hardware manafacturers chooses which keys are installed .The user key is not pre installed on motherboards.
    The manufacturers chooses which keys are installed by default.The user must contact the manufacturer to install your custom key.This is not a good thing.

    Comment


    • #12
      Originally posted by lapis View Post
      I don t know.
      Hardware manafacturers chooses which keys are installed .The user key is not pre installed on motherboards.
      The manufacturers chooses which keys are installed by default.The user must contact the manufacturer to install your custom key.This is not a good thing.
      The user will be able to install own keys without contacting the manufacturer. This is one of the requirements for the Windows 8 logo. The Ubuntu/Fedora thing is only about pre-installed keys, not the user keys. They just want the convenience that the user does not have to do this for Ubuntu/Fedora.

      Comment


      • #13
        Originally posted by lapis View Post
        Why ubuntu and red hat need to buy a key ?
        1. It makes it easier for them to use a KEK that they already know will be included. It's also easier for they user if the default install does not require fussing about with cryptography

        2.Some poor implementations may only include that key and no easy method to enter the platform setup mode, or add an exempted key.

        Comment


        • #14
          Originally posted by WorBlux View Post

          2.Some poor implementations may only include that key and no easy method to enter the platform setup mode, or add an exempted key.

          In this case ,a exception system can be very good.We cannot trust always on manufacturers.

          Comment


          • #15
            Originally posted by WorBlux View Post
            2.Some poor implementations may only include that key and no easy method to enter the platform setup mode, or add an exempted key.
            May sound ironically, but in that case one should look for the Windows 8 logo on the box. The logo requires that the system can be set to setup mode and that it is possible to add keys.

            Comment


            • #16
              Originally posted by TobiSGD View Post
              May sound ironically, but in that case one should look for the Windows 8 logo on the box. The logo requires that the system can be set to setup mode and that it is possible to add keys.

              ARM is not possible to do this I think.

              Comment


              • #17
                Originally posted by lapis View Post
                ARM is not possible to do this I think.
                But their calling windows 8, windows RT when on an ARM device. But yes ARM will be locked down.

                Comment


                • #18
                  Originally posted by lapis View Post
                  ARM is not possible to do this I think.
                  Correct, although lots of ARM devices are already locked down so it's nothing new in that area other than Windows has been ported to it.

                  Comment

                  Working...
                  X