Announcement

Collapse
No announcement yet.

SecureBoot Is Now Easier For Smaller Distributions

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • directhex
    replied
    Originally posted by varikonniemi View Post
    The very minimum requirement should be that this key adding procedure would be doable from the UEFI specs and the computers came at most preinstalled with a microsoft key.
    They already do, when properly implemented. The hysteria has drowned out the reality, though.

    Leave a comment:

  • uid313
    replied
    Originally posted by dashcloud View Post
    I really hope you don't have recent Intel motherboards in any of your computers- otherwise, you very likely have Intel's Management Engine as part of your BIOS/UEFI. It's a very interesting technology if you are the one controlling it- it's basically another OS inside your computer that's trusted to do everything- with it's own networking stack as well. It's also hugely undocumented, and the main reason Flashrom can't be used safely on vast numbers of recent computers with Intel motherboards.
    Wow, Intel Management Engine and AMT is pretty creepy stuff.
    It is intended for companies and schools and such, but its pretty creepy.

    Leave a comment:

  • dashcloud
    replied
    Originally posted by uid313 View Post
    UEFI can run in the background and can run background services behind the OS while the OS is also running.
    UEFI have much more control over the system and has a built-in TCP stack.

    BIOS is much more simple and can not run stuff in the background.

    UEFI is much more dangerous and likely to be vulnerable, exploitable and backdoored.
    I really hope you don't have recent Intel motherboards in any of your computers- otherwise, you very likely have Intel's Management Engine as part of your BIOS/UEFI. It's a very interesting technology if you are the one controlling it- it's basically another OS inside your computer that's trusted to do everything- with it's own networking stack as well. It's also hugely undocumented, and the main reason Flashrom can't be used safely on vast numbers of recent computers with Intel motherboards.

    Leave a comment:

  • crazycheese
    replied
    Originally posted by uid313 View Post
    UEFI can run in the background and can run background services behind the OS while the OS is also running.
    UEFI have much more control over the system and has a built-in TCP stack.

    BIOS is much more simple and can not run stuff in the background.

    UEFI is much more dangerous and likely to be vulnerable, exploitable and backdoored.
    This is actually very true. The original idea of Coreboot was to load the OS faster, by skipping unnecessary configuration/tests and jumping straight to OS while giving it more direct control over hardware.

    The UEFI on the other side is as perverted as it gets - its just a overcomplex loader system, with DRM integrated where BIOS was. The only good outcome of it are nicer menus.... :///

    I wonder why people always suck down what is thrown to them.. When will they claim PC as really "Personal Computer"??!

    Leave a comment:

  • uid313
    replied
    Originally posted by daniels View Post
    you already do, it's called the bios. or uefi.
    UEFI can run in the background and can run background services behind the OS while the OS is also running.
    UEFI have much more control over the system and has a built-in TCP stack.

    BIOS is much more simple and can not run stuff in the background.

    UEFI is much more dangerous and likely to be vulnerable, exploitable and backdoored.

    Leave a comment:

  • varikonniemi
    replied
    Originally posted by daniels View Post
    you already do, it's called the bios. or uefi.
    Speak for yourself. Coreboot is Open Source.

    Also, if you cannot see the difference in a proprietary (pre)bootloader and a BIOS/UEFI firmware i cannot help you.

    Leave a comment:

  • Fenrin
    replied
    Originally posted by sandy8925 View Post
    matthew garrett is leaving?
    in a few days or already he is a employee of Nebula.
    Last day at Red Hat

    Leave a comment:

  • daniels
    replied
    Originally posted by varikonniemi View Post
    But having to ship a binary blob just to boot your distro compromises your system even before linux has started loading
    you already do, it's called the bios. or uefi.

    Leave a comment:

  • varikonniemi
    replied
    This is so ugly i cannot believe it is even legal to sell locked hardware like this.

    The very minimum requirement should be that this key adding procedure would be doable from the UEFI specs and the computers came at most preinstalled with a microsoft key. But having to ship a binary blob just to boot your distro compromises your system even before linux has started loading The fact you can beg for a key from only microsoft to circumvent this restriction is the definition of a monopoly.

    This is something EU should take notice of and force all hardware to be open, but those bureocrats only look after business interests, not peoples interests
    Last edited by varikonniemi; 01 December 2012, 03:16 AM.

    Leave a comment:

  • mjg59
    replied
    Originally posted by sandy8925 View Post
    matthew garrett is leaving?
    Red Hat? Has left.

    Leave a comment:

Previous 1 2 template Next
Working...
X